Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/BucJvvExLyIclKkhm71pHqGl8fo.roa
File:                     BucJvvExLyIclKkhm71pHqGl8fo.roa (raw, json)
Hash identifier:          FcMmyZtFKwbiwMwGeay8edxIZMvjn2FGK/NXxtZJqEQ=
Subject key identifier:   06:E7:09:BE:F1:31:2F:22:1C:94:A9:21:9B:BD:69:1E:A1:A5:F1:FA
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018DA757BE5FCA2CD20D8426E3AB8752F73A
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/BucJvvExLyIclKkhm71pHqGl8fo.roa
Signing time:             Wed 14 Feb 2024 11:19:21 +0000
ROA not before:           Wed 14 Feb 2024 11:19:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134450
IP address blocks:        45.82.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:57:be:5f:ca:2c:d2:0d:84:26:e3:ab:87:52:f7:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Feb 14 11:19:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06e709bef1312f221c94a9219bbd691ea1a5f1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:10:16:c6:42:a8:23:ff:5e:c4:62:46:d5:15:
                    e3:23:a0:15:5b:f3:69:38:54:5e:13:ba:0b:08:8d:
                    c8:d8:2b:0d:18:b4:02:b6:b1:37:8b:38:06:2b:78:
                    2a:48:47:a2:bb:20:40:65:dc:98:eb:c2:65:84:38:
                    f5:6c:a2:7d:e0:cb:24:d3:c2:2b:f6:87:48:23:f7:
                    43:8f:c7:6a:b4:ca:88:3a:4a:23:31:88:dc:ed:03:
                    ae:e0:62:9f:36:01:14:d5:8b:47:0a:ef:f0:ba:3d:
                    92:c7:7c:cc:d6:a3:e1:82:4d:d9:34:4c:69:8e:92:
                    75:39:4d:de:15:d8:ed:00:db:ec:69:cc:45:bc:ba:
                    f5:1b:c4:27:ca:da:3f:06:5a:0a:59:18:5f:bc:7e:
                    c8:36:8e:b9:74:cc:bc:9b:57:88:34:fc:a6:72:fd:
                    5f:57:15:e6:54:7f:42:93:04:1a:cf:28:58:4d:2e:
                    38:d9:8e:c3:5f:54:ca:b1:06:12:ed:1b:03:73:96:
                    6f:bc:e4:7f:0d:f5:ff:4a:52:58:ae:66:e1:12:a8:
                    8f:f4:6c:21:eb:91:d0:a3:77:66:35:4a:46:e5:a9:
                    dc:84:f2:a9:08:19:78:7a:3b:cc:79:04:ed:15:17:
                    bb:09:cc:36:4e:6c:e8:ab:d4:f6:ff:0e:4e:e8:f1:
                    57:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E7:09:BE:F1:31:2F:22:1C:94:A9:21:9B:BD:69:1E:A1:A5:F1:FA
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/BucJvvExLyIclKkhm71pHqGl8fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:71:a7:72:20:23:9a:2c:6d:73:bd:62:a8:14:58:b5:93:90:
         b8:ee:1b:b4:f4:ec:23:b1:26:e7:ee:af:86:d9:99:3c:bc:da:
         ad:b9:d8:d4:fd:05:c6:aa:90:d3:75:a0:2a:b9:b2:5c:d3:7e:
         cb:52:b2:b1:08:9f:dd:14:05:66:c9:9b:23:42:c3:b7:a8:70:
         83:f4:2c:85:93:fe:8b:ef:37:90:46:18:eb:a7:8d:3f:15:eb:
         02:5c:80:ce:7b:b2:4a:7f:22:38:e9:db:be:2e:95:46:90:0c:
         ce:8c:5c:91:0f:96:17:f5:a3:49:d3:cc:04:2f:26:07:f6:0b:
         92:d5:77:2b:7f:1f:55:6f:43:72:4a:0e:46:1b:af:d2:9b:3d:
         c7:80:36:f6:ff:ee:a0:cd:11:36:fe:35:5b:78:0e:ca:87:fa:
         cf:74:dc:3f:65:96:75:de:d5:a1:e0:84:e7:1b:a2:66:5d:d1:
         7b:e2:14:7a:a5:3f:f0:00:1f:55:26:d4:f6:90:96:2a:d0:13:
         fa:96:45:55:60:f1:50:88:0f:d6:b6:9f:20:1b:a6:f7:24:f2:
         49:89:ea:db:09:04:9a:f0:2e:5b:34:bc:11:02:4d:ca:3e:d7:
         3f:d7:02:52:1a:d4:8a:47:1f:c6:ed:10:4a:66:cc:de:14:51:
         67:6b:8a:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nV75fyizSDYQm46uHUvc6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwMjE0MTExOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmU3MDliZWYxMzEyZjIyMWM5NGE5MjE5YmJkNjkxZWExYTVmMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhAWxkKoI/9exGJG1RXjI6AVW/Np
OFReE7oLCI3I2CsNGLQCtrE3izgGK3gqSEeiuyBAZdyY68JlhDj1bKJ94Msk08Ir
9odII/dDj8dqtMqIOkojMYjc7QOu4GKfNgEU1YtHCu/wuj2Sx3zM1qPhgk3ZNExp
jpJ1OU3eFdjtANvsacxFvLr1G8Qnyto/BloKWRhfvH7INo65dMy8m1eINPymcv1f
VxXmVH9CkwQazyhYTS442Y7DX1TKsQYS7RsDc5ZvvOR/DfX/SlJYrmbhEqiP9Gwh
65HQo3dmNUpG5anchPKpCBl4ejvMeQTtFRe7Ccw2Tmzoq9T2/w5O6PFXiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbnCb7xMS8iHJSpIZu9aR6hpfH6MB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvQnVjSnZ2RXhMeUljbEtraG03MXBIcUdsOGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVIwMA0G
CSqGSIb3DQEBCwUAA4IBAQARcadyICOaLG1zvWKoFFi1k5C47hu09OwjsSbn7q+G
2Zk8vNqtudjU/QXGqpDTdaAqubJc037LUrKxCJ/dFAVmyZsjQsO3qHCD9CyFk/6L
7zeQRhjrp40/FesCXIDOe7JKfyI46du+LpVGkAzOjFyRD5YX9aNJ08wELyYH9guS
1Xcrfx9Vb0NySg5GG6/Smz3HgDb2/+6gzRE2/jVbeA7Kh/rPdNw/ZZZ13tWh4ITn
G6JmXdF74hR6pT/wAB9VJtT2kJYq0BP6lkVVYPFQiA/Wtp8gG6b3JPJJierbCQSa
8C5bNLwRAk3KPtc/1wJSGtSKRx/G7RBKZszeFFFna4oX
-----END CERTIFICATE-----