Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/VoBPuO-qugJSqon8tNTUJ0qnHt0.roa
File:                     VoBPuO-qugJSqon8tNTUJ0qnHt0.roa (raw, json)
Hash identifier:          d8xAg3pDx6cDsjXrlMv7rI51/9LtPP4lid17WyeSR54=
Subject key identifier:   56:80:4F:B8:EF:AA:BA:02:52:AA:89:FC:B4:D4:D4:27:4A:A7:1E:DD
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018E79FE7D66D60FABFE68BF614ADDBB7306
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/VoBPuO-qugJSqon8tNTUJ0qnHt0.roa
Signing time:             Tue 26 Mar 2024 09:01:45 +0000
ROA not before:           Tue 26 Mar 2024 09:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215555
IP address blocks:        45.152.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:fe:7d:66:d6:0f:ab:fe:68:bf:61:4a:dd:bb:73:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Mar 26 09:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56804fb8efaaba0252aa89fcb4d4d4274aa71edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f2:ca:de:85:cb:fc:8c:98:53:71:66:84:29:
                    61:52:f1:0f:89:18:b9:04:2f:21:4c:ab:c1:bf:e2:
                    5d:19:96:3e:7b:ec:2d:39:e3:98:fa:ff:e1:ed:fe:
                    55:3b:3f:71:a2:00:2f:a8:e3:c0:8a:b4:16:f0:00:
                    a2:de:06:20:8b:0c:49:cd:2c:63:b9:c8:49:d1:69:
                    a3:93:3c:8f:af:9a:42:e0:8a:e0:ad:2b:9b:2f:fc:
                    a8:1c:2c:4b:d3:dc:fb:5c:c4:ab:ed:20:96:c6:08:
                    c0:a0:55:e5:8c:ba:ce:c8:e9:36:cc:96:24:25:4c:
                    c5:2b:f4:6f:73:54:0e:98:7b:6f:d3:d7:6c:c7:57:
                    25:b9:24:7d:c0:39:3b:0f:e0:f6:71:8d:42:79:d6:
                    4e:8f:ab:7e:8f:7e:d9:08:15:7d:53:c3:92:9c:b6:
                    6b:dd:f2:d8:8e:84:6e:76:86:7e:e0:36:44:bc:58:
                    87:f6:71:2f:2e:ad:5d:50:d3:b2:17:0f:1d:6a:e2:
                    7d:77:c7:99:a1:2a:7d:9b:c3:fa:14:a6:4e:5c:de:
                    af:1a:6f:23:a6:39:54:f3:2a:db:b6:50:e0:b7:e7:
                    76:bf:2f:cc:03:ec:46:4d:64:16:34:8f:40:f2:76:
                    11:d3:a6:1c:bf:39:d2:83:6b:51:4e:66:01:9c:0c:
                    29:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:80:4F:B8:EF:AA:BA:02:52:AA:89:FC:B4:D4:D4:27:4A:A7:1E:DD
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/VoBPuO-qugJSqon8tNTUJ0qnHt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:76:06:a4:3f:21:64:f4:ac:d4:90:8c:da:da:b4:76:c6:fc:
         f6:50:d2:62:bd:3f:7a:2a:0a:15:74:89:75:de:3d:00:d4:ca:
         47:f9:2c:dc:19:2b:32:62:f1:52:9b:58:53:9c:68:42:50:10:
         e6:7f:1e:ad:12:d8:06:f0:3c:6e:55:0d:c7:b9:61:04:b6:6b:
         38:fd:aa:ce:95:82:e8:a6:67:13:30:0e:3a:62:20:f3:1b:56:
         7d:c5:67:73:c8:b9:34:e5:76:1d:60:c9:d3:13:7b:9d:b9:df:
         05:af:04:a0:12:65:eb:c9:a8:e8:f0:89:b0:41:0d:de:08:09:
         34:a5:34:46:67:c3:6e:e2:f3:e0:c4:11:c6:79:e2:e0:7a:84:
         92:85:d0:59:a8:e7:36:7e:40:72:7c:67:f1:3e:9c:70:06:c5:
         6e:02:13:56:40:38:aa:5e:bb:f9:31:98:86:6c:86:8e:d2:22:
         92:ca:e3:8d:e0:02:f4:90:17:18:c6:f4:69:cc:a9:80:ee:da:
         88:3c:34:7e:9e:54:2e:34:7e:61:93:80:9d:f8:7e:ea:aa:68:
         ae:53:5b:39:2c:c6:04:03:e6:b5:da:1e:0f:6d:b5:6b:00:eb:
         8e:9e:c5:42:bd:b5:98:be:26:3c:12:a3:8d:00:3c:76:f6:bf:
         d8:8b:d5:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY55/n1m1g+r/mi/YUrdu3MGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMzI2MDkwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjgwNGZiOGVmYWFiYTAyNTJhYTg5ZmNiNGQ0ZDQyNzRhYTcxZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPLK3oXL/IyYU3FmhClhUvEPiRi5
BC8hTKvBv+JdGZY+e+wtOeOY+v/h7f5VOz9xogAvqOPAirQW8ACi3gYgiwxJzSxj
uchJ0WmjkzyPr5pC4IrgrSubL/yoHCxL09z7XMSr7SCWxgjAoFXljLrOyOk2zJYk
JUzFK/Rvc1QOmHtv09dsx1cluSR9wDk7D+D2cY1CedZOj6t+j37ZCBV9U8OSnLZr
3fLYjoRudoZ+4DZEvFiH9nEvLq1dUNOyFw8dauJ9d8eZoSp9m8P6FKZOXN6vGm8j
pjlU8yrbtlDgt+d2vy/MA+xGTWQWNI9A8nYR06YcvznSg2tRTmYBnAwpEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaAT7jvqroCUqqJ/LTU1CdKpx7dMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvVm9CUHVPLXF1Z0pTcW9uOHROVFVKMHFuSHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZg6MA0G
CSqGSIb3DQEBCwUAA4IBAQBIdgakPyFk9KzUkIza2rR2xvz2UNJivT96KgoVdIl1
3j0A1MpH+SzcGSsyYvFSm1hTnGhCUBDmfx6tEtgG8DxuVQ3HuWEEtms4/arOlYLo
pmcTMA46YiDzG1Z9xWdzyLk05XYdYMnTE3udud8FrwSgEmXryajo8ImwQQ3eCAk0
pTRGZ8Nu4vPgxBHGeeLgeoSShdBZqOc2fkByfGfxPpxwBsVuAhNWQDiqXrv5MZiG
bIaO0iKSyuON4AL0kBcYxvRpzKmA7tqIPDR+nlQuNH5hk4Cd+H7qqmiuU1s5LMYE
A+a12h4PbbVrAOuOnsVCvbWYviY8EqONADx29r/Yi9Vt
-----END CERTIFICATE-----