Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/johkjXCedshm61ZUJDUxnGlcuHg.roa
File:                     johkjXCedshm61ZUJDUxnGlcuHg.roa (raw, json)
Hash identifier:          qq8b2bNjh4PH7ZUf+CM64mbsgja+xCxUp701b0y0EuE=
Subject key identifier:   8E:88:64:8D:70:9E:76:C8:66:EB:56:54:24:35:31:9C:69:5C:B8:78
Certificate issuer:       /CN=787e31ce5d501d1a94afdabbd4e024cc2a788ef5
Certificate serial:       018CC86EF166E830E973C47D3315DAA0BACF
Authority key identifier: 78:7E:31:CE:5D:50:1D:1A:94:AF:DA:BB:D4:E0:24:CC:2A:78:8E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eH4xzl1QHRqUr9q71OAkzCp4jvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/johkjXCedshm61ZUJDUxnGlcuHg.roa
Signing time:             Tue 02 Jan 2024 04:29:23 +0000
ROA not before:           Tue 02 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41634
IP address blocks:        45.154.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/eH4xzl1QHRqUr9q71OAkzCp4jvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/eH4xzl1QHRqUr9q71OAkzCp4jvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eH4xzl1QHRqUr9q71OAkzCp4jvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f1:66:e8:30:e9:73:c4:7d:33:15:da:a0:ba:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=787e31ce5d501d1a94afdabbd4e024cc2a788ef5
        Validity
            Not Before: Jan  2 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e88648d709e76c866eb56542435319c695cb878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:50:e7:17:fd:a0:64:a0:68:21:a3:55:35:d9:
                    30:63:c9:bd:c2:b4:e9:a3:f8:62:eb:91:ed:85:83:
                    8f:4a:af:9e:c5:41:96:7b:27:9d:fe:13:53:ec:64:
                    fe:e6:81:00:2e:cf:52:2e:5d:d6:1a:bf:66:a6:9f:
                    e8:d9:57:12:f1:bb:c1:dc:24:14:9f:b6:ce:7b:ec:
                    f8:bb:4b:c9:fd:f9:04:08:fb:0b:8e:a2:a9:bf:bd:
                    d0:3d:2a:ec:7a:44:82:d7:de:1d:1a:4b:2e:ee:60:
                    54:0a:22:ec:4f:22:e4:5d:cb:f9:1a:d2:61:27:e6:
                    b3:a6:f0:f3:73:f1:61:ce:85:29:25:52:ea:d1:bd:
                    f6:5f:3c:08:3e:7b:7e:85:8f:00:40:2d:a1:1e:74:
                    7e:7b:72:a5:54:58:30:8b:ce:59:e3:50:59:62:7f:
                    34:b6:ff:9f:47:66:c7:b2:1e:a3:23:9d:eb:cd:9d:
                    6c:43:08:fc:1f:e0:37:db:f3:a6:61:ec:f4:7c:ff:
                    04:c6:66:b9:99:04:00:43:0d:0f:26:8a:61:6e:7d:
                    a3:77:ae:c6:ba:07:5d:50:df:06:84:a6:55:d3:26:
                    f4:fe:93:79:b5:89:2f:d2:86:56:01:98:34:77:6e:
                    09:2d:60:24:e6:27:3d:e6:6b:26:fb:29:3d:ec:cc:
                    0f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:88:64:8D:70:9E:76:C8:66:EB:56:54:24:35:31:9C:69:5C:B8:78
            X509v3 Authority Key Identifier:
