Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/OM9Y6o9GpMD0qut4azAFrnRXPec.roa
File:                     OM9Y6o9GpMD0qut4azAFrnRXPec.roa (raw, json)
Hash identifier:          2Em4Fx4lZ4bBQ0PPqeDW+M6aANsdjBiSzaP0Uy+vD+w=
Subject key identifier:   38:CF:58:EA:8F:46:A4:C0:F4:AA:EB:78:6B:30:05:AE:74:57:3D:E7
Certificate issuer:       /CN=b1cdc26d44eaf85654481e9581043e14887765b4
Certificate serial:       018CC4932986CA8DF0E290857598EF26BB3F
Authority key identifier: B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/OM9Y6o9GpMD0qut4azAFrnRXPec.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208854
IP address blocks:        45.140.180.0/24 maxlen: 24
                          45.140.180.0/22 maxlen: 22
                          2a0e:c5c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:29:86:ca:8d:f0:e2:90:85:75:98:ef:26:bb:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1cdc26d44eaf85654481e9581043e14887765b4
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38cf58ea8f46a4c0f4aaeb786b3005ae74573de7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dc:05:fe:e7:08:23:5b:45:17:5d:7d:9b:0d:
                    08:1c:8f:fd:28:86:20:88:74:c8:4e:7b:ef:60:58:
                    6e:25:95:31:30:e5:5d:f6:5e:a4:de:cd:d8:64:71:
                    91:2d:1c:e0:3b:3b:48:e4:db:43:07:c0:23:da:f2:
                    ee:6a:c6:7f:b4:cb:a5:2f:63:85:f1:ac:85:08:ad:
                    24:b3:1c:9e:fb:bd:77:12:18:03:af:52:5c:1d:8e:
                    b3:a3:ed:cf:ab:22:ef:c6:db:ac:57:45:09:91:58:
                    b6:a7:a6:12:7d:10:17:54:d4:bb:7d:31:2e:ea:69:
                    98:7f:0c:ef:62:2f:f8:51:e6:af:6c:3f:90:98:ec:
                    d1:65:8a:c4:ae:3d:98:3e:19:3f:0e:47:70:ac:df:
                    9e:ae:08:5d:1e:f0:52:6b:e0:aa:36:7a:d5:29:d2:
                    50:51:02:17:6e:05:ca:ce:1a:af:57:3f:50:72:0f:
                    e4:83:55:32:80:f8:2c:f2:96:11:ab:40:2b:d5:a2:
                    67:7e:05:7d:9e:3b:88:03:db:ad:70:a1:0b:f6:0a:
                    07:05:37:2e:30:a4:9d:e4:07:1f:5d:a8:b3:2b:57:
                    11:ae:59:62:b8:bd:53:e1:b0:ea:64:fa:df:56:08:
                    15:11:7a:8d:a3:99:2d:93:19:4c:cb:05:5e:a0:97:
                    10:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CF:58:EA:8F:46:A4:C0:F4:AA:EB:78:6B:30:05:AE:74:57:3D:E7
            X509v3 Authority Key Identifier:
                keyid:B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/OM9Y6o9GpMD0qut4azAFrnRXPec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.180.0/22
                IPv6:
                  2a0e:c5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:93:40:d5:b3:8b:09:48:da:6f:30:13:82:af:49:95:4d:8f:
         c7:30:c9:bc:b4:7c:c8:ba:b4:85:30:5f:a4:6d:97:ab:b4:a1:
         ee:6e:02:4b:ee:79:40:9d:7b:2e:38:ae:92:68:c3:68:57:e8:
         b4:2f:d0:fd:57:c1:aa:69:93:72:a6:30:26:be:14:9b:b2:e1:
         f7:eb:70:1f:43:0c:9d:4b:d7:26:67:92:e9:96:81:b4:ad:a4:
         9b:e8:cd:74:88:f1:85:2b:3b:fd:17:5f:12:3c:ac:88:3f:4b:
         a2:ac:9c:38:d3:98:fd:75:ba:19:27:b3:5c:bc:9f:10:0c:4b:
         61:57:0b:70:4a:08:fa:a4:a7:20:8f:68:fb:14:69:ba:3a:fa:
         20:8a:23:c3:61:d9:35:62:15:cc:2b:52:af:42:01:16:53:e0:
         d1:3d:d6:92:59:13:fb:8a:27:c2:83:a0:db:82:c1:3f:99:3d:
         4e:d7:39:95:6a:f1:14:2b:23:c1:21:54:9b:b3:3c:4a:16:c2:
         a2:e7:a3:cb:27:32:90:b4:44:7f:93:3e:89:8b:e7:d4:d8:76:
         6b:55:89:df:60:cd:95:a4:9b:cb:7e:a0:e1:61:81:98:ab:73:
         66:13:95:e5:86:29:0c:a8:6a:8e:79:2d:79:2b:6b:29:67:92:
         b6:e2:8d:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkymGyo3w4pCFdZjvJrs/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxY2RjMjZkNDRlYWY4NTY1NDQ4MWU5NTgxMDQzZTE0ODg3
NzY1YjQwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNmNThlYThmNDZhNGMwZjRhYWViNzg2YjMwMDVhZTc0NTczZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9wF/ucII1tFF119mw0IHI/9KIYg
iHTITnvvYFhuJZUxMOVd9l6k3s3YZHGRLRzgOztI5NtDB8Aj2vLuasZ/tMulL2OF
8ayFCK0ksxye+713EhgDr1JcHY6zo+3PqyLvxtusV0UJkVi2p6YSfRAXVNS7fTEu
6mmYfwzvYi/4UeavbD+QmOzRZYrErj2YPhk/DkdwrN+erghdHvBSa+CqNnrVKdJQ
UQIXbgXKzhqvVz9Qcg/kg1UygPgs8pYRq0Ar1aJnfgV9njuIA9utcKEL9goHBTcu
MKSd5AcfXaizK1cRrlliuL1T4bDqZPrfVggVEXqNo5ktkxlMywVeoJcQmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDjPWOqPRqTA9KrreGswBa50Vz3nMB8GA1UdIwQY
MBaAFLHNwm1E6vhWVEgelYEEPhSId2W0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjIt
OGY5Y2EwZWJjY2FiLzEvT005WTZvOUdwTUQwcXV0NGF6QUZyblJYUGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjItOGY5Y2EwZWJjY2Fi
LzEvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYy0MA0E
AgACMAcDBQAqDsXAMA0GCSqGSIb3DQEBCwUAA4IBAQAgk0DVs4sJSNpvMBOCr0mV
TY/HMMm8tHzIurSFMF+kbZertKHubgJL7nlAnXsuOK6SaMNoV+i0L9D9V8GqaZNy
pjAmvhSbsuH363AfQwydS9cmZ5LploG0raSb6M10iPGFKzv9F18SPKyIP0uirJw4
05j9dboZJ7NcvJ8QDEthVwtwSgj6pKcgj2j7FGm6OvogiiPDYdk1YhXMK1KvQgEW
U+DRPdaSWRP7iifCg6DbgsE/mT1O1zmVavEUKyPBIVSbszxKFsKi56PLJzKQtER/
kz6Ji+fU2HZrVYnfYM2VpJvLfqDhYYGYq3NmE5XlhikMqGqOeS15K2spZ5K24o1P
-----END CERTIFICATE-----