Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/1-BhAkOaWwXJDT9vPY4Gelir_7hM.roa
File:                     1-BhAkOaWwXJDT9vPY4Gelir_7hM.roa (raw, json)
Hash identifier:          kM0HCyAZYX8LJ8EyD2mZVsznWN+VsaaOX51qdsx1VSU=
Subject key identifier:   F8:18:40:90:E6:96:C1:72:43:4F:DB:CF:63:81:9E:96:2A:FF:EE:13
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA87ADA149DBC796DB1DDCC2875B8
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/1-BhAkOaWwXJDT9vPY4Gelir_7hM.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45929
IP address blocks:        45.92.4.0/22 maxlen: 22
                          45.149.192.0/22 maxlen: 22
                          45.92.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a8:7a:da:14:9d:bc:79:6d:b1:dd:cc:28:75:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8184090e696c172434fdbcf63819e962affee13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:91:8e:c1:c5:cd:e5:d1:3d:56:7e:10:35:d5:
                    fb:7d:88:7a:6b:0d:88:cc:30:15:c2:57:0f:3b:1b:
                    56:f4:6a:0e:5f:e6:2d:99:10:76:80:cb:84:8f:8e:
                    76:cd:d7:eb:54:0b:50:d5:bf:47:0e:0a:9f:da:8d:
                    50:f8:2e:bd:de:d0:01:36:9f:c6:9d:1a:2b:2f:e3:
                    d5:00:94:e9:df:e2:3e:7f:da:45:14:95:ed:c6:c0:
                    68:e9:99:e8:be:1a:82:b1:3d:77:fb:c5:f1:d7:30:
                    08:86:5f:e5:89:84:44:c5:57:62:86:69:32:fb:14:
                    3d:c1:8e:15:05:5e:78:b0:5c:af:61:3e:9d:60:37:
                    82:72:35:5a:eb:0c:43:87:ff:9a:47:42:b7:85:39:
                    af:73:52:53:2a:3d:42:3b:75:b0:e7:64:fe:0b:6f:
                    40:c3:90:32:30:3d:df:eb:66:26:b5:2f:cf:ea:94:
                    e5:6e:8b:4d:1f:30:9b:9e:f8:dd:38:97:0e:60:26:
                    23:0d:04:9e:90:2f:d2:53:80:26:56:9f:ee:c7:8f:
                    8d:eb:55:ed:a3:c7:8d:de:29:51:b8:75:cc:0d:d4:
                    79:fd:aa:95:40:b2:66:d0:df:09:8d:6e:bb:62:40:
                    ee:5f:50:56:8a:59:ca:38:6b:f0:74:4d:34:1a:e8:
                    1b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:18:40:90:E6:96:C1:72:43:4F:DB:CF:63:81:9E:96:2A:FF:EE:13
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/1-BhAkOaWwXJDT9vPY4Gelir_7hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.4.0/22
                  45.92.88.0/22
                  45.149.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:ba:99:76:7a:52:c8:52:52:3b:77:6a:fc:0d:61:76:fa:6a:
         2f:b0:d9:8b:0c:13:49:39:b4:c9:1d:47:ad:ab:7d:e6:77:8f:
         e8:3a:24:52:da:7f:a4:15:c3:4c:9e:b1:ab:41:6c:46:02:f6:
         68:bd:81:2a:7f:a7:50:24:0d:07:af:46:d9:dc:ec:ef:24:95:
         92:3c:ac:23:48:a0:13:31:8c:25:f7:b5:38:57:a4:83:23:78:
         05:1a:76:3b:16:30:e1:96:55:05:d9:53:8b:28:87:36:96:9f:
         91:32:87:9a:c9:73:d7:26:36:0a:e6:0a:a5:59:80:c3:a7:31:
         bc:7f:3a:ce:89:72:59:81:c4:cc:9e:3e:10:b7:49:95:1e:cb:
         b9:43:e5:48:bc:59:92:d6:f5:cb:d7:df:9a:27:ea:23:99:65:
         cc:fc:6a:54:53:4c:b0:2b:07:b3:48:56:0d:b6:69:90:51:6e:
         6c:8c:c5:1b:ea:5a:c8:4b:80:bd:7b:22:87:3d:10:30:92:cb:
         d0:26:b9:e1:a4:4d:0c:f4:da:18:6d:ac:d2:0f:53:2e:ca:44:
         5d:ec:69:a5:8d:9b:c4:1c:1f:cf:cf:06:7f:d5:8a:ff:01:24:
         42:cd:70:f1:7d:02:7f:14:b5:c6:64:d5:b3:f3:ac:71:ca:95:
         d1:66:45:84
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzIb6h62hSdvHltsd3MKHW4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODE4NDA5MGU2OTZjMTcyNDM0ZmRiY2Y2MzgxOWU5NjJhZmZlZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpGOwcXN5dE9Vn4QNdX7fYh6aw2I
zDAVwlcPOxtW9GoOX+YtmRB2gMuEj452zdfrVAtQ1b9HDgqf2o1Q+C693tABNp/G
nRorL+PVAJTp3+I+f9pFFJXtxsBo6ZnovhqCsT13+8Xx1zAIhl/liYRExVdihmky
+xQ9wY4VBV54sFyvYT6dYDeCcjVa6wxDh/+aR0K3hTmvc1JTKj1CO3Ww52T+C29A
w5AyMD3f62YmtS/P6pTlbotNHzCbnvjdOJcOYCYjDQSekC/SU4AmVp/ux4+N61Xt
o8eN3ilRuHXMDdR5/aqVQLJm0N8JjW67YkDuX1BWilnKOGvwdE00GugboQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPgYQJDmlsFyQ0/bz2OBnpYq/+4TMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvMS1CaEFrT2FXd1hKRFQ5dlBZNEdlbGlyXzdoTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTAvZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYz
ZS8xL3NWVUFuRDNrSWN4T1o3bXBya0k3czEzZ3VTWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAi1cBAME
Ai1cWAMEAi2VwDANBgkqhkiG9w0BAQsFAAOCAQEAL7qZdnpSyFJSO3dq/A1hdvpq
L7DZiwwTSTm0yR1Hrat95neP6DokUtp/pBXDTJ6xq0FsRgL2aL2BKn+nUCQNB69G
2dzs7ySVkjysI0igEzGMJfe1OFekgyN4BRp2OxYw4ZZVBdlTiyiHNpafkTKHmslz
1yY2CuYKpVmAw6cxvH86zolyWYHEzJ4+ELdJlR7LuUPlSLxZktb1y9ffmifqI5ll
zPxqVFNMsCsHs0hWDbZpkFFubIzFG+payEuAvXsihz0QMJLL0Ca54aRNDPTaGG2s
0g9TLspEXexppY2bxBwfz88Gf9WK/wEkQs1w8X0CfxS1xmTVs/OsccqV0WZFhA==
-----END CERTIFICATE-----