Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4aeb8a-b96f-4ec4-8d8e-eabe34e802b4/1/ORVyHgaPqppTlLMn4GkrKJavRfo.roa
File:                     ORVyHgaPqppTlLMn4GkrKJavRfo.roa (raw, json)
Hash identifier:          WbrkIHgV5uctOzTbTPvcvKag6hZ80PJzOOzusGTmszg=
Subject key identifier:   39:15:72:1E:06:8F:AA:9A:53:94:B3:27:E0:69:2B:28:96:AF:45:FA
Certificate issuer:       /CN=6e83f685eb7b6a2f8464b997129338d63f7eed6a
Certificate serial:       018CC492D34880A3D6D8AB555BC6088B13FF
Authority key identifier: 6E:83:F6:85:EB:7B:6A:2F:84:64:B9:97:12:93:38:D6:3F:7E:ED:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/boP2het7ai-EZLmXEpM41j9-7Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4aeb8a-b96f-4ec4-8d8e-eabe34e802b4/1/ORVyHgaPqppTlLMn4GkrKJavRfo.roa
Signing time:             Mon 01 Jan 2024 10:30:05 +0000
ROA not before:           Mon 01 Jan 2024 10:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12731
IP address blocks:        45.130.192.0/23 maxlen: 23
                          2a0e:57c0:800::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/4aeb8a-b96f-4ec4-8d8e-eabe34e802b4/1/boP2het7ai-EZLmXEpM41j9-7Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/4aeb8a-b96f-4ec4-8d8e-eabe34e802b4/1/boP2het7ai-EZLmXEpM41j9-7Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/boP2het7ai-EZLmXEpM41j9-7Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d3:48:80:a3:d6:d8:ab:55:5b:c6:08:8b:13:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e83f685eb7b6a2f8464b997129338d63f7eed6a
        Validity
            Not Before: Jan  1 10:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3915721e068faa9a5394b327e0692b2896af45fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:72:c9:42:74:63:b6:dc:69:7d:7d:10:4f:66:
                    11:67:31:c5:48:de:f2:98:65:7c:7c:05:94:d1:d5:
                    9e:a9:e6:f8:e7:f1:f7:d1:ce:80:36:27:06:8a:8c:
                    3c:ab:d3:00:89:bb:02:bb:4b:f4:db:71:89:3d:fb:
                    66:37:9f:d5:69:0f:e4:cc:9b:df:86:87:3c:32:5f:
                    ca:a4:e1:38:8e:44:21:e6:e3:9b:b2:c5:1d:df:bd:
                    fc:24:53:7e:7d:a8:24:b7:65:0e:67:44:9d:ec:70:
                    df:ce:9b:3c:0e:1c:37:d9:27:9e:96:80:18:b0:88:
                    95:10:ce:94:9f:74:d8:d3:cf:76:3f:6c:4a:9a:58:
                    97:e1:87:03:85:79:e3:e6:d2:86:49:f0:c9:4f:5f:
                    ba:5e:e3:b4:5e:74:59:1a:82:4a:87:db:5b:73:ba:
                    be:e3:9c:71:e5:be:d9:8b:99:fe:62:be:4e:e3:bb:
                    92:25:7f:61:d8:e1:80:d0:a6:1e:78:4e:fd:2e:1a:
                    47:bf:71:a1:a3:66:57:26:21:96:da:cb:05:79:c3:
                    cb:a4:bc:ed:5d:d6:e1:19:69:db:12:be:65:36:59:
                    0e:01:ce:d5:10:84:e2:7e:6f:82:90:f4:bd:19:34:
                    50:de:ec:42:7d:da:61:21:81:0d:e4:6b:00:48:40:
                    68:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:15:72:1E:06:8F:AA:9A:53:94:B3:27:E0:69:2B:28:96:AF:45:FA
            X509v3 Authority Key Identifier:
                keyid:6E:83:F6:85:EB:7B:6A:2F:84:64:B9:97:12:93:38:D6:3F:7E:ED:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/boP2het7ai-EZLmXEpM41j9-7Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4aeb8a-b96f-4ec4-8d8e-eabe34e802b4/1/ORVyHgaPqppTlLMn4GkrKJavRfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4aeb8a-b96f-4ec4-8d8e-eabe34e802b4/1/boP2het7ai-EZLmXEpM41j9-7Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.192.0/23
                IPv6:
                  2a0e:57c0:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         6b:50:21:8c:79:b3:23:4e:14:cd:fd:98:63:79:d2:47:27:14:
         f2:7a:45:87:7c:95:4e:48:ae:95:04:51:57:de:04:23:c2:6c:
         72:28:eb:5f:60:ca:fc:80:cd:27:7a:8f:77:b5:5b:a5:8c:9f:
         65:cf:28:e3:df:3f:51:97:61:df:f6:ce:c1:61:57:8d:c0:74:
         4f:d5:4d:53:36:28:29:45:a9:dc:8c:1f:a6:bd:34:67:25:65:
         b2:49:a5:08:ff:7a:06:27:aa:ce:dc:b0:f9:ed:4a:a3:6b:b6:
         26:ea:6f:8b:86:77:3b:10:6c:76:20:e6:53:aa:f4:fd:c8:64:
         06:88:c1:47:7f:a6:34:60:7e:48:87:8f:63:86:38:5f:ab:88:
         be:39:75:62:ea:a0:e5:b6:e3:28:54:c5:2e:b7:47:07:e9:a7:
         85:0c:6b:d5:d1:c8:02:37:40:e0:54:ef:0f:cd:85:54:95:df:
         f0:ac:26:66:76:62:c9:3f:bf:1d:45:00:1b:b2:72:76:72:2f:
         dd:b4:1c:1b:22:2c:f4:da:83:3e:80:e9:72:fa:3d:01:94:4b:
         ff:aa:08:73:ec:4c:3c:f3:2f:fd:bf:ae:ff:34:3f:35:1b:3a:
         47:c9:d4:d2:6d:16:00:51:ee:2d:72:ad:1d:79:86:b2:1c:16:
         9e:df:6b:d3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEktNIgKPW2KtVW8YIixP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODNmNjg1ZWI3YjZhMmY4NDY0Yjk5NzEyOTMzOGQ2M2Y3
ZWVkNmEwHhcNMjQwMTAxMTAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTE1NzIxZTA2OGZhYTlhNTM5NGIzMjdlMDY5MmIyODk2YWY0NWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnLJQnRjttxpfX0QT2YRZzHFSN7y
mGV8fAWU0dWeqeb45/H30c6ANicGiow8q9MAibsCu0v023GJPftmN5/VaQ/kzJvf
hoc8Ml/KpOE4jkQh5uObssUd3738JFN+fagkt2UOZ0Sd7HDfzps8Dhw32SeeloAY
sIiVEM6Un3TY0892P2xKmliX4YcDhXnj5tKGSfDJT1+6XuO0XnRZGoJKh9tbc7q+
45xx5b7Zi5n+Yr5O47uSJX9h2OGA0KYeeE79LhpHv3Gho2ZXJiGW2ssFecPLpLzt
XdbhGWnbEr5lNlkOAc7VEITifm+CkPS9GTRQ3uxCfdphIYEN5GsASEBo7wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDkVch4Gj6qaU5SzJ+BpKyiWr0X6MB8GA1UdIwQY
MBaAFG6D9oXre2ovhGS5lxKTONY/fu1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9QMmhldDdhaS1FWkxtWEVwTTQxajktN1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80YWViOGEtYjk2Zi00ZWM0LThkOGUt
ZWFiZTM0ZTgwMmI0LzEvT1JWeUhnYVBxcHBUbExNbjRHa3JLSmF2UmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80YWViOGEtYjk2Zi00ZWM0LThkOGUtZWFiZTM0ZTgwMmI0
LzEvYm9QMmhldDdhaS1FWkxtWEVwTTQxajktN1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBLYLAMA4E
AgACMAgDBgIqDlfACDANBgkqhkiG9w0BAQsFAAOCAQEAa1AhjHmzI04Uzf2YY3nS
RycU8npFh3yVTkiulQRRV94EI8JscijrX2DK/IDNJ3qPd7VbpYyfZc8o498/UZdh
3/bOwWFXjcB0T9VNUzYoKUWp3Iwfpr00ZyVlskmlCP96Bieqztyw+e1Ko2u2Jupv
i4Z3OxBsdiDmU6r0/chkBojBR3+mNGB+SIePY4Y4X6uIvjl1Yuqg5bbjKFTFLrdH
B+mnhQxr1dHIAjdA4FTvD82FVJXf8KwmZnZiyT+/HUUAG7JydnIv3bQcGyIs9NqD
PoDpcvo9AZRL/6oIc+xMPPMv/b+u/zQ/NRs6R8nU0m0WAFHuLXKtHXmGshwWnt9r
0w==
-----END CERTIFICATE-----