Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/wuybOWmWSCCg14V-o_heVUCLT1M.roa
File:                     wuybOWmWSCCg14V-o_heVUCLT1M.roa (raw, json)
Hash identifier:          18TAfAtRmvlfOKCQm1VFmiWie/XzfKrnV1lm+exXPOk=
Subject key identifier:   C2:EC:9B:39:69:96:48:20:A0:D7:85:7E:A3:F8:5E:55:40:8B:4F:53
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FB27DA76BCF60F4B5180EB06DF519
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/wuybOWmWSCCg14V-o_heVUCLT1M.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205491
IP address blocks:        45.131.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 03:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b2:7d:a7:6b:cf:60:f4:b5:18:0e:b0:6d:f5:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2ec9b3969964820a0d7857ea3f85e55408b4f53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:32:56:1e:10:48:05:58:00:46:5c:bb:89:bb:
                    d6:0f:28:32:04:8c:86:90:4d:20:a7:b9:f2:0d:6e:
                    dc:27:9b:37:b7:4a:57:bb:de:d7:f4:62:9b:53:1c:
                    4f:11:dc:13:13:12:79:5c:ce:14:b7:08:40:60:9d:
                    33:8a:30:f6:f1:69:33:00:6f:01:29:fe:15:de:d3:
                    0d:2a:24:84:ee:21:90:29:2c:7c:d0:39:4b:fc:0d:
                    e0:e6:f9:ef:82:fc:60:8a:82:97:0b:8b:33:33:81:
                    5d:37:00:8e:32:7e:4e:1e:d5:94:32:ca:d5:61:cb:
                    74:30:a7:d4:33:09:be:5f:ff:3d:49:d2:e4:51:ef:
                    10:1a:da:4b:ad:bb:0c:c5:ae:fd:a4:f9:19:2d:5f:
                    62:72:0c:9a:1e:92:f5:60:88:54:5f:14:e8:b1:28:
                    66:49:30:61:14:5a:1d:70:4f:d8:ee:de:cf:43:cd:
                    a9:fd:40:06:90:c0:10:4e:89:52:c0:2e:22:ae:b1:
                    8c:fa:49:9a:70:6f:18:57:32:ba:d8:75:58:ea:6a:
                    70:f1:07:eb:6a:c9:51:72:75:78:4f:48:e4:74:52:
                    b3:a8:45:2b:e1:0f:99:0b:d7:f7:ea:71:df:2e:ed:
                    c7:0f:f2:7c:81:23:55:38:5b:e4:82:97:e3:c9:35:
                    4e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:EC:9B:39:69:96:48:20:A0:D7:85:7E:A3:F8:5E:55:40:8B:4F:53
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/wuybOWmWSCCg14V-o_heVUCLT1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:08:d8:2d:66:92:af:f6:a2:60:8f:67:c5:1d:fd:cf:6f:f6:
         09:23:1f:40:c2:12:88:32:45:7a:eb:e0:eb:64:ba:b0:bf:0a:
         60:b7:d8:98:4e:f0:3e:66:40:cb:e0:40:bb:b1:e5:e2:3f:ed:
         c1:33:ce:f7:9d:ea:c8:26:63:47:e7:78:dd:d3:55:fa:e1:f0:
         97:5b:07:98:20:53:15:42:b0:0a:1d:b0:f3:79:cc:58:a7:88:
         1b:d1:bb:20:bb:86:40:dd:04:6b:1b:8e:28:d8:36:9f:6b:e9:
         ee:a9:fe:66:4f:bd:45:93:9a:3c:35:c6:f7:c8:58:a5:a2:39:
         de:62:3a:0b:f4:b1:f3:31:bc:4d:2b:18:3c:15:77:28:a3:33:
         98:9e:57:2f:73:64:37:99:0f:e2:60:df:83:64:f5:9f:cf:b6:
         83:a7:4a:b1:f5:d9:24:6c:4b:57:7d:02:ef:27:1b:c6:c9:bf:
         80:71:d6:5f:92:e7:87:27:47:89:60:0f:6a:96:4f:ef:86:50:
         cf:fa:48:33:1b:39:d5:1c:7a:6a:83:8a:59:e6:7b:1f:0c:72:
         76:b9:55:83:5e:48:6f:e7:4e:0c:cb:fe:d9:1b:15:58:73:d1:
         27:3a:59:97:bc:f5:dd:ea:36:9f:f2:4e:e1:ac:39:34:5a:78:
         16:60:75:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7J9p2vPYPS1GA6wbfUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmVjOWIzOTY5OTY0ODIwYTBkNzg1N2VhM2Y4NWU1NTQwOGI0ZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jJWHhBIBVgARly7ibvWDygyBIyG
kE0gp7nyDW7cJ5s3t0pXu97X9GKbUxxPEdwTExJ5XM4UtwhAYJ0zijD28WkzAG8B
Kf4V3tMNKiSE7iGQKSx80DlL/A3g5vnvgvxgioKXC4szM4FdNwCOMn5OHtWUMsrV
Yct0MKfUMwm+X/89SdLkUe8QGtpLrbsMxa79pPkZLV9icgyaHpL1YIhUXxTosShm
STBhFFodcE/Y7t7PQ82p/UAGkMAQTolSwC4irrGM+kmacG8YVzK62HVY6mpw8Qfr
aslRcnV4T0jkdFKzqEUr4Q+ZC9f36nHfLu3HD/J8gSNVOFvkgpfjyTVOQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLsmzlplkggoNeFfqP4XlVAi09TMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvd3V5Yk9XbVdTQ0NnMTRWLW9faGVWVUNMVDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYM9MA0G
CSqGSIb3DQEBCwUAA4IBAQCzCNgtZpKv9qJgj2fFHf3Pb/YJIx9AwhKIMkV66+Dr
ZLqwvwpgt9iYTvA+ZkDL4EC7seXiP+3BM873nerIJmNH53jd01X64fCXWweYIFMV
QrAKHbDzecxYp4gb0bsgu4ZA3QRrG44o2Dafa+nuqf5mT71Fk5o8Ncb3yFilojne
YjoL9LHzMbxNKxg8FXcoozOYnlcvc2Q3mQ/iYN+DZPWfz7aDp0qx9dkkbEtXfQLv
JxvGyb+AcdZfkueHJ0eJYA9qlk/vhlDP+kgzGznVHHpqg4pZ5nsfDHJ2uVWDXkhv
504My/7ZGxVYc9EnOlmXvPXd6jaf8k7hrDk0WngWYHWU
-----END CERTIFICATE-----