Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/op-w-6hes_W1WhU7XyFre595OIA.roa
File:                     op-w-6hes_W1WhU7XyFre595OIA.roa (raw, json)
Hash identifier:          1SIUH6pubNDLrthi10aeVBHLSsh6il7tFJ5HrtRKTaU=
Subject key identifier:   A2:9F:B0:FB:A8:5E:B3:F5:B5:5A:15:3B:5F:21:6B:7B:9F:79:38:80
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       018CCA2A3CB2A28C7402F0AF421A265987FD
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/op-w-6hes_W1WhU7XyFre595OIA.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        45.82.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3c:b2:a2:8c:74:02:f0:af:42:1a:26:59:87:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a29fb0fba85eb3f5b55a153b5f216b7b9f793880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:70:12:97:62:c1:4c:bb:66:44:6e:f9:40:29:
                    ba:7b:7f:8a:07:62:50:ac:82:fc:47:e4:2e:2c:d9:
                    e2:dc:e5:47:54:ac:f4:cc:23:10:46:1e:99:87:95:
                    91:40:fe:d0:c8:a5:ec:53:ba:e5:f7:a7:7f:c3:9c:
                    fa:f0:93:90:88:3b:04:ea:60:43:5b:9f:4e:41:74:
                    69:39:78:c8:ae:3a:91:48:49:c1:ee:20:2a:4b:83:
                    af:48:15:69:8c:b8:14:23:e4:81:83:d0:8e:9d:2a:
                    60:34:0a:30:b7:3e:41:b1:31:e5:6d:b6:89:b3:4f:
                    38:c3:f2:11:b4:9a:83:e2:6f:a2:0e:d9:05:c7:84:
                    72:63:a9:4b:10:97:05:bd:d5:61:57:59:c0:f7:79:
                    50:77:58:9a:22:12:df:de:1f:d2:74:48:f8:9d:e3:
                    f2:59:0a:fb:4e:d3:49:d0:2a:7b:32:38:a3:8c:f3:
                    66:92:79:d2:40:a7:b2:b8:19:06:5d:33:b4:5d:8d:
                    50:fe:9c:68:6b:d4:c4:42:1a:af:78:d4:f8:1a:eb:
                    34:f1:0e:0e:c2:7c:f8:40:04:a3:e8:2c:06:e9:45:
                    cb:9c:e1:bb:6d:39:13:28:9d:25:55:25:2e:0b:08:
                    2c:65:43:9a:7e:76:de:60:83:52:55:40:f2:c0:29:
                    7d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9F:B0:FB:A8:5E:B3:F5:B5:5A:15:3B:5F:21:6B:7B:9F:79:38:80
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/op-w-6hes_W1WhU7XyFre595OIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:af:e6:06:f7:a8:3b:21:a2:e7:49:d3:0f:3d:7c:35:3f:71:
         91:af:43:da:76:8f:ac:c1:b4:b7:d2:aa:c8:f1:70:01:5a:30:
         cc:f3:e5:2d:5c:84:95:92:2d:49:8e:4f:30:ce:43:2f:cf:a1:
         35:b0:e0:49:dc:a3:3b:65:89:bd:07:18:9a:68:c8:8d:b9:c2:
         f5:24:c9:4a:5c:7d:38:3f:ce:d6:73:ad:b4:3d:70:e6:29:83:
         b0:d2:41:8f:2d:d5:c5:3e:ce:d4:56:3c:4b:c1:d3:0d:9d:1b:
         0c:0b:bf:66:bc:c0:ca:de:28:22:68:cc:9f:83:ef:1c:a9:d3:
         e1:f1:6d:98:2a:58:a7:03:03:cc:8b:85:a8:ab:d8:f4:c8:3c:
         0f:21:ff:dd:ee:06:23:64:ae:b6:d3:b8:af:3a:01:ff:00:ba:
         34:38:a5:49:67:21:df:7a:d9:9e:59:11:e7:f2:33:ed:9f:dc:
         96:bd:e4:6e:01:f1:5c:9c:17:ff:5e:91:4b:00:a7:ba:20:54:
         c8:2e:b2:1f:7e:02:65:06:32:d8:ed:e7:fc:e7:45:85:f7:5f:
         e7:cd:d4:27:ff:ee:16:f2:95:14:0f:f4:5c:ca:ec:24:e5:a8:
         48:db:25:b7:d6:71:e2:79:8e:58:13:cd:72:dd:42:88:5e:3a:
         c2:08:69:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjyyoox0AvCvQhomWYf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlmYjBmYmE4NWViM2Y1YjU1YTE1M2I1ZjIxNmI3YjlmNzkzODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHASl2LBTLtmRG75QCm6e3+KB2JQ
rIL8R+QuLNni3OVHVKz0zCMQRh6Zh5WRQP7QyKXsU7rl96d/w5z68JOQiDsE6mBD
W59OQXRpOXjIrjqRSEnB7iAqS4OvSBVpjLgUI+SBg9COnSpgNAowtz5BsTHlbbaJ
s084w/IRtJqD4m+iDtkFx4RyY6lLEJcFvdVhV1nA93lQd1iaIhLf3h/SdEj4nePy
WQr7TtNJ0Cp7MjijjPNmknnSQKeyuBkGXTO0XY1Q/pxoa9TEQhqveNT4Gus08Q4O
wnz4QASj6CwG6UXLnOG7bTkTKJ0lVSUuCwgsZUOafnbeYINSVUDywCl9IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKfsPuoXrP1tVoVO18ha3ufeTiAMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvb3Atdy02aGVzX1cxV2hVN1h5RnJlNTk1T0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVIPMA0G
CSqGSIb3DQEBCwUAA4IBAQC1r+YG96g7IaLnSdMPPXw1P3GRr0Pado+swbS30qrI
8XABWjDM8+UtXISVki1Jjk8wzkMvz6E1sOBJ3KM7ZYm9BxiaaMiNucL1JMlKXH04
P87Wc620PXDmKYOw0kGPLdXFPs7UVjxLwdMNnRsMC79mvMDK3igiaMyfg+8cqdPh
8W2YKlinAwPMi4Woq9j0yDwPIf/d7gYjZK6207ivOgH/ALo0OKVJZyHfetmeWRHn
8jPtn9yWveRuAfFcnBf/XpFLAKe6IFTILrIffgJlBjLY7ef850WF91/nzdQn/+4W
8pUUD/Rcyuwk5ahI2yW31nHieY5YE81y3UKIXjrCCGkp
-----END CERTIFICATE-----