Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/wURzMuqhWBJKbHrndxpUSPBvfs4.roa
File:                     wURzMuqhWBJKbHrndxpUSPBvfs4.roa (raw, json)
Hash identifier:          jEvLZ/zWH2SB8Z7PCm7tn04m++29fz4Zg7mfIIoSuw4=
Subject key identifier:   C1:44:73:32:EA:A1:58:12:4A:6C:7A:E7:77:1A:54:48:F0:6F:7E:CE
Certificate issuer:       /CN=1d0aceea17f53de708f9a73abc0c87164d207d08
Certificate serial:       018CC8015B5F2B575BCB3231D647442F4DB7
Authority key identifier: 1D:0A:CE:EA:17:F5:3D:E7:08:F9:A7:3A:BC:0C:87:16:4D:20:7D:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQrO6hf1PecI-ac6vAyHFk0gfQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/wURzMuqhWBJKbHrndxpUSPBvfs4.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201150
IP address blocks:        45.132.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/HQrO6hf1PecI-ac6vAyHFk0gfQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/HQrO6hf1PecI-ac6vAyHFk0gfQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQrO6hf1PecI-ac6vAyHFk0gfQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5b:5f:2b:57:5b:cb:32:31:d6:47:44:2f:4d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0aceea17f53de708f9a73abc0c87164d207d08
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1447332eaa158124a6c7ae7771a5448f06f7ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:60:35:45:99:57:27:37:a2:5b:61:f5:e3:d2:
                    a7:f4:51:30:e5:fa:e5:99:2a:de:39:77:83:1c:59:
                    34:31:bb:59:4b:42:6c:e3:4c:c9:d9:5e:50:21:4e:
                    1d:59:37:c6:dd:38:a0:af:70:df:84:e8:60:43:2a:
                    1e:0b:d0:e8:bf:6e:3e:98:79:88:8e:f7:d4:74:94:
                    cc:f7:2d:13:7c:70:9e:4f:ea:c0:67:99:6f:f5:6b:
                    c0:45:26:81:40:93:dd:f5:27:c6:ee:70:86:42:76:
                    07:86:42:35:47:c2:34:40:c9:cd:04:35:c2:42:63:
                    4a:65:bb:0d:b7:c3:46:0a:dd:1c:60:bc:62:56:37:
                    fa:7f:22:1a:68:0b:c9:57:10:d9:75:6a:81:ea:24:
                    f2:42:c1:bb:f8:75:b3:09:09:45:ab:fa:13:b5:f0:
                    ba:cc:60:1c:c5:17:54:28:3b:9d:e1:e7:23:a8:69:
                    4c:15:f6:a3:5f:14:bf:2e:d6:59:cb:8c:84:04:63:
                    a4:d4:55:e0:a9:b9:d0:d7:9b:98:5b:f9:10:b7:04:
                    70:77:cf:d7:89:df:ea:38:b2:6b:f0:ec:56:9b:e4:
                    0f:99:d9:e6:c4:19:05:81:c5:7c:b3:71:be:8d:57:
                    63:9e:6d:43:19:3a:db:80:24:2c:50:16:1c:0e:9f:
                    df:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:44:73:32:EA:A1:58:12:4A:6C:7A:E7:77:1A:54:48:F0:6F:7E:CE
            X509v3 Authority Key Identifier:
