Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/BVRo3vJKsZRaxHKuEm7aqHtYvE4.roa
File:                     BVRo3vJKsZRaxHKuEm7aqHtYvE4.roa (raw, json)
Hash identifier:          SeTBsOSLM/wME/YKjf+/lG5hfMmn5w0RZoI3nXJU1zY=
Subject key identifier:   05:54:68:DE:F2:4A:B1:94:5A:C4:72:AE:12:6E:DA:A8:7B:58:BC:4E
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018CC56DEE1EB90E01BD060020F0A6DBC012
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/BVRo3vJKsZRaxHKuEm7aqHtYvE4.roa
Signing time:             Mon 01 Jan 2024 14:29:25 +0000
ROA not before:           Mon 01 Jan 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.147.71.0/24 maxlen: 24
                          45.147.68.0/23 maxlen: 23
                          45.147.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ee:1e:b9:0e:01:bd:06:00:20:f0:a6:db:c0:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=055468def24ab1945ac472ae126edaa87b58bc4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:30:2c:c9:62:8c:63:c7:03:40:51:74:71:7f:
                    b2:61:46:aa:a9:a8:80:76:a7:1a:8e:60:01:ca:f4:
                    44:08:1e:63:c9:84:f7:2f:d8:9b:42:b9:be:58:40:
                    b6:8b:cb:78:5e:75:ee:d5:c3:c5:35:65:e4:2e:a5:
                    d5:66:84:23:0a:00:94:72:df:a7:f3:dc:aa:54:33:
                    2d:3d:96:6f:1d:08:e6:5f:f5:d2:5d:df:c1:72:1a:
                    91:f8:1a:86:30:04:7a:47:c9:90:3e:0e:6c:f1:bb:
                    82:37:99:ec:25:e5:17:6f:c1:13:78:50:94:2c:e6:
                    13:a8:62:c3:1b:85:9c:c7:63:7e:77:66:18:e7:d8:
                    ab:f9:ca:50:fb:66:24:2b:84:33:4d:9e:b1:b9:93:
                    8b:46:fb:a4:09:40:1a:58:5d:43:e6:59:e5:09:07:
                    af:de:3a:30:c3:47:a3:d6:c3:d0:a2:44:60:b0:79:
                    08:65:3e:e0:fe:70:1e:94:e2:d7:cb:ba:f9:9f:9a:
                    0a:84:b1:a3:d6:93:6c:d1:b5:72:41:5d:bf:b8:71:
                    53:3b:cc:77:ee:bb:2b:23:16:d9:6a:17:b1:a0:c7:
                    81:dc:c6:05:1a:89:ba:34:2d:6b:32:ec:41:ae:61:
                    d3:4b:73:3f:50:26:f5:68:c8:e7:35:5d:d8:34:dc:
                    17:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:54:68:DE:F2:4A:B1:94:5A:C4:72:AE:12:6E:DA:A8:7B:58:BC:4E
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/BVRo3vJKsZRaxHKuEm7aqHtYvE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:ac:cf:ea:58:53:58:42:4c:f2:90:c3:3d:11:ac:c4:32:f6:
         ce:23:54:be:4a:da:14:71:4f:3d:2d:05:c7:63:57:0f:14:b9:
         01:56:79:4e:e3:85:9c:df:c5:8a:2c:4d:6a:98:8a:51:13:27:
         9d:18:08:d3:85:9f:59:a1:b1:6b:43:db:3b:89:fa:b3:bf:e4:
         08:07:67:55:3c:2f:13:33:82:1d:95:d2:e0:f3:81:a6:cf:7b:
         93:d9:f7:64:9e:ad:f7:73:d0:45:60:d6:81:12:e9:8a:2a:9e:
         38:da:4e:8e:69:96:32:54:f7:83:d1:93:38:3a:f9:79:ab:97:
         54:d9:b4:c9:b6:97:66:ef:1a:67:41:33:71:12:43:56:4d:fe:
         fc:ef:a8:37:16:dc:05:e1:98:ff:86:4d:29:d3:b6:d4:95:14:
         bb:22:b3:a0:95:8d:83:b9:b5:5a:76:26:36:37:cd:1b:c4:e4:
         1b:d2:27:ad:f1:2c:5a:c9:5a:a1:ab:58:3d:3c:63:0c:43:4f:
         7a:40:6b:64:5c:cc:52:2e:94:da:42:57:0f:c9:f5:b6:42:67:
         7d:93:25:75:e6:6a:52:2a:5f:72:8e:a3:0f:cd:07:d8:5b:c8:
         14:65:88:ef:b9:5b:f5:d6:ab:6e:ae:a1:b3:46:4d:4f:2f:72:
         c6:aa:86:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe4euQ4BvQYAIPCm28ASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTU0NjhkZWYyNGFiMTk0NWFjNDcyYWUxMjZlZGFhODdiNThiYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzAsyWKMY8cDQFF0cX+yYUaqqaiA
dqcajmAByvRECB5jyYT3L9ibQrm+WEC2i8t4XnXu1cPFNWXkLqXVZoQjCgCUct+n
89yqVDMtPZZvHQjmX/XSXd/BchqR+BqGMAR6R8mQPg5s8buCN5nsJeUXb8ETeFCU
LOYTqGLDG4Wcx2N+d2YY59ir+cpQ+2YkK4QzTZ6xuZOLRvukCUAaWF1D5lnlCQev
3joww0ej1sPQokRgsHkIZT7g/nAelOLXy7r5n5oKhLGj1pNs0bVyQV2/uHFTO8x3
7rsrIxbZahexoMeB3MYFGom6NC1rMuxBrmHTS3M/UCb1aMjnNV3YNNwX9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVUaN7ySrGUWsRyrhJu2qh7WLxOMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvQlZSbzN2SktzWlJheEhLdUVtN2FxSHRZdkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZNEMA0G
CSqGSIb3DQEBCwUAA4IBAQAHrM/qWFNYQkzykMM9EazEMvbOI1S+StoUcU89LQXH
Y1cPFLkBVnlO44Wc38WKLE1qmIpREyedGAjThZ9ZobFrQ9s7ifqzv+QIB2dVPC8T
M4IdldLg84Gmz3uT2fdknq33c9BFYNaBEumKKp442k6OaZYyVPeD0ZM4Ovl5q5dU
2bTJtpdm7xpnQTNxEkNWTf7876g3FtwF4Zj/hk0p07bUlRS7IrOglY2DubVadiY2
N80bxOQb0iet8SxayVqhq1g9PGMMQ096QGtkXMxSLpTaQlcPyfW2Qmd9kyV15mpS
Kl9yjqMPzQfYW8gUZYjvuVv11qturqGzRk1PL3LGqobp
-----END CERTIFICATE-----