Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/whEDx1fJmFyWeNngfdkn2P49tgw.roa
File:                     whEDx1fJmFyWeNngfdkn2P49tgw.roa (raw, json)
Hash identifier:          G9PdiyvPnTl4dn3FQaUr7xWlCP/EwS437+mHahhukdk=
Subject key identifier:   C2:11:03:C7:57:C9:98:5C:96:78:D9:E0:7D:D9:27:D8:FE:3D:B6:0C
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018DA70D966E8C9795223137C05950542365
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/whEDx1fJmFyWeNngfdkn2P49tgw.roa
Signing time:             Wed 14 Feb 2024 09:58:21 +0000
ROA not before:           Wed 14 Feb 2024 09:58:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47447
IP address blocks:        45.152.59.0/24 maxlen: 24
                          2a0b:3c40:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:0d:96:6e:8c:97:95:22:31:37:c0:59:50:54:23:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Feb 14 09:58:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c21103c757c9985c9678d9e07dd927d8fe3db60c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6a:8a:d1:8a:b2:31:f0:57:da:11:c6:bb:c7:
                    68:db:7f:f6:88:23:47:27:73:18:d0:53:9b:16:38:
                    2c:fb:d3:8e:a0:de:74:fb:2b:ee:89:63:b2:a3:e0:
                    1d:2c:34:ba:55:53:5a:e1:40:98:58:07:15:0a:e8:
                    d5:91:cd:8e:7a:89:43:fd:41:a6:4e:cd:7c:21:78:
                    27:97:5f:b8:f2:44:fa:9c:15:61:5b:33:83:ab:9a:
                    72:6f:02:8a:bd:f9:e7:f1:5b:e5:7e:10:c9:e3:a3:
                    8a:d2:b8:f1:a1:34:99:d4:c0:c7:b3:e8:d7:88:f6:
                    b9:e8:d0:6f:ec:3c:e4:23:02:33:d3:52:03:7e:64:
                    42:26:4f:1e:2c:b2:0f:74:40:24:6a:5b:6d:a4:d7:
                    ee:50:fc:69:cf:5b:99:91:88:7f:2e:e0:4d:93:82:
                    5a:af:27:e4:0a:b9:a1:22:09:7d:c7:73:ee:8e:be:
                    6b:2e:c7:6f:0d:d9:07:22:28:d2:3a:f0:2c:ac:5c:
                    81:0a:73:4e:d0:1e:e6:e8:95:c0:95:2b:3d:92:a0:
                    dd:09:32:78:78:93:fc:d0:56:34:f8:9e:77:f2:ca:
                    62:38:fd:aa:f3:74:ee:01:76:73:ce:6d:67:d7:3a:
                    19:9a:92:cc:30:3b:b1:2b:b8:9e:b2:2b:44:42:e4:
                    c3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:11:03:C7:57:C9:98:5C:96:78:D9:E0:7D:D9:27:D8:FE:3D:B6:0C
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/whEDx1fJmFyWeNngfdkn2P49tgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.59.0/24
                IPv6:
                  2a0b:3c40:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:bd:84:4e:ab:2f:4b:9c:57:6f:67:d7:51:d7:30:4b:8c:11:
         56:ad:e7:24:fa:5b:8a:65:c9:92:c2:e2:51:aa:05:2a:10:06:
         52:64:97:1a:6f:b1:2a:6f:c9:a2:dd:81:f8:90:64:c6:37:3a:
         75:3d:56:67:ae:40:19:58:ce:a6:cf:5f:77:62:35:de:99:25:
         f4:9e:94:37:08:32:64:67:88:87:98:5b:c3:dc:15:c0:5c:84:
         12:4f:30:23:4e:8a:ac:76:ca:8c:e9:68:4e:f7:24:21:70:f4:
         77:46:82:93:52:2f:c1:ca:1b:eb:f1:ba:97:8f:c9:92:fb:41:
         b0:fa:f3:bc:8d:1e:be:35:74:25:43:36:60:f4:61:d5:3d:65:
         8e:27:27:12:12:64:a4:1e:72:11:4b:46:83:2c:8a:48:ef:8e:
         01:17:64:40:29:87:ba:91:aa:22:eb:a1:74:48:e7:7a:81:70:
         f3:53:fd:a8:69:9d:b0:61:6d:76:9e:00:5b:bb:9b:09:a2:9d:
         30:0f:8d:e7:02:2a:1f:c4:0a:f4:94:25:56:10:ad:8d:6e:46:
         7d:1a:38:ed:b4:a2:e1:1b:93:60:77:0c:d0:34:94:5a:27:1a:
         fb:5b:e3:f9:68:c2:98:76:36:31:3c:a5:2d:d4:16:af:e7:82:
         0c:8b:f2:be
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2nDZZujJeVIjE3wFlQVCNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMjE0MDk1ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjExMDNjNzU3Yzk5ODVjOTY3OGQ5ZTA3ZGQ5MjdkOGZlM2RiNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomqK0YqyMfBX2hHGu8do23/2iCNH
J3MY0FObFjgs+9OOoN50+yvuiWOyo+AdLDS6VVNa4UCYWAcVCujVkc2OeolD/UGm
Ts18IXgnl1+48kT6nBVhWzODq5pybwKKvfnn8VvlfhDJ46OK0rjxoTSZ1MDHs+jX
iPa56NBv7DzkIwIz01IDfmRCJk8eLLIPdEAkalttpNfuUPxpz1uZkYh/LuBNk4Ja
ryfkCrmhIgl9x3Pujr5rLsdvDdkHIijSOvAsrFyBCnNO0B7m6JXAlSs9kqDdCTJ4
eJP80FY0+J538spiOP2q83TuAXZzzm1n1zoZmpLMMDuxK7iesitEQuTDGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMIRA8dXyZhclnjZ4H3ZJ9j+PbYMMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvd2hFRHgxZkptRnlXZU5uZ2Zka24yUDQ5dGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZg7MA8E
AgACMAkDBwAqCzxAACIwDQYJKoZIhvcNAQELBQADggEBAKW9hE6rL0ucV29n11HX
MEuMEVat5yT6W4plyZLC4lGqBSoQBlJklxpvsSpvyaLdgfiQZMY3OnU9VmeuQBlY
zqbPX3diNd6ZJfSelDcIMmRniIeYW8PcFcBchBJPMCNOiqx2yozpaE73JCFw9HdG
gpNSL8HKG+vxupePyZL7QbD687yNHr41dCVDNmD0YdU9ZY4nJxISZKQechFLRoMs
ikjvjgEXZEAph7qRqiLroXRI53qBcPNT/ahpnbBhbXaeAFu7mwminTAPjecCKh/E
CvSUJVYQrY1uRn0aOO20ouEbk2B3DNA0lFonGvtb4/lowph2NjE8pS3UFq/nggyL
8r4=
-----END CERTIFICATE-----