Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/b9Gb5b5xcI1pM-Ikg9y_wTK8Qik.roa
File:                     b9Gb5b5xcI1pM-Ikg9y_wTK8Qik.roa (raw, json)
Hash identifier:          B5pOFYt4CMEK/z1YmOflXR6w/DlbHuGiU01qBvHUfPk=
Subject key identifier:   6F:D1:9B:E5:BE:71:70:8D:69:33:E2:24:83:DC:BF:C1:32:BC:42:29
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019000A984670EBFDD5F465E79614EE29504
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/b9Gb5b5xcI1pM-Ikg9y_wTK8Qik.roa
Signing time:             Mon 10 Jun 2024 05:40:27 +0000
ROA not before:           Mon 10 Jun 2024 05:40:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3758
IP address blocks:        45.135.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:00:a9:84:67:0e:bf:dd:5f:46:5e:79:61:4e:e2:95:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jun 10 05:40:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fd19be5be71708d6933e22483dcbfc132bc4229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3f:06:15:66:f7:05:e6:fb:2d:16:41:4e:7c:
                    61:be:4d:4c:63:bf:ea:37:84:17:c5:65:1c:0c:c7:
                    bd:2f:48:89:51:b8:10:22:33:d5:b8:41:9c:d7:78:
                    2d:f8:c1:a3:ed:f8:b4:62:03:41:df:96:1d:e1:ce:
                    10:af:97:98:eb:a4:b7:20:d1:d1:dc:05:7d:b0:44:
                    d8:2f:13:2a:d7:bf:ec:b3:f0:4e:de:f5:ec:04:95:
                    ce:9e:fd:92:2c:6a:95:c9:f7:ad:8d:e0:71:2d:2a:
                    5d:24:0a:f4:9f:cd:18:c4:fe:f0:33:f9:b6:70:fb:
                    06:37:97:08:ee:53:9c:3d:9a:78:9a:55:1f:ff:c8:
                    a4:35:e1:20:da:61:27:47:4b:b1:b1:9c:39:54:32:
                    d2:cf:6e:33:63:ac:3e:16:ee:f3:84:af:e7:ac:39:
                    72:52:29:e8:dc:62:d3:1a:f3:76:60:ed:1f:dd:1a:
                    45:b3:ac:04:53:79:23:0e:9a:67:f6:f8:f9:90:60:
                    b5:e0:4f:76:80:7f:1a:34:8a:2e:a5:0f:95:6d:0d:
                    24:20:4f:70:11:dd:be:1c:83:13:e1:c8:f1:63:0b:
                    93:2b:54:82:da:3e:6d:17:9c:db:29:d9:af:9b:03:
                    57:45:15:9c:1d:d2:ec:11:9a:46:b0:11:8c:dd:4c:
                    b0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D1:9B:E5:BE:71:70:8D:69:33:E2:24:83:DC:BF:C1:32:BC:42:29
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/b9Gb5b5xcI1pM-Ikg9y_wTK8Qik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:f9:2c:53:0a:17:fd:de:67:74:7d:32:20:d5:ee:1c:5c:42:
         73:d9:9f:47:7c:65:4a:31:0a:fa:af:f0:2a:05:93:05:91:39:
         0f:1c:85:80:39:df:d4:b3:b0:fe:e7:a0:49:6a:4b:ba:7e:85:
         37:59:95:da:4f:14:22:9a:78:45:2f:06:71:ff:47:27:01:2b:
         14:a1:cf:7c:98:eb:70:bc:d4:8c:82:99:52:76:d1:53:a4:22:
         7c:c0:7f:c8:c0:9d:64:2d:1f:80:4f:e2:a0:c2:6a:92:63:eb:
         bb:4a:49:62:1b:1f:96:7e:df:65:22:e8:69:51:c0:83:db:60:
         1b:01:ce:bc:e1:22:fd:bc:57:3d:c1:1c:ef:52:4a:f9:8a:26:
         21:16:d3:cb:55:d3:03:f2:f2:7f:be:eb:29:a9:ce:44:fc:a7:
         6b:13:30:62:73:e0:ec:ae:22:92:a1:fa:05:99:49:cf:4a:c0:
         be:0d:13:7e:a7:70:78:c3:b3:21:a2:e8:c6:ad:b9:92:8b:8b:
         cd:aa:72:1e:9e:92:87:af:b9:90:ac:3c:8e:70:05:dc:53:b3:
         c7:d2:6e:c8:1d:9d:15:e8:1b:07:1a:01:de:54:f3:88:ce:d1:
         ff:d5:72:84:ec:59:23:b9:9f:8d:e7:68:a0:9f:cb:19:7e:26:
         ab:fe:94:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAAqYRnDr/dX0ZeeWFO4pUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwNjEwMDU0MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmQxOWJlNWJlNzE3MDhkNjkzM2UyMjQ4M2RjYmZjMTMyYmM0MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz8GFWb3Beb7LRZBTnxhvk1MY7/q
N4QXxWUcDMe9L0iJUbgQIjPVuEGc13gt+MGj7fi0YgNB35Yd4c4Qr5eY66S3INHR
3AV9sETYLxMq17/ss/BO3vXsBJXOnv2SLGqVyfetjeBxLSpdJAr0n80YxP7wM/m2
cPsGN5cI7lOcPZp4mlUf/8ikNeEg2mEnR0uxsZw5VDLSz24zY6w+Fu7zhK/nrDly
Uino3GLTGvN2YO0f3RpFs6wEU3kjDppn9vj5kGC14E92gH8aNIoupQ+VbQ0kIE9w
Ed2+HIMT4cjxYwuTK1SC2j5tF5zbKdmvmwNXRRWcHdLsEZpGsBGM3UywlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/Rm+W+cXCNaTPiJIPcv8EyvEIpMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvYjlHYjViNXhjSTFwTS1Ja2c5eV93VEs4UWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYcEMA0G
CSqGSIb3DQEBCwUAA4IBAQAc+SxTChf93md0fTIg1e4cXEJz2Z9HfGVKMQr6r/Aq
BZMFkTkPHIWAOd/Us7D+56BJaku6foU3WZXaTxQimnhFLwZx/0cnASsUoc98mOtw
vNSMgplSdtFTpCJ8wH/IwJ1kLR+AT+KgwmqSY+u7SkliGx+Wft9lIuhpUcCD22Ab
Ac684SL9vFc9wRzvUkr5iiYhFtPLVdMD8vJ/vuspqc5E/KdrEzBic+DsriKSofoF
mUnPSsC+DRN+p3B4w7MhoujGrbmSi4vNqnIenpKHr7mQrDyOcAXcU7PH0m7IHZ0V
6BsHGgHeVPOIztH/1XKE7FkjuZ+N52ign8sZfiar/pSC
-----END CERTIFICATE-----