                keyid:78:7E:31:CE:5D:50:1D:1A:94:AF:DA:BB:D4:E0:24:CC:2A:78:8E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eH4xzl1QHRqUr9q71OAkzCp4jvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/johkjXCedshm61ZUJDUxnGlcuHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/eH4xzl1QHRqUr9q71OAkzCp4jvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:94:c3:72:db:84:a7:d9:92:1c:e5:ae:8d:5b:38:f5:cd:74:
         6c:55:8f:54:64:6f:c7:3a:7c:f4:9a:61:3b:18:7e:b1:d4:a0:
         08:e1:91:12:b0:cd:77:5b:42:77:05:ac:4b:10:e1:ef:0e:a1:
         b7:05:e5:ba:4b:a3:7d:58:a3:79:f9:1e:39:cd:b6:87:0e:54:
         69:ad:35:1f:29:b4:c3:36:c8:9c:b6:ed:f6:93:d5:1c:2f:60:
         be:38:ee:d2:90:b1:1e:6f:fe:b4:dd:a7:2e:f4:e6:85:2e:4e:
         61:bb:21:e1:a3:b9:0f:f2:24:3b:7a:41:c9:c1:ba:c0:7c:a6:
         79:15:8f:4b:b2:49:40:bc:6b:9a:01:f2:aa:7c:f9:04:d1:ea:
         79:54:ae:eb:fa:0b:97:ed:73:b6:e3:f0:3a:b6:75:97:d5:69:
         70:84:39:8d:7b:f3:1f:f2:b2:9a:ce:0b:76:bd:e0:f9:b2:15:
         2f:6d:8d:6e:6b:5f:2a:53:db:eb:51:9c:71:a8:1b:40:ed:ae:
         d9:da:f4:1f:5c:07:4d:b2:f1:2d:60:c8:c1:02:f9:5b:b0:cb:
         ff:b6:5d:b0:73:94:86:8c:80:91:ef:6b:85:63:01:75:b3:90:
         5d:fc:73:19:2f:55:f2:78:87:85:37:5b:bc:27:ab:71:02:99:
         c5:bc:21:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvFm6DDpc8R9MxXaoLrPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4N2UzMWNlNWQ1MDFkMWE5NGFmZGFiYmQ0ZTAyNGNjMmE3
ODhlZjUwHhcNMjQwMTAyMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTg4NjQ4ZDcwOWU3NmM4NjZlYjU2NTQyNDM1MzE5YzY5NWNiODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglDnF/2gZKBoIaNVNdkwY8m9wrTp
o/hi65HthYOPSq+exUGWeyed/hNT7GT+5oEALs9SLl3WGr9mpp/o2VcS8bvB3CQU
n7bOe+z4u0vJ/fkECPsLjqKpv73QPSrsekSC194dGksu7mBUCiLsTyLkXcv5GtJh
J+azpvDzc/FhzoUpJVLq0b32XzwIPnt+hY8AQC2hHnR+e3KlVFgwi85Z41BZYn80
tv+fR2bHsh6jI53rzZ1sQwj8H+A32/OmYez0fP8Exma5mQQAQw0PJophbn2jd67G
ugddUN8GhKZV0yb0/pN5tYkv0oZWAZg0d24JLWAk5ic95msm+yk97MwPQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6IZI1wnnbIZutWVCQ1MZxpXLh4MB8GA1UdIwQY
MBaAFHh+Mc5dUB0alK/au9TgJMwqeI71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUg0eHpsMVFIUnFVcjlxNzFPQWt6Q3A0anZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83YzU1ZDItMzgxYy00ZTg3LThjYTUt
MjMwN2JiNTkyMjVmLzEvam9oa2pYQ2Vkc2htNjFaVUpEVXhuR2xjdUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83YzU1ZDItMzgxYy00ZTg3LThjYTUtMjMwN2JiNTkyMjVm
LzEvZUg0eHpsMVFIUnFVcjlxNzFPQWt6Q3A0anZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZr9MA0G
CSqGSIb3DQEBCwUAA4IBAQBklMNy24Sn2ZIc5a6NWzj1zXRsVY9UZG/HOnz0mmE7
GH6x1KAI4ZESsM13W0J3BaxLEOHvDqG3BeW6S6N9WKN5+R45zbaHDlRprTUfKbTD
Nsictu32k9UcL2C+OO7SkLEeb/603acu9OaFLk5huyHho7kP8iQ7ekHJwbrAfKZ5
FY9LsklAvGuaAfKqfPkE0ep5VK7r+guX7XO24/A6tnWX1WlwhDmNe/Mf8rKazgt2
veD5shUvbY1ua18qU9vrUZxxqBtA7a7Z2vQfXAdNsvEtYMjBAvlbsMv/tl2wc5SG
jICR72uFYwF1s5Bd/HMZL1XyeIeFN1u8J6txApnFvCGA
-----END CERTIFICATE-----