Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/9BazZpWudk32mhEQ9UNAxiDg1Js.roa
File:                     9BazZpWudk32mhEQ9UNAxiDg1Js.roa (raw, json)
Hash identifier:          d3f6ECwuxxEBNc/emABFZJKsJwpe5b7Hyztqc4a3lYA=
Subject key identifier:   F4:16:B3:66:95:AE:76:4D:F6:9A:11:10:F5:43:40:C6:20:E0:D4:9B
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA5BE4204DF3B90B52A4330A727B6
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/9BazZpWudk32mhEQ9UNAxiDg1Js.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        45.130.116.0/23 maxlen: 24
                          45.83.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a5:be:42:04:df:3b:90:b5:2a:43:30:a7:27:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f416b36695ae764df69a1110f54340c620e0d49b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:14:ed:89:6a:52:59:21:f9:db:f8:42:03:6c:
                    b8:3c:c9:f7:18:ba:ed:00:27:9a:90:05:f7:4f:a4:
                    4d:2b:ba:1d:3f:a5:7e:2f:41:25:07:00:e3:ea:b3:
                    28:05:45:a1:19:8d:d4:39:80:62:09:1d:32:fd:e6:
                    60:51:d0:13:32:6d:22:53:c2:1e:a7:80:a4:b1:50:
                    e7:6c:e3:7d:5f:f7:db:ac:75:f0:90:6f:65:ee:29:
                    71:ab:df:db:2d:98:a7:b3:d0:84:e7:7f:fd:c5:7e:
                    b3:4b:72:b0:57:a8:d9:da:b7:1d:60:72:10:8f:bb:
                    28:18:c4:c5:27:de:43:16:c6:2a:56:a2:53:af:7d:
                    63:dc:23:c8:f1:63:95:48:fc:ae:16:77:d0:90:cc:
                    7f:9d:52:9f:a5:45:a7:cf:7b:33:ba:38:49:8d:53:
                    30:f8:3f:e2:d3:42:b6:c0:2b:85:6c:a8:44:e8:78:
                    9c:17:c9:a5:48:41:36:0b:87:7f:35:2f:8c:c9:26:
                    ff:ef:16:55:b0:ee:3c:14:77:4a:77:0e:70:4d:dc:
                    ba:40:e0:7b:0d:15:e1:01:ff:78:03:59:52:71:1b:
                    d2:a1:ea:c5:19:da:ee:ad:a3:3d:22:09:e7:7f:b6:
                    82:8f:c7:ad:ba:b2:06:42:cb:d8:90:ea:a8:0d:7b:
                    2e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:16:B3:66:95:AE:76:4D:F6:9A:11:10:F5:43:40:C6:20:E0:D4:9B
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/9BazZpWudk32mhEQ9UNAxiDg1Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.204.0/24
                  45.130.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:20:25:22:df:5b:c5:5d:a9:6c:a0:17:b9:39:e5:85:67:b1:
         bc:5b:9d:2c:f8:8e:91:23:d0:c5:cf:fe:47:78:62:32:c5:dd:
         da:bb:29:60:1f:fc:38:bf:73:33:b0:27:dc:ea:a1:65:53:4b:
         77:b3:54:f4:03:8c:b8:15:e6:f2:54:84:e7:6c:67:e8:6d:48:
         dd:68:71:82:d5:fd:db:9c:32:61:50:9d:e5:4c:e9:92:cc:b1:
         79:59:7b:e8:7d:ba:61:5b:a9:22:5a:fd:ce:22:3e:9a:98:c4:
         e4:18:63:b0:6a:3a:41:f7:3c:0c:c1:07:94:b8:47:4b:24:1f:
         8e:04:eb:4e:59:73:dd:c5:05:74:17:35:32:29:bc:9c:9c:56:
         b5:05:04:33:cf:4d:e1:0f:36:2b:ad:86:16:b0:98:b3:2d:f5:
         2f:07:f6:b1:67:67:43:6f:f8:eb:0e:82:36:c3:d7:c1:06:7b:
         50:67:3b:4a:92:9f:1d:fd:da:51:4f:80:c9:a4:11:38:f6:af:
         eb:a0:d9:17:61:0c:5c:63:b2:1e:d7:6c:a2:ac:cf:7d:e8:5c:
         35:3c:65:4d:8e:6a:39:c6:6d:b2:c4:5f:0b:c9:43:24:a7:1e:
         97:31:81:e6:3e:81:18:34:54:af:fa:d2:c7:0e:48:0d:56:b9:
         f8:2a:be:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb6W+QgTfO5C1KkMwpye2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE2YjM2Njk1YWU3NjRkZjY5YTExMTBmNTQzNDBjNjIwZTBkNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8BTtiWpSWSH52/hCA2y4PMn3GLrt
ACeakAX3T6RNK7odP6V+L0ElBwDj6rMoBUWhGY3UOYBiCR0y/eZgUdATMm0iU8Ie
p4CksVDnbON9X/fbrHXwkG9l7ilxq9/bLZins9CE53/9xX6zS3KwV6jZ2rcdYHIQ
j7soGMTFJ95DFsYqVqJTr31j3CPI8WOVSPyuFnfQkMx/nVKfpUWnz3szujhJjVMw
+D/i00K2wCuFbKhE6HicF8mlSEE2C4d/NS+MySb/7xZVsO48FHdKdw5wTdy6QOB7
DRXhAf94A1lScRvSoerFGdruraM9Ignnf7aCj8eturIGQsvYkOqoDXsuiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQWs2aVrnZN9poREPVDQMYg4NSbMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvOUJhelpwV3VkazMybWhFUTlVTkF4aURnMUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVPMAwQB
LYJ0MA0GCSqGSIb3DQEBCwUAA4IBAQAuICUi31vFXalsoBe5OeWFZ7G8W50s+I6R
I9DFz/5HeGIyxd3auylgH/w4v3MzsCfc6qFlU0t3s1T0A4y4FebyVITnbGfobUjd
aHGC1f3bnDJhUJ3lTOmSzLF5WXvofbphW6kiWv3OIj6amMTkGGOwajpB9zwMwQeU
uEdLJB+OBOtOWXPdxQV0FzUyKbycnFa1BQQzz03hDzYrrYYWsJizLfUvB/axZ2dD
b/jrDoI2w9fBBntQZztKkp8d/dpRT4DJpBE49q/roNkXYQxcY7Ie12yirM996Fw1
PGVNjmo5xm2yxF8LyUMkpx6XMYHmPoEYNFSv+tLHDkgNVrn4Kr7s
-----END CERTIFICATE-----