Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-WZaO3UNvvlWnsLXpSZ3eEs-NYE.roa
File:                     1-WZaO3UNvvlWnsLXpSZ3eEs-NYE.roa (raw, json)
Hash identifier:          uJbZATSDBeDerc13mU9iiiOJMOf1GoXP41Zkrw9QTdQ=
Subject key identifier:   F9:66:5A:3B:75:0D:BE:F9:56:9E:C2:D7:A5:26:77:78:4B:3E:35:81
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E30EA8D0D3BFB9534B86F527C0638
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-WZaO3UNvvlWnsLXpSZ3eEs-NYE.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33185
IP address blocks:        45.135.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:30:ea:8d:0d:3b:fb:95:34:b8:6f:52:7c:06:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9665a3b750dbef9569ec2d7a52677784b3e3581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:de:cf:4e:72:32:f9:bf:43:c6:55:1d:cf:a9:
                    e1:0f:50:ba:99:51:2c:76:df:78:05:e3:74:a5:62:
                    b3:ce:58:f8:02:71:36:83:31:e7:81:f1:24:d9:6d:
                    74:e7:e2:52:75:7b:1d:09:24:c9:3d:9c:7e:ac:e9:
                    74:05:6c:97:5d:db:27:0c:5d:3a:5f:16:51:de:ff:
                    ea:06:1c:b3:81:27:e5:cb:5b:f7:a8:c5:5a:97:9b:
                    24:da:9e:4f:e1:98:36:77:f5:b8:f3:28:c2:09:bf:
                    e6:56:13:6c:3c:44:20:06:d0:a6:c6:e0:36:49:57:
                    4f:57:56:7d:0c:69:dd:54:9f:b1:9f:18:f2:74:46:
                    2b:ff:83:a5:6f:55:7a:f0:67:86:6c:cd:8f:e9:30:
                    1e:a0:d3:40:2b:b0:ce:10:ff:20:54:69:6c:9d:db:
                    b9:84:dc:e1:4b:02:a4:34:23:66:7b:84:13:4c:12:
                    83:0f:00:7e:c8:06:9a:5a:c8:da:a8:c3:95:28:47:
                    09:81:41:51:0f:2e:11:e9:0b:55:91:2c:69:1c:7e:
                    a8:9e:a7:52:71:f4:47:dd:db:66:27:7e:94:aa:cf:
                    96:fc:2e:9c:77:80:54:f7:14:be:a2:c6:a4:db:f3:
                    05:3a:c0:f6:88:7f:69:e0:98:45:04:93:aa:a1:a0:
                    28:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:66:5A:3B:75:0D:BE:F9:56:9E:C2:D7:A5:26:77:78:4B:3E:35:81
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-WZaO3UNvvlWnsLXpSZ3eEs-NYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:b5:c2:a3:97:88:ae:b7:a8:9e:e7:c0:b4:0d:90:2e:9b:cc:
         06:61:9b:3c:b0:25:07:29:b0:e7:d4:a6:bc:b5:20:3b:10:54:
         8c:f2:be:3c:70:af:df:7f:4d:67:97:db:3d:5c:52:9d:56:30:
         9d:b4:2e:75:c4:64:87:2b:52:31:a4:c6:f1:0b:ca:69:60:e0:
         01:18:8c:03:0a:1a:b4:a4:05:6d:65:05:9c:d0:fa:97:a5:b1:
         3d:ed:c7:85:1b:ab:37:27:ed:8d:45:fa:8b:1b:23:dc:75:de:
         ff:31:f3:f2:81:cc:64:df:3d:7e:be:f7:33:59:51:27:d3:21:
         ac:50:b8:fe:65:70:07:97:d4:68:6d:be:f1:d7:11:ec:6a:ae:
         55:35:f5:d7:82:8d:4e:12:75:ec:9a:b4:5e:ec:84:47:6c:ef:
         2a:d5:73:02:1f:3a:01:51:91:ca:eb:d1:94:23:98:2d:25:5c:
         ab:8b:dc:22:c2:7d:a8:b9:85:ac:9a:77:ad:2b:d0:df:98:d1:
         ac:1f:6f:bc:1e:18:b3:16:13:5a:9e:f1:4b:96:6d:27:7b:74:
         c2:b9:f8:71:a5:03:b8:c7:d0:16:ad:72:6b:06:3a:d1:de:35:
         d2:72:ba:a3:9b:77:e5:78:38:f8:7f:dc:9e:df:f1:bc:20:7f:
         91:c6:b4:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTjDqjQ07+5U0uG9SfAY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTY2NWEzYjc1MGRiZWY5NTY5ZWMyZDdhNTI2Nzc3ODRiM2UzNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd7PTnIy+b9DxlUdz6nhD1C6mVEs
dt94BeN0pWKzzlj4AnE2gzHngfEk2W105+JSdXsdCSTJPZx+rOl0BWyXXdsnDF06
XxZR3v/qBhyzgSfly1v3qMVal5sk2p5P4Zg2d/W48yjCCb/mVhNsPEQgBtCmxuA2
SVdPV1Z9DGndVJ+xnxjydEYr/4Olb1V68GeGbM2P6TAeoNNAK7DOEP8gVGlsndu5
hNzhSwKkNCNme4QTTBKDDwB+yAaaWsjaqMOVKEcJgUFRDy4R6QtVkSxpHH6onqdS
cfRH3dtmJ36Uqs+W/C6cd4BU9xS+osak2/MFOsD2iH9p4JhFBJOqoaAozwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlmWjt1Db75Vp7C16Umd3hLPjWBMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMS1XWmFPM1VOdnZsV25zTFhwU1ozZUVzLU5ZRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTYvMDk0MDgxLThhZWItNDJiZi1hNTc4LWEzY2EwZGI4MzI1
NC8xL0d3UVZ2OFE3T09uUDBhRXBsU0F1aDJOMUw5NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2HlDAN
BgkqhkiG9w0BAQsFAAOCAQEAe7XCo5eIrreonufAtA2QLpvMBmGbPLAlBymw59Sm
vLUgOxBUjPK+PHCv339NZ5fbPVxSnVYwnbQudcRkhytSMaTG8QvKaWDgARiMAwoa
tKQFbWUFnND6l6WxPe3HhRurNyftjUX6ixsj3HXe/zHz8oHMZN89fr73M1lRJ9Mh
rFC4/mVwB5fUaG2+8dcR7GquVTX114KNThJ17Jq0XuyER2zvKtVzAh86AVGRyuvR
lCOYLSVcq4vcIsJ9qLmFrJp3rSvQ35jRrB9vvB4YsxYTWp7xS5ZtJ3t0wrn4caUD
uMfQFq1yawY60d410nK6o5t35Xg4+H/cnt/xvCB/kca0GQ==
-----END CERTIFICATE-----