Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/DHlFIpMD2Wy5wZPDOtpy1iSTYsk.roa
File:                     DHlFIpMD2Wy5wZPDOtpy1iSTYsk.roa (raw, json)
Hash identifier:          p1YLDIxc/OHJUPuwFNoGjIJKS7pdhL0DAoB+Q84oTuU=
Subject key identifier:   0C:79:45:22:93:03:D9:6C:B9:C1:93:C3:3A:DA:72:D6:24:93:62:C9
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       018DE5EA37FD6477EB092AA4ECB4CC8526FD
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/DHlFIpMD2Wy5wZPDOtpy1iSTYsk.roa
Signing time:             Mon 26 Feb 2024 14:55:48 +0000
ROA not before:           Mon 26 Feb 2024 14:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4785
IP address blocks:        45.12.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:ea:37:fd:64:77:eb:09:2a:a4:ec:b4:cc:85:26:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Feb 26 14:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c7945229303d96cb9c193c33ada72d6249362c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d7:db:35:b6:c4:53:ab:21:1a:7e:f4:30:82:
                    ba:b4:f5:26:2e:26:d5:01:e6:fe:c1:0d:d4:8a:53:
                    56:4a:4f:cd:38:b3:e4:f3:a6:76:df:3f:37:c5:04:
                    c3:ca:d2:43:86:be:0b:92:12:8a:d0:40:0b:29:57:
                    98:4e:1c:dd:42:0d:cf:47:44:50:e2:cb:3a:34:3e:
                    5c:e6:bc:58:7e:e2:5b:34:aa:bb:18:05:90:c8:e4:
                    5c:80:11:95:63:26:89:60:45:05:b4:34:60:81:26:
                    80:81:f9:18:50:3b:19:ac:f2:41:2d:c1:76:ad:df:
                    23:47:5b:88:75:c4:c5:be:6f:4e:a6:0d:bc:16:22:
                    32:c7:77:31:43:ee:1d:7f:5c:a4:2f:9d:ae:89:63:
                    07:b4:d1:ec:9e:1c:ff:ce:f4:6a:2b:03:53:5f:c1:
                    cb:96:e7:2a:86:35:4c:83:ca:79:45:12:09:01:fd:
                    3e:2e:2e:4c:54:2e:9c:f2:21:25:c1:1b:87:97:97:
                    09:7d:48:da:1b:53:9e:df:da:a8:6a:ae:bc:d2:9a:
                    d7:2d:d1:78:f2:cf:07:ef:af:83:9a:f5:c1:92:94:
                    34:76:f9:17:d3:60:46:2b:fb:a3:4d:83:85:b9:33:
                    37:06:b4:1f:8d:5f:b1:60:f4:ea:42:10:e1:69:80:
                    35:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:79:45:22:93:03:D9:6C:B9:C1:93:C3:3A:DA:72:D6:24:93:62:C9
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/DHlFIpMD2Wy5wZPDOtpy1iSTYsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ff:1e:7a:a4:de:af:fd:3c:3b:3c:0f:7c:b4:a5:e7:4f:84:
         7c:ee:18:08:c3:6f:27:bd:2d:9f:e1:09:11:13:d0:a3:3e:6f:
         f1:86:8d:7a:6d:36:f2:30:aa:06:f7:19:0a:b8:11:d1:9c:05:
         e2:97:36:d3:03:fd:e6:1a:5f:02:8e:cc:4f:0a:e0:d5:37:d1:
         2a:9c:98:4a:75:8d:ba:77:22:76:91:39:5c:3a:bd:41:f8:06:
         65:4b:f6:cf:df:04:4c:61:06:0e:c4:1c:52:e7:fe:7a:7d:3a:
         79:31:61:b4:53:7e:0a:40:74:9c:aa:da:a7:60:b2:96:a3:f0:
         c0:6a:57:3d:91:8c:d8:a1:73:2e:63:d4:75:4e:90:d7:78:e8:
         da:db:ab:aa:e4:86:67:22:4f:a5:bf:51:a0:78:50:83:69:78:
         a1:6b:a6:3e:13:5a:26:dd:97:84:29:de:c4:0d:bf:17:dd:13:
         a8:33:0d:a3:01:e4:22:3e:39:9b:93:68:9a:e6:a5:b9:4c:ad:
         9f:ac:ec:47:87:ce:4c:40:2f:d1:29:da:9e:bf:e9:2a:35:08:
         4c:5e:42:36:1f:87:6e:fd:6e:a8:12:aa:3b:25:36:ac:8b:ae:
         42:42:3a:8b:c1:ba:49:59:7d:54:f9:43:d8:01:ba:0c:07:b4:
         be:02:43:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3l6jf9ZHfrCSqk7LTMhSb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjQwMjI2MTQ1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzc5NDUyMjkzMDNkOTZjYjljMTkzYzMzYWRhNzJkNjI0OTM2MmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdfbNbbEU6shGn70MIK6tPUmLibV
Aeb+wQ3UilNWSk/NOLPk86Z23z83xQTDytJDhr4LkhKK0EALKVeYThzdQg3PR0RQ
4ss6ND5c5rxYfuJbNKq7GAWQyORcgBGVYyaJYEUFtDRggSaAgfkYUDsZrPJBLcF2
rd8jR1uIdcTFvm9Opg28FiIyx3cxQ+4df1ykL52uiWMHtNHsnhz/zvRqKwNTX8HL
lucqhjVMg8p5RRIJAf0+Li5MVC6c8iElwRuHl5cJfUjaG1Oe39qoaq680prXLdF4
8s8H76+DmvXBkpQ0dvkX02BGK/ujTYOFuTM3BrQfjV+xYPTqQhDhaYA1gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAx5RSKTA9lsucGTwzractYkk2LJMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvREhsRklwTUQyV3k1d1pQRE90cHkxaVNUWXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxZMA0G
CSqGSIb3DQEBCwUAA4IBAQAT/x56pN6v/Tw7PA98tKXnT4R87hgIw28nvS2f4QkR
E9CjPm/xho16bTbyMKoG9xkKuBHRnAXilzbTA/3mGl8CjsxPCuDVN9EqnJhKdY26
dyJ2kTlcOr1B+AZlS/bP3wRMYQYOxBxS5/56fTp5MWG0U34KQHScqtqnYLKWo/DA
alc9kYzYoXMuY9R1TpDXeOja26uq5IZnIk+lv1GgeFCDaXiha6Y+E1om3ZeEKd7E
Db8X3ROoMw2jAeQiPjmbk2ia5qW5TK2frOxHh85MQC/RKdqev+kqNQhMXkI2H4du
/W6oEqo7JTasi65CQjqLwbpJWX1U+UPYAboMB7S+AkNP
-----END CERTIFICATE-----