Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/W4J6NFutKjzLOzW5F6FZcODRMkY.roa
File:                     W4J6NFutKjzLOzW5F6FZcODRMkY.roa (raw, json)
Hash identifier:          Ihdmta7z6dqlMV23Bpsxi2iK/hy0x7Jmjgp6TvIKLyM=
Subject key identifier:   5B:82:7A:34:5B:AD:2A:3C:CB:3B:35:B9:17:A1:59:70:E0:D1:32:46
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0190921EDD7ADF3E2EEB982ADF34CB7572BC
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/W4J6NFutKjzLOzW5F6FZcODRMkY.roa
Signing time:             Mon 08 Jul 2024 11:33:34 +0000
ROA not before:           Mon 08 Jul 2024 11:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204402
IP address blocks:        45.152.38.0/24 maxlen: 24
                          2a0b:3c40:24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:1e:dd:7a:df:3e:2e:eb:98:2a:df:34:cb:75:72:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jul  8 11:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b827a345bad2a3ccb3b35b917a15970e0d13246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8c:08:86:f9:de:9c:be:6c:54:14:a3:8a:8f:
                    df:b4:a1:52:02:0a:cf:7c:d7:a0:6c:fc:da:3a:a9:
                    15:5a:71:5f:1f:03:4a:c7:42:c2:09:bf:a5:93:14:
                    a2:a3:d6:38:c5:7d:7f:1e:5b:3f:f7:d8:6a:63:fa:
                    4a:2c:c7:42:b0:8e:f7:5b:87:69:c0:fe:3d:a4:37:
                    d6:c6:5e:b1:40:ae:aa:f6:46:d4:e5:0c:dd:8d:6d:
                    07:b5:cc:6a:ea:81:c2:8a:73:97:23:9d:a8:f9:70:
                    fa:53:1f:80:7f:7a:14:02:37:42:5f:58:36:e2:00:
                    cd:18:eb:ea:52:0f:f5:b7:8c:c3:d2:f3:26:3c:d1:
                    e9:cf:14:32:58:a6:36:34:93:11:a1:c4:0a:f5:9d:
                    31:b3:23:5b:7e:73:9c:61:17:7c:2b:e1:11:5f:b3:
                    f4:89:1a:f4:d8:95:2e:2f:0b:00:9b:e8:9d:8a:9f:
                    06:5f:20:4c:04:9c:fd:db:3e:e6:db:c9:d3:62:22:
                    03:5e:e6:bf:21:81:8f:64:ea:71:53:ab:ee:36:f8:
                    60:52:68:87:d7:c0:ff:cb:8f:bd:c7:53:d5:c7:b5:
                    65:1a:cb:ea:91:5f:89:15:0e:a7:0d:f2:8e:8f:72:
                    46:58:e8:b2:83:1c:50:f6:64:08:c1:fb:8c:3d:ad:
                    6b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:82:7A:34:5B:AD:2A:3C:CB:3B:35:B9:17:A1:59:70:E0:D1:32:46
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/W4J6NFutKjzLOzW5F6FZcODRMkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.38.0/24
                IPv6:
                  2a0b:3c40:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:d9:1d:e9:4b:0f:34:96:64:02:29:0b:f1:2d:e8:05:7a:2e:
         a2:28:42:d8:25:49:c3:b1:b2:bb:54:d1:9c:d1:3d:8a:5c:22:
         69:79:87:d6:21:0f:c3:c1:ce:1d:52:25:45:dc:0b:7e:d9:6b:
         1f:4e:8b:84:3c:c7:fa:48:d9:43:39:d4:b8:32:ac:09:23:46:
         80:93:ae:b3:e7:cd:24:bd:0c:2b:69:c3:b9:7f:3c:39:ec:5b:
         ee:be:9d:a4:be:38:a5:de:4b:09:d3:4b:bd:5a:30:6d:f1:02:
         07:66:c8:24:ce:e7:b2:92:ad:d4:cf:10:c3:72:ce:2b:5c:c2:
         40:7f:b4:eb:02:ac:9c:17:c5:35:14:67:de:64:73:4c:d8:b6:
         c5:bd:08:a0:90:42:94:ba:cc:c1:9d:3a:4a:8b:9c:3e:ae:5f:
         ee:12:99:d9:ba:d1:32:af:ec:23:99:2d:e3:8c:9f:99:e9:25:
         46:71:38:77:6d:74:be:8d:c6:e3:5c:30:20:af:8b:d8:0a:c4:
         58:cb:bc:18:23:ff:f2:95:8b:db:ba:03:ee:c8:b6:a8:33:f6:
         a4:bc:61:9d:3b:fb:76:a6:49:42:52:9e:80:e9:f6:4f:3d:21:
         61:a6:9f:d6:c8:85:7f:1c:e4:7e:8b:49:ba:cc:46:06:ca:fb:
         8c:d9:02:07
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZCSHt163z4u65gq3zTLdXK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwNzA4MTEzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjgyN2EzNDViYWQyYTNjY2IzYjM1YjkxN2ExNTk3MGUwZDEzMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4wIhvnenL5sVBSjio/ftKFSAgrP
fNegbPzaOqkVWnFfHwNKx0LCCb+lkxSio9Y4xX1/Hls/99hqY/pKLMdCsI73W4dp
wP49pDfWxl6xQK6q9kbU5QzdjW0Htcxq6oHCinOXI52o+XD6Ux+Af3oUAjdCX1g2
4gDNGOvqUg/1t4zD0vMmPNHpzxQyWKY2NJMRocQK9Z0xsyNbfnOcYRd8K+ERX7P0
iRr02JUuLwsAm+idip8GXyBMBJz92z7m28nTYiIDXua/IYGPZOpxU6vuNvhgUmiH
18D/y4+9x1PVx7VlGsvqkV+JFQ6nDfKOj3JGWOiygxxQ9mQIwfuMPa1rcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFuCejRbrSo8yzs1uRehWXDg0TJGMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvVzRKNk5GdXRLanpMT3pXNUY2RlpjT0RSTWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZgmMA8E
AgACMAkDBwAqCzxAACQwDQYJKoZIhvcNAQELBQADggEBAD3ZHelLDzSWZAIpC/Et
6AV6LqIoQtglScOxsrtU0ZzRPYpcIml5h9YhD8PBzh1SJUXcC37Zax9Oi4Q8x/pI
2UM51LgyrAkjRoCTrrPnzSS9DCtpw7l/PDnsW+6+naS+OKXeSwnTS71aMG3xAgdm
yCTO57KSrdTPEMNyzitcwkB/tOsCrJwXxTUUZ95kc0zYtsW9CKCQQpS6zMGdOkqL
nD6uX+4Smdm60TKv7COZLeOMn5npJUZxOHdtdL6NxuNcMCCvi9gKxFjLvBgj//KV
i9u6A+7Itqgz9qS8YZ07+3amSUJSnoDp9k89IWGmn9bIhX8c5H6LSbrMRgbK+4zZ
Agc=
-----END CERTIFICATE-----