Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/_BDgBKrvmKDGs9-fp37WELNW9zY.roa
File:                     _BDgBKrvmKDGs9-fp37WELNW9zY.roa (raw, json)
Hash identifier:          QwzBYMRzEyWfNAD52wadIrr8gzpdB8nWl3iJD4pPBuE=
Subject key identifier:   FC:10:E0:04:AA:EF:98:A0:C6:B3:DF:9F:A7:7E:D6:10:B3:56:F7:36
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018DC08F2197A6AC5CE7E665AC362DA0821D
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/_BDgBKrvmKDGs9-fp37WELNW9zY.roa
Signing time:             Mon 19 Feb 2024 08:50:22 +0000
ROA not before:           Mon 19 Feb 2024 08:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151106
IP address blocks:        45.157.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:8f:21:97:a6:ac:5c:e7:e6:65:ac:36:2d:a0:82:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Feb 19 08:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc10e004aaef98a0c6b3df9fa77ed610b356f736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:60:0b:85:bf:04:03:5e:d6:fb:46:83:ef:53:
                    c4:b8:a8:c4:90:ae:8f:5d:6e:ac:7a:07:25:d2:36:
                    52:5a:4e:a6:b2:b5:c1:ae:d6:b2:c4:48:54:0a:91:
                    e3:fd:4b:22:43:99:68:d9:b4:a4:77:e4:59:8c:19:
                    7d:f0:08:cd:6a:10:13:78:b5:21:26:27:82:ae:6e:
                    09:40:5a:c3:93:85:7e:33:27:82:9f:1e:7f:91:69:
                    84:11:f2:47:51:fe:7d:e3:37:08:4e:d5:47:2b:7d:
                    13:27:1e:35:02:ae:1c:43:09:74:77:20:30:06:a2:
                    68:3d:74:76:c7:93:2f:43:79:45:ae:fa:c1:d8:37:
                    c2:bd:63:66:d6:2a:2c:33:8b:07:64:1f:a0:31:eb:
                    7e:a1:d4:30:f6:3c:27:1f:05:bf:91:32:a4:c2:7a:
                    53:fa:d4:2b:02:17:1e:4a:9a:d4:74:9d:12:e3:62:
                    58:16:c0:1f:af:64:8c:69:f9:2f:0b:d2:d9:43:84:
                    02:8f:58:e5:63:18:fc:cd:2d:dd:86:fe:89:39:d3:
                    84:c9:5a:fb:d0:e1:94:b0:0d:0a:03:fd:8b:3b:af:
                    ce:a1:4a:8a:b7:0b:35:f9:e5:18:bc:29:4d:09:8e:
                    90:79:58:68:b9:4a:a4:59:bb:75:ce:ae:51:51:ff:
                    d7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:10:E0:04:AA:EF:98:A0:C6:B3:DF:9F:A7:7E:D6:10:B3:56:F7:36
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/_BDgBKrvmKDGs9-fp37WELNW9zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:94:12:73:43:dd:df:04:78:54:ff:9d:ce:25:de:10:3a:e1:
         f6:05:63:6e:cf:f0:4f:d0:7a:f2:87:2b:18:f7:34:90:5d:33:
         83:f0:68:50:d8:6c:94:cc:96:b8:a5:5c:dc:75:d6:23:2f:96:
         3f:02:5f:ae:65:ca:d7:a7:f1:46:11:eb:00:e1:01:96:cb:63:
         cf:cf:47:cb:a9:33:82:4b:7b:df:3c:71:1b:98:c2:0d:46:7c:
         7c:9d:b2:ba:f3:31:82:63:36:64:b7:c5:90:88:49:e3:53:8f:
         26:e0:16:74:3e:eb:8c:fd:ec:a9:eb:af:05:be:dc:10:8c:6e:
         de:ee:f1:1e:df:3c:d6:ba:0b:43:a2:30:63:5f:e2:9b:97:f4:
         9a:5d:7c:be:e9:31:ee:bf:8e:ed:f7:31:60:9d:2c:59:a9:4c:
         be:2a:c7:a1:92:a8:fe:61:7b:66:35:06:1f:cc:5c:58:54:cf:
         7e:c3:90:5c:2a:d2:42:b4:24:01:a6:1b:11:c9:1a:59:40:4d:
         e6:2b:b6:ed:c7:d5:92:18:d0:7a:07:7f:ee:3b:a6:31:19:ef:
         61:d6:20:a5:bc:82:09:99:4c:65:cb:7f:ac:2f:5a:f6:4c:f9:
         41:af:4b:d7:1c:b3:0e:4e:ac:73:61:58:17:2d:e2:09:23:5a:
         18:01:fd:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3AjyGXpqxc5+ZlrDYtoIIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMjE5MDg1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzEwZTAwNGFhZWY5OGEwYzZiM2RmOWZhNzdlZDYxMGIzNTZmNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2ALhb8EA17W+0aD71PEuKjEkK6P
XW6segcl0jZSWk6msrXBrtayxEhUCpHj/UsiQ5lo2bSkd+RZjBl98AjNahATeLUh
JieCrm4JQFrDk4V+MyeCnx5/kWmEEfJHUf594zcITtVHK30TJx41Aq4cQwl0dyAw
BqJoPXR2x5MvQ3lFrvrB2DfCvWNm1iosM4sHZB+gMet+odQw9jwnHwW/kTKkwnpT
+tQrAhceSprUdJ0S42JYFsAfr2SMafkvC9LZQ4QCj1jlYxj8zS3dhv6JOdOEyVr7
0OGUsA0KA/2LO6/OoUqKtws1+eUYvClNCY6QeVhouUqkWbt1zq5RUf/XnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwQ4ASq75igxrPfn6d+1hCzVvc2MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvX0JEZ0JLcnZtS0RHczktZnAzN1dFTE5XOXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ3TMA0G
CSqGSIb3DQEBCwUAA4IBAQC8lBJzQ93fBHhU/53OJd4QOuH2BWNuz/BP0HryhysY
9zSQXTOD8GhQ2GyUzJa4pVzcddYjL5Y/Al+uZcrXp/FGEesA4QGWy2PPz0fLqTOC
S3vfPHEbmMINRnx8nbK68zGCYzZkt8WQiEnjU48m4BZ0PuuM/eyp668FvtwQjG7e
7vEe3zzWugtDojBjX+Kbl/SaXXy+6THuv47t9zFgnSxZqUy+Ksehkqj+YXtmNQYf
zFxYVM9+w5BcKtJCtCQBphsRyRpZQE3mK7btx9WSGNB6B3/uO6YxGe9h1iClvIIJ
mUxly3+sL1r2TPlBr0vXHLMOTqxzYVgXLeIJI1oYAf26
-----END CERTIFICATE-----