Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/FU6z30DCjQEgb-72ZagDp3c65sQ.roa
File:                     FU6z30DCjQEgb-72ZagDp3c65sQ.roa (raw, json)
Hash identifier:          su4J6iep0+gHzratHsQW6jYI1AiMjD+jU173/8ycl/w=
Subject key identifier:   15:4E:B3:DF:40:C2:8D:01:20:6F:EE:F6:65:A8:03:A7:77:3A:E6:C4
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC501574C4D7C3E8E227A3B19A91AA8A1
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/FU6z30DCjQEgb-72ZagDp3c65sQ.roa
Signing time:             Mon 01 Jan 2024 12:30:48 +0000
ROA not before:           Mon 01 Jan 2024 12:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51559
IP address blocks:        45.158.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:57:4c:4d:7c:3e:8e:22:7a:3b:19:a9:1a:a8:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=154eb3df40c28d01206feef665a803a7773ae6c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:36:ac:21:8b:8d:fd:5e:4d:9f:e1:8a:28:1d:
                    f7:ac:ea:c3:16:0a:3c:6d:7b:d8:72:61:c2:0c:3d:
                    78:d2:2d:fb:85:b8:11:3c:6f:70:36:51:58:5c:71:
                    ae:a3:5c:48:8e:f5:50:65:15:2a:21:87:17:31:b0:
                    f4:83:5d:4d:b3:7b:43:36:7e:7c:30:a2:8b:66:56:
                    27:e5:03:b4:33:47:f1:e3:36:25:00:6e:91:1b:45:
                    57:de:a6:99:18:9f:ce:86:1f:1a:70:4a:2e:e8:e7:
                    df:5c:49:b3:4e:3b:a9:2f:1e:f5:1f:05:88:4a:2a:
                    70:29:c0:fb:76:b8:18:5b:9b:b9:60:d7:27:39:81:
                    d6:ff:ea:33:50:06:e3:3a:a3:55:63:f1:31:6a:5f:
                    a4:24:6a:88:45:ae:e0:57:6d:2a:8c:4f:7b:81:e5:
                    a0:85:42:a1:a7:22:1b:7c:50:2e:1f:7f:42:25:e8:
                    36:6a:81:b5:13:d5:67:f8:20:31:e5:ca:60:a1:d8:
                    61:eb:fc:14:1e:21:ea:6f:a0:97:0e:cf:cb:52:d2:
                    51:ed:cf:de:c4:d6:59:36:13:54:61:78:b5:c1:5f:
                    9b:95:db:9a:d1:c7:c2:26:a6:e8:e0:4e:a7:23:67:
                    96:67:b5:b8:cd:85:a4:0c:a5:6b:a1:03:d8:0e:ed:
                    7f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4E:B3:DF:40:C2:8D:01:20:6F:EE:F6:65:A8:03:A7:77:3A:E6:C4
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/FU6z30DCjQEgb-72ZagDp3c65sQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:62:c6:94:61:d1:16:11:69:c9:8f:14:59:87:86:44:a1:3a:
         6d:cb:55:44:ec:1f:a1:4f:15:17:e3:3c:f2:0a:9d:42:6b:d5:
         08:4a:5a:f9:e4:45:db:92:c8:f6:7b:07:40:5b:15:57:e0:22:
         80:ab:1e:2c:b8:fb:19:8d:d7:ce:20:40:b0:07:85:d8:f1:49:
         43:ab:05:0b:80:ae:63:73:33:8d:50:6e:dc:c1:85:74:19:ed:
         30:6f:21:da:17:3b:a4:32:82:85:e3:ed:7f:31:24:59:df:d7:
         e8:f2:ed:0c:75:14:88:5d:35:83:1b:0d:6c:d7:ca:61:a2:b2:
         77:79:6e:28:14:74:ce:62:a2:bd:2d:80:a9:e8:1d:2f:e5:e4:
         f9:22:76:ed:1f:d3:7c:8e:47:65:d0:a8:e0:fe:cf:d5:7c:fd:
         96:74:89:b8:44:46:d4:10:95:e9:e2:ad:81:00:fb:f5:c4:e9:
         4b:02:76:85:4b:73:3d:3e:b1:c7:a0:08:76:d0:02:31:80:f5:
         91:7f:d5:8c:aa:fd:0e:02:92:15:09:27:4f:97:e7:ba:e1:39:
         c1:d9:49:dd:f9:56:f5:6e:f5:8b:a3:a3:4d:d0:97:29:e1:21:
         ea:3c:1d:33:7e:b9:da:b2:7a:02:0e:0d:d6:0f:16:c3:17:92:
         9f:e5:b0:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVdMTXw+jiJ6OxmpGqihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTRlYjNkZjQwYzI4ZDAxMjA2ZmVlZjY2NWE4MDNhNzc3M2FlNmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDasIYuN/V5Nn+GKKB33rOrDFgo8
bXvYcmHCDD140i37hbgRPG9wNlFYXHGuo1xIjvVQZRUqIYcXMbD0g11Ns3tDNn58
MKKLZlYn5QO0M0fx4zYlAG6RG0VX3qaZGJ/Ohh8acEou6OffXEmzTjupLx71HwWI
SipwKcD7drgYW5u5YNcnOYHW/+ozUAbjOqNVY/Exal+kJGqIRa7gV20qjE97geWg
hUKhpyIbfFAuH39CJeg2aoG1E9Vn+CAx5cpgodhh6/wUHiHqb6CXDs/LUtJR7c/e
xNZZNhNUYXi1wV+bldua0cfCJqbo4E6nI2eWZ7W4zYWkDKVroQPYDu1/MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVOs99Awo0BIG/u9mWoA6d3OubEMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvRlU2ejMwRENqUUVnYi03MlphZ0RwM2M2NXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4MMA0G
CSqGSIb3DQEBCwUAA4IBAQAiYsaUYdEWEWnJjxRZh4ZEoTpty1VE7B+hTxUX4zzy
Cp1Ca9UISlr55EXbksj2ewdAWxVX4CKAqx4suPsZjdfOIECwB4XY8UlDqwULgK5j
czONUG7cwYV0Ge0wbyHaFzukMoKF4+1/MSRZ39fo8u0MdRSIXTWDGw1s18phorJ3
eW4oFHTOYqK9LYCp6B0v5eT5InbtH9N8jkdl0Kjg/s/VfP2WdIm4REbUEJXp4q2B
APv1xOlLAnaFS3M9PrHHoAh20AIxgPWRf9WMqv0OApIVCSdPl+e64TnB2Und+Vb1
bvWLo6NN0Jcp4SHqPB0zfrnasnoCDg3WDxbDF5Kf5bDR
-----END CERTIFICATE-----