Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/0yMLmtlycOayI5-i9QRO35uOV2k.roa
File:                     0yMLmtlycOayI5-i9QRO35uOV2k.roa (raw, json)
Hash identifier:          r/FscMOwf4LU+zv32P40e1mzE3IFR4FtWP7vsFbSD0s=
Subject key identifier:   D3:23:0B:9A:D9:72:70:E6:B2:23:9F:A2:F5:04:4E:DF:9B:8E:57:69
Certificate issuer:       /CN=b30e3011a0fb3111fbe8493c1230974aef532704
Certificate serial:       018CC424E79E1B9FEA5E1E78ED5E3E7A40AE
Authority key identifier: B3:0E:30:11:A0:FB:31:11:FB:E8:49:3C:12:30:97:4A:EF:53:27:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/0yMLmtlycOayI5-i9QRO35uOV2k.roa
Signing time:             Mon 01 Jan 2024 08:30:02 +0000
ROA not before:           Mon 01 Jan 2024 08:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203755
IP address blocks:        45.155.4.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e7:9e:1b:9f:ea:5e:1e:78:ed:5e:3e:7a:40:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b30e3011a0fb3111fbe8493c1230974aef532704
        Validity
            Not Before: Jan  1 08:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3230b9ad97270e6b2239fa2f5044edf9b8e5769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:43:ca:ac:ce:0d:eb:1a:ae:58:dd:cc:11:21:
                    26:ad:0b:69:b5:d3:69:8b:7b:c8:fd:c4:9d:af:54:
                    a5:28:0b:ba:8e:18:38:53:20:c0:be:d5:c2:39:20:
                    7b:73:6e:90:8a:81:18:30:75:27:02:55:f0:f0:f0:
                    b4:e2:33:d9:4b:33:73:29:a6:a4:c4:d8:e9:08:75:
                    e8:38:63:ae:f2:df:14:5b:42:ed:c2:1e:8a:1c:4f:
                    c0:d9:22:e2:ce:af:b4:56:18:aa:f9:38:c4:72:55:
                    34:d0:0c:83:db:0d:3f:82:d2:e0:e2:d0:6d:e5:50:
                    c0:ce:01:bd:ec:8b:38:54:47:81:3d:4d:df:8e:20:
                    84:ca:f3:25:ea:e9:17:fa:78:18:de:6a:5f:fe:a9:
                    0b:52:4e:5d:dd:16:74:22:ad:ac:97:c6:b5:55:08:
                    e8:5a:ef:da:f2:56:f6:11:a8:79:38:df:15:a5:29:
                    3e:f3:66:5e:21:70:ce:b3:5e:7b:3a:8b:6b:05:6a:
                    16:c2:b6:b0:90:01:76:c0:a7:11:4e:66:16:47:80:
                    33:65:0c:49:12:1e:84:e6:9a:fb:36:8f:5d:72:6d:
                    51:94:22:f2:c1:33:49:4e:9e:6e:0f:3a:47:08:3a:
                    79:8e:0c:fa:bd:87:e7:40:7d:34:20:cc:98:f1:fe:
                    1a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:23:0B:9A:D9:72:70:E6:B2:23:9F:A2:F5:04:4E:DF:9B:8E:57:69
            X509v3 Authority Key Identifier:
                keyid:B3:0E:30:11:A0:FB:31:11:FB:E8:49:3C:12:30:97:4A:EF:53:27:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/0yMLmtlycOayI5-i9QRO35uOV2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:e4:e1:db:de:49:b4:e4:41:8b:d2:18:c6:65:93:c5:a7:57:
         74:97:34:b9:7f:e7:17:81:f3:4a:d0:ac:43:1e:f9:90:ec:61:
         91:32:6c:73:02:c4:ce:56:37:a9:46:33:ec:79:af:0e:ba:ab:
         e9:d8:ec:b6:76:1a:bf:dc:66:c3:14:27:50:ae:5e:b7:27:b2:
         ae:6a:9d:16:f1:c9:04:7a:20:7d:45:d3:86:6e:8c:b7:6a:e3:
         6d:cc:f8:90:bd:a5:da:ec:4b:c6:de:65:3a:fe:cc:e9:40:95:
         47:a9:5e:22:11:07:7d:f2:27:53:57:2e:61:46:4c:8b:36:95:
         5c:a2:a7:60:87:45:b4:27:fc:0e:57:50:a9:3d:f9:68:fc:fc:
         3a:b2:8b:bf:b0:72:03:23:56:c5:75:62:7b:6a:0d:3a:7b:dd:
         14:9c:16:58:02:41:48:03:ed:5d:b8:f4:07:78:c0:72:aa:eb:
         ad:c4:3c:0d:26:28:f2:9f:cb:08:9d:f7:ad:a8:d2:3e:2e:49:
         92:78:90:6d:8b:95:39:f6:9b:29:8a:92:90:4d:c1:22:3b:1b:
         11:f4:68:fc:6f:91:ca:af:0d:22:6d:28:e9:74:78:04:53:08:
         96:6e:40:30:4c:37:e9:77:3e:bb:3b:24:e8:26:33:84:56:d1:
         2c:14:c3:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJOeeG5/qXh547V4+ekCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMGUzMDExYTBmYjMxMTFmYmU4NDkzYzEyMzA5NzRhZWY1
MzI3MDQwHhcNMjQwMTAxMDgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzIzMGI5YWQ5NzI3MGU2YjIyMzlmYTJmNTA0NGVkZjliOGU1NzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEPKrM4N6xquWN3MESEmrQtptdNp
i3vI/cSdr1SlKAu6jhg4UyDAvtXCOSB7c26QioEYMHUnAlXw8PC04jPZSzNzKaak
xNjpCHXoOGOu8t8UW0Ltwh6KHE/A2SLizq+0Vhiq+TjEclU00AyD2w0/gtLg4tBt
5VDAzgG97Is4VEeBPU3fjiCEyvMl6ukX+ngY3mpf/qkLUk5d3RZ0Iq2sl8a1VQjo
Wu/a8lb2Eah5ON8VpSk+82ZeIXDOs157OotrBWoWwrawkAF2wKcRTmYWR4AzZQxJ
Eh6E5pr7No9dcm1RlCLywTNJTp5uDzpHCDp5jgz6vYfnQH00IMyY8f4azwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMjC5rZcnDmsiOfovUETt+bjldpMB8GA1UdIwQY
MBaAFLMOMBGg+zER++hJPBIwl0rvUycEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3c0d0VhRDdNUkg3NkVrOEVqQ1hTdTlUSndRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8wZmZiNjQtZWZjYi00OWY1LTgzNDIt
ZjlmYjM4Yzc3YzU1LzEvMHlNTG10bHljT2F5STUtaTlRUk8zNXVPVjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8wZmZiNjQtZWZjYi00OWY1LTgzNDItZjlmYjM4Yzc3YzU1
LzEvc3c0d0VhRDdNUkg3NkVrOEVqQ1hTdTlUSndRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZsEMA0G
CSqGSIb3DQEBCwUAA4IBAQBd5OHb3km05EGL0hjGZZPFp1d0lzS5f+cXgfNK0KxD
HvmQ7GGRMmxzAsTOVjepRjPsea8Ouqvp2Oy2dhq/3GbDFCdQrl63J7Kuap0W8ckE
eiB9RdOGboy3auNtzPiQvaXa7EvG3mU6/szpQJVHqV4iEQd98idTVy5hRkyLNpVc
oqdgh0W0J/wOV1CpPflo/Pw6sou/sHIDI1bFdWJ7ag06e90UnBZYAkFIA+1duPQH
eMByquutxDwNJijyn8sInfetqNI+LkmSeJBti5U59pspipKQTcEiOxsR9Gj8b5HK
rw0ibSjpdHgEUwiWbkAwTDfpdz67OyToJjOEVtEsFMOa
-----END CERTIFICATE-----