Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/h0tHRnvk6SEq5GRtOGWItaGYShs.roa
File:                     h0tHRnvk6SEq5GRtOGWItaGYShs.roa (raw, json)
Hash identifier:          ooXgPFynkxRj8P4TAi7sJza4lNLTyehkhQJ0AiGwvOg=
Subject key identifier:   87:4B:47:46:7B:E4:E9:21:2A:E4:64:6D:38:65:88:B5:A1:98:4A:1B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018EACB039BE1D3A9A5872A6D5863304671D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/h0tHRnvk6SEq5GRtOGWItaGYShs.roa
Signing time:             Fri 05 Apr 2024 05:16:54 +0000
ROA not before:           Fri 05 Apr 2024 05:16:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198037
IP address blocks:        45.135.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ac:b0:39:be:1d:3a:9a:58:72:a6:d5:86:33:04:67:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  5 05:16:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=874b47467be4e9212ae4646d386588b5a1984a1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:21:a3:ae:0e:eb:e2:0c:f0:4e:34:b8:72:28:
                    62:ae:9a:f3:d3:a0:d1:70:e0:45:26:6f:dc:08:8c:
                    a5:01:1e:8e:ba:98:c0:47:79:c2:12:4d:3a:5f:2e:
                    79:94:3e:f3:65:72:99:c3:a3:6f:e1:fa:53:87:d7:
                    94:89:d1:b7:ea:76:d8:39:bc:17:71:58:e1:46:fe:
                    fc:22:41:d9:58:e0:46:ac:c0:88:a2:fb:aa:f3:2e:
                    05:bc:32:b9:19:cf:6f:aa:0c:36:aa:a3:14:3e:0a:
                    18:81:3d:a4:7a:e7:21:62:07:81:71:81:d5:ed:93:
                    0b:a1:4c:7e:f2:1e:35:64:cb:d3:a0:ae:98:84:a8:
                    34:6e:66:96:5d:30:3a:2f:59:ef:53:cf:7c:4e:dd:
                    60:64:f3:93:2e:6c:b9:18:fa:ad:8a:41:40:7f:44:
                    7c:c9:89:52:f0:f8:d2:8c:4b:07:6c:57:f8:de:0e:
                    5a:fa:60:8f:16:21:0e:79:90:ea:27:9b:9a:7f:e2:
                    57:ef:77:92:4a:9f:61:c4:6f:33:8f:50:6d:f3:5a:
                    17:72:93:4f:a2:fa:96:ab:9e:88:cc:c4:9d:01:ec:
                    4d:5e:5d:e8:a4:52:07:c4:6d:ae:a6:50:52:73:ab:
                    73:4a:34:63:4b:29:dd:90:bc:29:53:b4:81:71:92:
                    0a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:4B:47:46:7B:E4:E9:21:2A:E4:64:6D:38:65:88:B5:A1:98:4A:1B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/h0tHRnvk6SEq5GRtOGWItaGYShs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:d3:87:0e:45:cf:a2:96:57:cd:dd:1e:75:20:10:fc:90:99:
         51:a5:9c:8e:5d:48:1a:88:13:62:07:02:85:be:30:18:76:ec:
         4b:99:31:fb:81:7e:65:e3:55:a1:8f:62:c5:f5:dd:b2:9f:47:
         29:8f:f0:ad:c5:6a:0a:0f:3f:4a:79:1f:d6:5d:14:fa:f4:f9:
         42:5b:cd:94:79:91:82:64:1d:6b:f4:a9:bc:e4:04:ce:eb:5c:
         a4:00:93:6d:17:7b:70:43:0c:b7:06:b5:af:c1:51:fa:8f:1b:
         bc:4a:63:d7:27:74:6b:08:e9:fe:0f:61:e8:f5:de:45:88:64:
         d5:3d:52:fa:fd:dc:d5:d1:a9:60:44:c5:75:0d:be:a3:6a:61:
         59:5f:3e:bb:e3:56:c8:eb:fc:9d:f3:7b:39:66:b5:3c:c2:1c:
         4b:d8:db:b0:7e:b2:47:6e:4b:60:3c:5b:34:24:2a:03:1d:e7:
         4f:15:98:4e:8d:f4:28:aa:aa:12:41:89:1a:d5:17:c3:4a:61:
         9c:d0:e0:14:7c:0f:df:8c:67:2a:7e:54:2c:e5:9a:d1:23:9c:
         bd:27:68:ca:3b:c4:2b:4a:4c:44:08:cb:30:6d:2e:91:e8:fe:
         17:ee:55:df:55:9d:d4:42:fa:68:c1:82:02:10:33:1d:61:b8:
         9c:e9:40:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6ssDm+HTqaWHKm1YYzBGcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNDA1MDUxNjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRiNDc0NjdiZTRlOTIxMmFlNDY0NmQzODY1ODhiNWExOTg0YTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyGjrg7r4gzwTjS4cihirprz06DR
cOBFJm/cCIylAR6OupjAR3nCEk06Xy55lD7zZXKZw6Nv4fpTh9eUidG36nbYObwX
cVjhRv78IkHZWOBGrMCIovuq8y4FvDK5Gc9vqgw2qqMUPgoYgT2keuchYgeBcYHV
7ZMLoUx+8h41ZMvToK6YhKg0bmaWXTA6L1nvU898Tt1gZPOTLmy5GPqtikFAf0R8
yYlS8PjSjEsHbFf43g5a+mCPFiEOeZDqJ5uaf+JX73eSSp9hxG8zj1Bt81oXcpNP
ovqWq56IzMSdAexNXl3opFIHxG2uplBSc6tzSjRjSyndkLwpU7SBcZIKcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdLR0Z75OkhKuRkbThliLWhmEobMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaDB0SFJudms2U0VxNUdSdE9HV0l0YUdZU2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYe2MA0G
CSqGSIb3DQEBCwUAA4IBAQAl04cORc+illfN3R51IBD8kJlRpZyOXUgaiBNiBwKF
vjAYduxLmTH7gX5l41Whj2LF9d2yn0cpj/CtxWoKDz9KeR/WXRT69PlCW82UeZGC
ZB1r9Km85ATO61ykAJNtF3twQwy3BrWvwVH6jxu8SmPXJ3RrCOn+D2Ho9d5FiGTV
PVL6/dzV0algRMV1Db6jamFZXz6741bI6/yd83s5ZrU8whxL2NuwfrJHbktgPFs0
JCoDHedPFZhOjfQoqqoSQYka1RfDSmGc0OAUfA/fjGcqflQs5ZrRI5y9J2jKO8Qr
SkxECMswbS6R6P4X7lXfVZ3UQvpowYICEDMdYbic6UBB
-----END CERTIFICATE-----