Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/lBC1UcNrRVquJ5EWMxae8Yf_iSw.roa
File:                     lBC1UcNrRVquJ5EWMxae8Yf_iSw.roa (raw, json)
Hash identifier:          4ah+d0BaBr5ddw8aa9XPyQ+r7JuEEAV6UXA2H55pSb8=
Subject key identifier:   94:10:B5:51:C3:6B:45:5A:AE:27:91:16:33:16:9E:F1:87:FF:89:2C
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951F08BAD594E801940248CDAF2216
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/lBC1UcNrRVquJ5EWMxae8Yf_iSw.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49569
IP address blocks:        45.138.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1f:08:ba:d5:94:e8:01:94:02:48:cd:af:22:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9410b551c36b455aae27911633169ef187ff892c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c0:71:f6:35:f0:c1:cc:5f:d8:01:27:b3:fa:
                    9b:ef:21:8c:bb:80:23:5b:e2:07:cb:a9:ab:64:af:
                    00:3b:3c:9b:f8:85:53:05:cf:0f:aa:6c:85:f5:75:
                    dd:61:99:f3:59:dd:e9:22:42:77:4c:69:ea:cb:68:
                    f4:cd:fe:25:59:65:c6:1d:a4:d6:c4:3a:8b:d3:e0:
                    a9:8b:f2:5d:0b:9e:2b:c5:dc:f7:54:44:c0:f6:bd:
                    0a:9e:dc:37:a0:73:0f:cc:61:51:ee:6b:11:51:bd:
                    2d:32:74:7e:30:57:df:eb:01:38:17:5f:a7:40:52:
                    63:0a:0f:45:23:c1:0e:76:2e:ea:a4:a5:84:ff:8d:
                    1c:c6:d4:8c:df:33:65:8d:f4:85:62:24:d1:e7:72:
                    63:b5:91:72:c8:42:ef:43:ab:e1:3f:92:54:3f:da:
                    f2:5f:2f:7f:32:f4:06:32:6f:5c:cf:00:b9:bc:d5:
                    e2:ff:37:14:cc:ad:b2:32:b7:21:20:38:fb:ed:28:
                    68:9d:3c:1a:5b:ff:49:99:6d:43:5d:f0:ca:7d:c9:
                    43:07:e2:3c:f2:4e:14:06:72:e4:86:b3:97:2c:df:
                    a3:99:55:cd:7d:21:d5:51:e7:32:75:40:98:e1:dc:
                    a5:74:ac:bd:96:f7:38:79:93:20:c8:ba:c3:5f:b4:
                    3e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:10:B5:51:C3:6B:45:5A:AE:27:91:16:33:16:9E:F1:87:FF:89:2C
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/lBC1UcNrRVquJ5EWMxae8Yf_iSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a7:4e:05:d7:54:3e:8c:db:05:cc:71:5e:c1:e6:f1:d3:88:
         cd:56:31:62:ff:a2:17:02:e8:3d:9d:e9:3a:8a:ae:c2:d3:b2:
         6e:93:31:b5:89:02:14:b7:c4:e9:84:6c:c5:04:57:54:2a:55:
         a6:7b:9a:70:ee:eb:96:d1:b3:93:93:45:9b:10:5a:49:66:c4:
         41:c8:cd:77:37:1b:cd:ac:dc:59:63:dd:0e:84:90:2b:93:e6:
         6e:8e:f5:2b:a0:72:bb:f1:80:4a:c1:c0:4d:5d:47:83:81:25:
         10:16:22:68:d8:c2:08:8d:69:78:98:5b:55:93:f8:3f:62:11:
         89:1d:88:f7:65:7c:f2:b7:e0:86:e4:a5:3d:26:4f:9a:99:74:
         28:2d:b2:44:fd:04:05:a8:65:ac:46:60:3c:32:8d:4f:04:26:
         35:39:80:fc:44:92:f5:3b:85:85:ef:57:51:94:16:4d:33:be:
         15:18:47:86:e0:b1:b2:25:53:38:a1:d1:9c:57:f8:75:75:28:
         77:9f:8c:6c:39:29:57:e7:73:ec:1d:83:18:a9:96:dc:40:b0:
         83:73:4c:17:06:ab:d4:3d:12:56:89:92:bb:75:1b:4b:f7:bd:
         31:2b:91:32:f3:10:7e:e4:55:17:e0:71:7b:bd:ba:e3:98:30:
         3d:aa:8b:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlR8IutWU6AGUAkjNryIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDEwYjU1MWMzNmI0NTVhYWUyNzkxMTYzMzE2OWVmMTg3ZmY4OTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsBx9jXwwcxf2AEns/qb7yGMu4Aj
W+IHy6mrZK8AOzyb+IVTBc8PqmyF9XXdYZnzWd3pIkJ3TGnqy2j0zf4lWWXGHaTW
xDqL0+Cpi/JdC54rxdz3VETA9r0Kntw3oHMPzGFR7msRUb0tMnR+MFff6wE4F1+n
QFJjCg9FI8EOdi7qpKWE/40cxtSM3zNljfSFYiTR53JjtZFyyELvQ6vhP5JUP9ry
Xy9/MvQGMm9czwC5vNXi/zcUzK2yMrchIDj77ShonTwaW/9JmW1DXfDKfclDB+I8
8k4UBnLkhrOXLN+jmVXNfSHVUecydUCY4dyldKy9lvc4eZMgyLrDX7Q+FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQQtVHDa0VarieRFjMWnvGH/4ksMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvbEJDMVVjTnJSVnF1SjVFV014YWU4WWZfaVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYqSMA0G
CSqGSIb3DQEBCwUAA4IBAQBep04F11Q+jNsFzHFewebx04jNVjFi/6IXAug9nek6
iq7C07JukzG1iQIUt8TphGzFBFdUKlWme5pw7uuW0bOTk0WbEFpJZsRByM13NxvN
rNxZY90OhJArk+ZujvUroHK78YBKwcBNXUeDgSUQFiJo2MIIjWl4mFtVk/g/YhGJ
HYj3ZXzyt+CG5KU9Jk+amXQoLbJE/QQFqGWsRmA8Mo1PBCY1OYD8RJL1O4WF71dR
lBZNM74VGEeG4LGyJVM4odGcV/h1dSh3n4xsOSlX53PsHYMYqZbcQLCDc0wXBqvU
PRJWiZK7dRtL970xK5Ey8xB+5FUX4HF7vbrjmDA9qosQ
-----END CERTIFICATE-----