Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/09AhODH8jdRGyrQvy4UzUTAdhIw.roa
File:                     09AhODH8jdRGyrQvy4UzUTAdhIw.roa (raw, json)
Hash identifier:          pTsVz8xf43TT4PCl1IIDfU5Yae9qyKpAV6qxYLjd6HA=
Subject key identifier:   D3:D0:21:38:31:FC:8D:D4:46:CA:B4:2F:CB:85:33:51:30:1D:84:8C
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018D8AC0EC43CBE50D0CBFF34E3CD54BE2C7
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/09AhODH8jdRGyrQvy4UzUTAdhIw.roa
Signing time:             Thu 08 Feb 2024 22:05:15 +0000
ROA not before:           Thu 08 Feb 2024 22:05:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46261
IP address blocks:        45.135.138.0/24 maxlen: 24
                          45.135.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8a:c0:ec:43:cb:e5:0d:0c:bf:f3:4e:3c:d5:4b:e2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Feb  8 22:05:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3d0213831fc8dd446cab42fcb853351301d848c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9d:40:e0:96:dd:cf:1b:f8:e4:c8:19:24:98:
                    4e:8f:02:1f:aa:60:09:af:63:34:ed:4a:11:d4:c1:
                    46:41:31:81:33:28:82:bc:64:23:6e:e1:de:c6:cc:
                    8f:f6:fb:67:71:a2:12:a5:d3:25:27:fe:1e:15:c8:
                    0b:8c:ae:6d:76:c6:22:cc:1d:c7:22:c2:1e:bd:75:
                    bf:58:13:f4:3a:31:fc:61:00:ad:98:8b:c6:97:34:
                    1f:d5:1a:c1:06:1c:2a:8d:ae:0d:1d:1a:61:9e:bc:
                    ec:d4:21:1c:74:54:6d:37:59:bf:27:97:e4:2a:40:
                    ea:34:53:cf:46:fd:2d:3b:ea:7f:79:9b:94:60:81:
                    67:77:1a:9a:76:26:d6:60:8d:75:73:4b:e8:b1:30:
                    cc:09:de:de:20:d4:d1:fa:67:09:26:53:5c:6f:79:
                    85:ca:b2:7c:54:24:a6:36:e3:90:7b:0e:72:a1:ba:
                    5f:86:7b:b7:2b:bf:2e:04:64:f6:43:eb:ed:2a:03:
                    fa:45:29:d1:2d:d9:d6:42:f8:37:a5:df:35:99:3f:
                    65:4e:a4:57:ff:93:73:2f:ea:5f:0f:49:4b:9c:87:
                    a2:ff:06:e0:f6:f0:8e:55:8a:a6:3f:39:8a:65:bb:
                    fd:f6:3a:a6:2a:82:54:15:e2:8e:2f:0f:a2:df:b6:
                    c9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D0:21:38:31:FC:8D:D4:46:CA:B4:2F:CB:85:33:51:30:1D:84:8C
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/09AhODH8jdRGyrQvy4UzUTAdhIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:0f:36:dc:f3:c6:f1:a6:8b:73:c6:37:4e:4e:5d:2d:b5:8c:
         4a:9e:bb:04:df:0a:e4:78:a3:d8:db:9c:72:96:9b:a3:a6:52:
         a1:99:b3:af:f0:6b:ea:4f:6f:48:30:6a:b1:5d:f8:2e:0b:77:
         58:c2:04:c8:dd:7f:d1:b9:04:fe:71:ff:e7:d0:2a:6c:a3:ba:
         09:6a:2c:f7:91:4c:1c:16:8c:f0:08:a5:81:ea:eb:00:47:7d:
         78:7f:d5:df:af:85:84:27:f8:bd:43:f9:32:7c:c8:b9:46:f9:
         0f:87:8e:9c:1c:f5:e8:7f:70:36:fb:2c:da:b1:b2:19:7f:b3:
         a0:b4:68:e9:27:10:0a:51:cd:6b:8d:69:bd:66:9e:4c:4f:94:
         5c:66:03:8f:82:10:b0:6a:bc:69:12:21:6f:58:14:94:c1:cf:
         58:4a:f8:d7:aa:82:3f:cb:11:f4:f9:0c:f2:ab:88:24:e0:f6:
         7a:63:2d:2f:a5:33:e1:36:66:89:a6:fe:b6:75:26:52:1e:71:
         d5:31:27:ae:64:fc:18:47:03:29:05:19:c0:95:a2:a7:c6:ff:
         08:66:dc:db:8d:d7:cf:34:eb:3b:5e:c5:49:e4:d6:57:f3:3d:
         86:ad:42:6c:c4:5e:4d:fa:5e:31:93:98:21:55:23:6e:99:b4:
         61:2c:b4:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2KwOxDy+UNDL/zTjzVS+LHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwMjA4MjIwNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2QwMjEzODMxZmM4ZGQ0NDZjYWI0MmZjYjg1MzM1MTMwMWQ4NDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAip1A4Jbdzxv45MgZJJhOjwIfqmAJ
r2M07UoR1MFGQTGBMyiCvGQjbuHexsyP9vtncaISpdMlJ/4eFcgLjK5tdsYizB3H
IsIevXW/WBP0OjH8YQCtmIvGlzQf1RrBBhwqja4NHRphnrzs1CEcdFRtN1m/J5fk
KkDqNFPPRv0tO+p/eZuUYIFndxqadibWYI11c0vosTDMCd7eINTR+mcJJlNcb3mF
yrJ8VCSmNuOQew5yobpfhnu3K78uBGT2Q+vtKgP6RSnRLdnWQvg3pd81mT9lTqRX
/5NzL+pfD0lLnIei/wbg9vCOVYqmPzmKZbv99jqmKoJUFeKOLw+i37bJwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPQITgx/I3URsq0L8uFM1EwHYSMMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvMDlBaE9ESDhqZFJHeXJRdnk0VXpVVEFkaEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYeKMA0G
CSqGSIb3DQEBCwUAA4IBAQAYDzbc88bxpotzxjdOTl0ttYxKnrsE3wrkeKPY25xy
lpujplKhmbOv8GvqT29IMGqxXfguC3dYwgTI3X/RuQT+cf/n0Cpso7oJaiz3kUwc
FozwCKWB6usAR314f9Xfr4WEJ/i9Q/kyfMi5RvkPh46cHPXof3A2+yzasbIZf7Og
tGjpJxAKUc1rjWm9Zp5MT5RcZgOPghCwarxpEiFvWBSUwc9YSvjXqoI/yxH0+Qzy
q4gk4PZ6Yy0vpTPhNmaJpv62dSZSHnHVMSeuZPwYRwMpBRnAlaKnxv8IZtzbjdfP
NOs7XsVJ5NZX8z2GrUJsxF5N+l4xk5ghVSNumbRhLLTJ
-----END CERTIFICATE-----