Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/lYMjCj2XqqE9EhtWL2tNAuDmn5E.roa
File:                     lYMjCj2XqqE9EhtWL2tNAuDmn5E.roa (raw, json)
Hash identifier:          KOp3jKbjiSt9gPkiMVvoo8wxx3Tc2Di7Bu0TyzGnCy0=
Subject key identifier:   95:83:23:0A:3D:97:AA:A1:3D:12:1B:56:2F:6B:4D:02:E0:E6:9F:91
Certificate issuer:       /CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
Certificate serial:       018CC56EDED4D8FBDBE2AE6010D4C876025A
Authority key identifier: 7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/lYMjCj2XqqE9EhtWL2tNAuDmn5E.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        45.151.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:de:d4:d8:fb:db:e2:ae:60:10:d4:c8:76:02:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9583230a3d97aaa13d121b562f6b4d02e0e69f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e7:4b:57:d0:c8:a6:9f:af:09:c3:c5:26:06:
                    6e:c0:07:f3:eb:74:18:34:fa:3e:17:4e:2e:13:d2:
                    7d:86:e9:2f:a7:98:47:5d:1e:f2:91:ee:16:87:47:
                    4f:76:e8:ec:d5:ef:08:a9:58:56:3d:c1:cb:2b:68:
                    81:80:ed:69:46:c6:9a:ba:90:4f:ae:ae:e7:58:b5:
                    e9:19:d1:6f:a4:ed:11:be:36:6a:a1:eb:a5:90:78:
                    1d:50:cb:96:fa:3a:ee:da:9b:2d:51:56:3c:f8:59:
                    7e:c0:1d:fe:d0:0a:c5:2f:7d:72:91:f3:8b:ca:0d:
                    37:41:47:a1:34:61:25:9b:a1:5c:82:e5:8b:04:e2:
                    83:de:8d:b7:01:cb:66:a8:cc:13:08:b1:80:ff:96:
                    37:0a:a3:8c:0b:87:85:47:b9:54:8c:5c:32:15:d0:
                    32:bf:cf:e9:9d:c9:27:85:0c:6d:e8:7f:b8:a3:b8:
                    01:b0:ba:bb:23:cc:97:dc:2e:a0:1e:b7:96:9b:80:
                    bd:29:5e:3f:c1:d5:52:ca:de:d2:3b:9a:41:fc:7e:
                    ad:5e:77:ab:26:2b:48:7c:02:90:10:1b:0d:99:01:
                    02:80:f3:9c:2b:25:08:94:a5:2c:a0:99:f8:ba:c2:
                    db:30:51:00:eb:26:4e:29:57:06:6c:cf:59:86:97:
                    15:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:83:23:0A:3D:97:AA:A1:3D:12:1B:56:2F:6B:4D:02:E0:E6:9F:91
            X509v3 Authority Key Identifier:
                keyid:7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/lYMjCj2XqqE9EhtWL2tNAuDmn5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:1a:00:e5:b7:fd:c3:d7:51:fc:54:19:15:98:bc:1b:f0:87:
         1c:75:e0:0f:2b:57:20:0a:6a:10:c6:57:58:8a:1e:f8:12:78:
         e9:e3:ff:80:b6:2a:6a:ba:93:c4:58:b9:1d:2e:35:96:39:ed:
         fc:2d:72:6d:60:ed:78:75:15:cd:49:04:08:cf:49:6d:2c:3b:
         fb:7b:37:45:b6:ef:7f:ed:5c:dc:5a:e0:3f:9f:47:14:8e:f9:
         9e:17:6d:45:d6:03:04:c3:7b:b4:20:8d:c4:2a:ac:09:bf:08:
         bf:66:15:b0:89:d1:f1:4f:b7:aa:00:8f:b4:e1:9a:26:e5:23:
         d2:54:32:e2:68:5a:06:fa:fa:fe:b0:33:a9:8c:5e:c7:1c:05:
         22:d5:fd:41:a1:36:6f:50:14:a5:d6:23:ff:b1:11:f6:66:33:
         f9:36:d6:b0:26:f1:59:41:c9:95:ed:f1:fa:5b:2e:7e:92:c7:
         34:87:c9:ff:d2:3c:d9:8e:14:0c:15:03:7b:4e:4d:bd:b5:7f:
         fb:3e:b4:e2:1d:16:59:8f:12:39:8f:3b:73:18:08:c8:8f:9e:
         c9:f9:16:cf:70:8b:ad:2b:b9:d8:43:0a:9c:60:a2:51:e5:ee:
         d3:3d:5a:27:da:ad:7e:04:7c:6c:42:85:fc:ee:0c:11:26:1f:
         df:e1:44:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbt7U2Pvb4q5gENTIdgJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYTNmOTlkYmE5NGEzMDdiNmNkMmUxZDkwZjY3OGRhYzA1
NjgxZjgwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTgzMjMwYTNkOTdhYWExM2QxMjFiNTYyZjZiNGQwMmUwZTY5ZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqedLV9DIpp+vCcPFJgZuwAfz63QY
NPo+F04uE9J9hukvp5hHXR7yke4Wh0dPdujs1e8IqVhWPcHLK2iBgO1pRsaaupBP
rq7nWLXpGdFvpO0RvjZqoeulkHgdUMuW+jru2pstUVY8+Fl+wB3+0ArFL31ykfOL
yg03QUehNGElm6FcguWLBOKD3o23ActmqMwTCLGA/5Y3CqOMC4eFR7lUjFwyFdAy
v8/pncknhQxt6H+4o7gBsLq7I8yX3C6gHreWm4C9KV4/wdVSyt7SO5pB/H6tXner
JitIfAKQEBsNmQECgPOcKyUIlKUsoJn4usLbMFEA6yZOKVcGbM9ZhpcV4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWDIwo9l6qhPRIbVi9rTQLg5p+RMB8GA1UdIwQY
MBaAFH+j+Z26lKMHts0uHZD2eNrAVoH4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUt
NGVhNDdjY2UwYzYzLzEvbFlNakNqMlhxcUU5RWh0V0wydE5BdURtbjVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUtNGVhNDdjY2UwYzYz
LzEvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZeOMA0G
CSqGSIb3DQEBCwUAA4IBAQC0GgDlt/3D11H8VBkVmLwb8IccdeAPK1cgCmoQxldY
ih74Enjp4/+AtipqupPEWLkdLjWWOe38LXJtYO14dRXNSQQIz0ltLDv7ezdFtu9/
7VzcWuA/n0cUjvmeF21F1gMEw3u0II3EKqwJvwi/ZhWwidHxT7eqAI+04Zom5SPS
VDLiaFoG+vr+sDOpjF7HHAUi1f1BoTZvUBSl1iP/sRH2ZjP5NtawJvFZQcmV7fH6
Wy5+ksc0h8n/0jzZjhQMFQN7Tk29tX/7PrTiHRZZjxI5jztzGAjIj57J+RbPcIut
K7nYQwqcYKJR5e7TPVon2q1+BHxsQoX87gwRJh/f4USz
-----END CERTIFICATE-----