Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6e6f51-4e13-465e-b4d6-2e8dcdd51651/1/mOB-vH5P9l16XieJ9e6EAZlDH_Q.roa
File:                     mOB-vH5P9l16XieJ9e6EAZlDH_Q.roa (raw, json)
Hash identifier:          WFerFQXdO2cGddbnEIXF0+YxFqWS7wDyvIZiQKENpp0=
Subject key identifier:   98:E0:7E:BC:7E:4F:F6:5D:7A:5E:27:89:F5:EE:84:01:99:43:1F:F4
Certificate issuer:       /CN=48595d4a54ed644213c446195e36f78ec1a28399
Certificate serial:       018CCA2A2012CC11DEC62205A1D386CED13B
Authority key identifier: 48:59:5D:4A:54:ED:64:42:13:C4:46:19:5E:36:F7:8E:C1:A2:83:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFldSlTtZEITxEYZXjb3jsGig5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/6e6f51-4e13-465e-b4d6-2e8dcdd51651/1/mOB-vH5P9l16XieJ9e6EAZlDH_Q.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204189
IP address blocks:        45.83.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/6e6f51-4e13-465e-b4d6-2e8dcdd51651/1/SFldSlTtZEITxEYZXjb3jsGig5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/6e6f51-4e13-465e-b4d6-2e8dcdd51651/1/SFldSlTtZEITxEYZXjb3jsGig5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFldSlTtZEITxEYZXjb3jsGig5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:20:12:cc:11:de:c6:22:05:a1:d3:86:ce:d1:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48595d4a54ed644213c446195e36f78ec1a28399
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98e07ebc7e4ff65d7a5e2789f5ee840199431ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:39:36:82:79:00:16:ac:bd:4b:ed:55:96:76:
                    f3:1a:e7:16:b2:d6:44:e6:56:bc:a8:49:ae:f9:e2:
                    1d:f6:2f:fd:be:fa:ad:b7:c2:cf:78:ba:fb:6b:87:
                    6b:86:4a:87:70:45:3f:bd:f1:f2:17:e8:24:ec:ad:
                    81:22:da:d4:28:6b:83:5b:e3:19:7f:ee:09:9d:5a:
                    5f:8a:97:2d:18:da:e3:28:cb:13:5f:f5:cc:1f:4f:
                    8d:07:dd:1b:51:ae:74:fd:e0:20:f6:07:87:6f:33:
                    ca:43:5f:9a:87:2b:fd:96:8d:fd:4d:86:7a:a5:69:
                    c5:ed:79:ec:9d:64:26:c7:11:86:86:03:6d:03:99:
                    97:3c:ed:79:88:c5:94:3f:f8:92:d7:26:63:2b:c5:
                    22:ee:e9:cf:e8:ff:ec:01:86:95:72:b6:4d:61:3b:
                    57:d5:70:9d:b0:41:f6:64:24:58:37:c1:2f:16:7e:
                    6e:0d:6b:8f:a9:15:5e:14:be:2a:89:f1:ad:6f:d6:
                    55:ea:e5:00:98:a7:2f:58:ae:bb:3f:0d:31:a5:69:
                    f5:cf:f0:33:92:7f:01:fa:2f:63:56:c7:43:ce:a1:
                    c0:8f:53:9d:fb:54:16:9c:ae:7c:d4:4b:65:c9:a1:
                    e7:c8:bf:b4:c3:a9:f9:bc:c9:b2:89:9a:62:51:31:
                    64:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E0:7E:BC:7E:4F:F6:5D:7A:5E:27:89:F5:EE:84:01:99:43:1F:F4
            X509v3 Authority Key Identifier:
                keyid:48:59:5D:4A:54:ED:64:42:13:C4:46:19:5E:36:F7:8E:C1:A2:83:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFldSlTtZEITxEYZXjb3jsGig5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6e6f51-4e13-465e-b4d6-2e8dcdd51651/1/mOB-vH5P9l16XieJ9e6EAZlDH_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6e6f51-4e13-465e-b4d6-2e8dcdd51651/1/SFldSlTtZEITxEYZXjb3jsGig5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:ef:4e:cd:ed:8a:ee:7f:4f:82:56:2c:b2:1a:00:da:cb:33:
         ce:28:bf:38:d9:48:40:8e:f6:db:f4:de:49:c2:d9:40:76:ff:
         bf:fa:e5:6d:22:57:db:71:89:4c:b5:c0:4b:fa:78:5a:8e:08:
         aa:b0:34:6a:6a:d9:fe:0c:b9:3d:aa:ba:12:6b:bd:77:4c:41:
         a0:ae:17:a5:00:40:33:7d:63:19:97:89:bc:6d:7c:4a:56:cc:
         58:d9:3d:cc:89:4d:fe:a5:c0:b9:d5:e0:23:cf:f1:29:ef:5e:
         59:9d:9d:32:ee:ec:56:02:e8:9d:66:13:9f:2b:69:ce:d8:68:
         ed:7f:0c:d2:1b:c2:e7:ca:25:ba:63:69:29:7d:fc:d7:9c:97:
         5e:ad:ba:4f:f1:eb:f9:df:11:82:66:31:c0:9c:99:22:cf:34:
         48:75:19:34:11:65:13:d2:32:fd:8d:84:0c:7c:17:8d:a0:24:
         1d:5a:e2:c3:eb:98:36:96:9d:54:32:df:6f:db:10:2f:50:e1:
         57:f2:0c:9a:96:26:c3:12:81:ab:8a:11:e4:e0:ba:ea:c0:1e:
         d1:a4:5c:85:d7:e5:ab:bb:54:13:ab:97:d3:35:2e:9e:8c:0a:
         08:d4:fa:47:9b:e4:ed:f3:1c:7a:42:98:ce:04:eb:3e:13:8f:
         50:cd:93:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKiASzBHexiIFodOGztE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTk1ZDRhNTRlZDY0NDIxM2M0NDYxOTVlMzZmNzhlYzFh
MjgzOTkwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGUwN2ViYzdlNGZmNjVkN2E1ZTI3ODlmNWVlODQwMTk5NDMxZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTk2gnkAFqy9S+1VlnbzGucWstZE
5la8qEmu+eId9i/9vvqtt8LPeLr7a4drhkqHcEU/vfHyF+gk7K2BItrUKGuDW+MZ
f+4JnVpfipctGNrjKMsTX/XMH0+NB90bUa50/eAg9geHbzPKQ1+ahyv9lo39TYZ6
pWnF7XnsnWQmxxGGhgNtA5mXPO15iMWUP/iS1yZjK8Ui7unP6P/sAYaVcrZNYTtX
1XCdsEH2ZCRYN8EvFn5uDWuPqRVeFL4qifGtb9ZV6uUAmKcvWK67Pw0xpWn1z/Az
kn8B+i9jVsdDzqHAj1Od+1QWnK581EtlyaHnyL+0w6n5vMmyiZpiUTFkFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjgfrx+T/Zdel4nifXuhAGZQx/0MB8GA1UdIwQY
MBaAFEhZXUpU7WRCE8RGGV42947BooOZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZsZFNsVHRaRUlUeEVZWlhqYjNqc0dpZzVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82ZTZmNTEtNGUxMy00NjVlLWI0ZDYt
MmU4ZGNkZDUxNjUxLzEvbU9CLXZINVA5bDE2WGllSjllNkVBWmxESF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82ZTZmNTEtNGUxMy00NjVlLWI0ZDYtMmU4ZGNkZDUxNjUx
LzEvU0ZsZFNsVHRaRUlUeEVZWlhqYjNqc0dpZzVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVNkMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ707N7Yruf0+CViyyGgDayzPOKL842UhAjvbb9N5J
wtlAdv+/+uVtIlfbcYlMtcBL+nhajgiqsDRqatn+DLk9qroSa713TEGgrhelAEAz
fWMZl4m8bXxKVsxY2T3MiU3+pcC51eAjz/Ep715ZnZ0y7uxWAuidZhOfK2nO2Gjt
fwzSG8LnyiW6Y2kpffzXnJderbpP8ev53xGCZjHAnJkizzRIdRk0EWUT0jL9jYQM
fBeNoCQdWuLD65g2lp1UMt9v2xAvUOFX8gyalibDEoGrihHk4LrqwB7RpFyF1+Wr
u1QTq5fTNS6ejAoI1PpHm+Tt8xx6QpjOBOs+E49QzZMd
-----END CERTIFICATE-----