                keyid:1D:0A:CE:EA:17:F5:3D:E7:08:F9:A7:3A:BC:0C:87:16:4D:20:7D:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQrO6hf1PecI-ac6vAyHFk0gfQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/wURzMuqhWBJKbHrndxpUSPBvfs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/HQrO6hf1PecI-ac6vAyHFk0gfQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:7b:15:6a:ba:33:fb:66:47:99:e4:ee:d6:6f:44:42:f8:d9:
         a3:a1:57:01:38:f2:80:0a:fa:84:98:fa:f1:b4:2e:7f:76:f8:
         42:2f:0e:9c:d7:27:7a:ac:9c:b2:28:a1:3e:a1:b7:0a:e6:fb:
         0d:ae:c1:75:f6:a3:cf:26:ec:c8:fd:b6:56:42:2b:c3:c8:30:
         c5:76:73:2c:0a:7e:a9:4a:66:0d:89:81:25:8c:85:fb:68:16:
         fa:28:80:87:4e:59:eb:fc:33:16:6f:61:cc:eb:0d:80:51:87:
         fd:1e:06:d1:ba:5d:5d:e1:14:b9:45:51:4b:df:88:67:65:59:
         71:35:0f:25:8b:22:62:ad:90:24:0b:23:1c:69:3a:42:8c:d2:
         18:11:14:69:1a:1c:5e:c7:18:2a:30:4e:d6:6f:7d:94:e8:7b:
         96:fa:28:30:38:3b:e2:55:8d:28:16:8e:d9:c7:af:d9:3b:97:
         b8:2e:0e:ea:50:e4:22:f2:9c:b2:53:b3:28:a1:10:d7:36:d0:
         64:04:fb:cf:dc:fe:83:00:de:a9:11:16:e6:94:3a:a6:cc:25:
         3c:dd:19:a6:8e:43:95:49:1d:6e:98:45:7a:2d:89:94:a0:6d:
         07:b3:99:db:d3:ec:ed:1e:e8:cc:df:2b:32:7d:b2:93:c5:93:
         3a:d8:2d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVtfK1dbyzIx1kdEL023MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGFjZWVhMTdmNTNkZTcwOGY5YTczYWJjMGM4NzE2NGQy
MDdkMDgwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ0NzMzMmVhYTE1ODEyNGE2YzdhZTc3NzFhNTQ0OGYwNmY3ZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWA1RZlXJzeiW2H149Kn9FEw5frl
mSreOXeDHFk0MbtZS0Js40zJ2V5QIU4dWTfG3Tigr3DfhOhgQyoeC9Dov24+mHmI
jvfUdJTM9y0TfHCeT+rAZ5lv9WvARSaBQJPd9SfG7nCGQnYHhkI1R8I0QMnNBDXC
QmNKZbsNt8NGCt0cYLxiVjf6fyIaaAvJVxDZdWqB6iTyQsG7+HWzCQlFq/oTtfC6
zGAcxRdUKDud4ecjqGlMFfajXxS/LtZZy4yEBGOk1FXgqbnQ15uYW/kQtwRwd8/X
id/qOLJr8OxWm+QPmdnmxBkFgcV8s3G+jVdjnm1DGTrbgCQsUBYcDp/fNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFEczLqoVgSSmx653caVEjwb37OMB8GA1UdIwQY
MBaAFB0KzuoX9T3nCPmnOrwMhxZNIH0IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFyTzZoZjFQZWNJLWFjNnZBeUhGazBnZlFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYTU2ZjYtMWNmMi00Mzg4LTk2ZmEt
YzZiY2NhNzIxNDcxLzEvd1VSek11cWhXQkpLYkhybmR4cFVTUEJ2ZnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYTU2ZjYtMWNmMi00Mzg4LTk2ZmEtYzZiY2NhNzIxNDcx
LzEvSFFyTzZoZjFQZWNJLWFjNnZBeUhGazBnZlFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQgMA0G
CSqGSIb3DQEBCwUAA4IBAQBWexVqujP7ZkeZ5O7Wb0RC+NmjoVcBOPKACvqEmPrx
tC5/dvhCLw6c1yd6rJyyKKE+obcK5vsNrsF19qPPJuzI/bZWQivDyDDFdnMsCn6p
SmYNiYEljIX7aBb6KICHTlnr/DMWb2HM6w2AUYf9HgbRul1d4RS5RVFL34hnZVlx
NQ8liyJirZAkCyMcaTpCjNIYERRpGhxexxgqME7Wb32U6HuW+igwODviVY0oFo7Z
x6/ZO5e4Lg7qUOQi8pyyU7MooRDXNtBkBPvP3P6DAN6pERbmlDqmzCU83RmmjkOV
SR1umEV6LYmUoG0Hs5nb0+ztHujM3ysyfbKTxZM62C1R
-----END CERTIFICATE-----