Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Ulv3AeMbrLnQ7B7e2ckhvdm3_0M.roa
File:                     Ulv3AeMbrLnQ7B7e2ckhvdm3_0M.roa (raw, json)
Hash identifier:          eunKr/+ThW01jTs/WKPF9/+owvJlnr1VFVkLk+7OchA=
Subject key identifier:   52:5B:F7:01:E3:1B:AC:B9:D0:EC:1E:DE:D9:C9:21:BD:D9:B7:FF:43
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2D44BF070A1F94754BFD7D8D4BD3
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Ulv3AeMbrLnQ7B7e2ckhvdm3_0M.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19844
IP address blocks:        45.133.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2d:44:bf:07:0a:1f:94:75:4b:fd:7d:8d:4b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=525bf701e31bacb9d0ec1eded9c921bdd9b7ff43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8c:ac:1e:ed:1f:74:ec:2d:38:c5:4c:ed:40:
                    ec:37:75:9b:b1:b1:98:e4:b4:73:88:8a:4f:6b:91:
                    44:5e:6c:de:b5:9f:bf:73:bd:ce:2c:e1:71:d0:79:
                    e8:6a:68:f7:c0:79:98:19:81:5f:09:e2:01:2a:61:
                    fa:7c:0e:da:44:7e:85:70:70:ad:7b:b1:19:82:ed:
                    84:a3:1a:1d:8f:96:08:e0:76:5b:db:26:9b:07:81:
                    d7:e6:83:fc:0d:7b:8d:79:75:ac:bf:c5:9d:75:54:
                    81:89:eb:4e:e7:e4:9f:3b:f2:49:52:f7:57:71:15:
                    82:d7:3e:79:79:f0:3c:69:38:26:b1:72:85:81:cc:
                    33:b1:46:e1:6c:b0:b4:03:45:b1:55:82:cf:48:2b:
                    0c:26:38:0b:9a:ee:70:4b:4b:22:a3:e3:f9:2d:11:
                    cf:c4:f3:51:07:b2:8e:b5:c3:cd:fb:a2:a6:3f:b4:
                    1e:4b:c7:ca:56:5d:e8:37:88:dd:9f:a1:96:49:19:
                    7b:e0:46:e7:ae:68:85:d9:88:35:c9:95:4c:ed:8f:
                    3b:0e:3f:65:10:85:8c:93:10:42:9d:88:30:79:67:
                    26:23:b4:73:3b:9e:09:a5:b9:3a:f8:54:e1:c7:c1:
                    ab:49:6f:29:2d:24:8b:32:f2:7f:c8:c4:d3:b9:58:
                    ad:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5B:F7:01:E3:1B:AC:B9:D0:EC:1E:DE:D9:C9:21:BD:D9:B7:FF:43
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Ulv3AeMbrLnQ7B7e2ckhvdm3_0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:b8:4d:8b:2e:58:09:fb:9c:72:3d:aa:1e:42:dc:c7:44:a3:
         0e:dc:3a:5f:03:07:f0:e9:7b:dd:a6:65:48:de:90:db:d5:86:
         be:2a:d5:a7:ba:43:05:f7:e3:f7:d9:a6:20:e1:0f:53:d8:2f:
         bf:3a:4e:2a:38:a6:70:90:f7:6b:f5:d5:29:61:2b:1f:99:57:
         d7:d0:e5:08:15:34:b6:a7:07:6b:77:52:da:61:c8:58:49:ed:
         45:5a:d2:c4:9e:b1:fd:31:66:c9:8c:18:86:e5:cd:c5:3e:b3:
         a6:34:2a:79:e2:d2:a4:86:8d:0f:44:5b:34:12:3e:f8:0f:6e:
         9c:cb:c5:0a:9d:fc:56:f3:48:eb:98:17:43:2e:61:ef:3f:fc:
         fa:d6:86:d5:b3:8b:20:52:13:88:f6:b9:16:85:e2:0c:b1:5f:
         6e:51:95:55:3d:de:13:47:43:d0:5c:dd:82:5a:85:df:26:10:
         9d:cd:27:3a:e2:fb:c3:21:93:1e:cd:68:c7:b6:b6:f0:c6:50:
         2c:aa:14:60:92:34:93:34:6a:5e:55:3e:86:4d:7f:11:5c:a5:
         0c:d5:ef:75:83:13:a6:3c:72:ed:0d:b7:f8:d3:68:17:a1:dc:
         93:b1:e9:90:47:7d:06:ef:8c:d5:fb:4a:6e:ea:ea:38:a3:22:
         7c:ae:05:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi1EvwcKH5R1S/19jUvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjViZjcwMWUzMWJhY2I5ZDBlYzFlZGVkOWM5MjFiZGQ5YjdmZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoysHu0fdOwtOMVM7UDsN3WbsbGY
5LRziIpPa5FEXmzetZ+/c73OLOFx0Hnoamj3wHmYGYFfCeIBKmH6fA7aRH6FcHCt
e7EZgu2Eoxodj5YI4HZb2yabB4HX5oP8DXuNeXWsv8WddVSBietO5+SfO/JJUvdX
cRWC1z55efA8aTgmsXKFgcwzsUbhbLC0A0WxVYLPSCsMJjgLmu5wS0sio+P5LRHP
xPNRB7KOtcPN+6KmP7QeS8fKVl3oN4jdn6GWSRl74EbnrmiF2Yg1yZVM7Y87Dj9l
EIWMkxBCnYgweWcmI7RzO54Jpbk6+FThx8GrSW8pLSSLMvJ/yMTTuVitUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJb9wHjG6y50Owe3tnJIb3Zt/9DMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvVWx2M0FlTWJyTG5RN0I3ZTJja2h2ZG0zXzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYVIMA0G
CSqGSIb3DQEBCwUAA4IBAQCEuE2LLlgJ+5xyPaoeQtzHRKMO3DpfAwfw6XvdpmVI
3pDb1Ya+KtWnukMF9+P32aYg4Q9T2C+/Ok4qOKZwkPdr9dUpYSsfmVfX0OUIFTS2
pwdrd1LaYchYSe1FWtLEnrH9MWbJjBiG5c3FPrOmNCp54tKkho0PRFs0Ej74D26c
y8UKnfxW80jrmBdDLmHvP/z61obVs4sgUhOI9rkWheIMsV9uUZVVPd4TR0PQXN2C
WoXfJhCdzSc64vvDIZMezWjHtrbwxlAsqhRgkjSTNGpeVT6GTX8RXKUM1e91gxOm
PHLtDbf402gXodyTsemQR30G74zV+0pu6uo4oyJ8rgXS
-----END CERTIFICATE-----