Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/MLPppcDjtnL5_tOdqMSdaE_vnl4.roa
File:                     MLPppcDjtnL5_tOdqMSdaE_vnl4.roa (raw, json)
Hash identifier:          tXk5SLdXND2vIaURvOGNhq9apgP0f0z1Bf9XuPxkXec=
Subject key identifier:   30:B3:E9:A5:C0:E3:B6:72:F9:FE:D3:9D:A8:C4:9D:68:4F:EF:9E:5E
Certificate issuer:       /CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
Certificate serial:       018CC56EDCE4CD83E9A497D5C33F03BD1EF0
Authority key identifier: 7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/MLPppcDjtnL5_tOdqMSdaE_vnl4.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44547
IP address blocks:        45.151.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:dc:e4:cd:83:e9:a4:97:d5:c3:3f:03:bd:1e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30b3e9a5c0e3b672f9fed39da8c49d684fef9e5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2a:2b:70:79:69:82:db:a7:25:9a:71:fa:79:
                    1c:65:fc:e0:9e:c8:99:fd:5d:71:f0:4b:94:5a:1c:
                    93:6d:f0:96:75:2c:c8:43:af:2a:0c:6f:74:a2:6b:
                    a7:57:75:b2:f0:d3:6e:dd:bd:85:f7:43:66:2d:39:
                    04:6a:62:41:32:fd:1a:fe:b8:92:fd:bb:b0:8d:0a:
                    75:88:05:f3:f1:a2:be:87:05:ec:c6:8e:93:a3:2f:
                    4e:ae:9e:81:cb:01:0b:ad:54:d1:6f:f5:59:a5:cb:
                    b7:52:b6:d1:02:8c:c8:d9:ae:4c:02:29:2a:67:dc:
                    9f:5f:2d:74:94:90:8e:3d:e4:7e:48:6a:61:34:ff:
                    42:2e:1c:85:05:2a:fe:45:6c:16:8d:bd:c1:bb:61:
                    a7:91:ff:46:0e:69:db:0c:f7:c4:78:48:4f:25:17:
                    53:53:38:15:e3:1f:e6:f7:96:c3:c1:ef:c6:3d:ea:
                    13:d7:f2:66:72:d8:11:78:f9:88:34:af:29:be:01:
                    09:37:f5:3f:97:38:4f:2d:13:40:26:17:28:37:ed:
                    58:d0:35:bd:ca:74:bb:e4:67:24:1d:ce:5c:74:b7:
                    23:c3:9d:21:ba:b8:cc:e6:03:d0:59:43:66:92:7f:
                    95:f2:47:ff:33:11:44:50:cf:5d:4b:8d:3a:7a:b8:
                    62:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B3:E9:A5:C0:E3:B6:72:F9:FE:D3:9D:A8:C4:9D:68:4F:EF:9E:5E
            X509v3 Authority Key Identifier:
                keyid:7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/MLPppcDjtnL5_tOdqMSdaE_vnl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:0a:99:13:b1:9a:61:2e:86:4d:9b:30:05:e1:79:8b:ce:e9:
         48:fb:a4:7a:ad:84:27:8e:a0:88:cd:7b:b2:07:d4:74:91:a7:
         fc:19:96:1f:28:ec:0e:42:80:4d:7c:78:0d:04:82:80:c7:67:
         15:0c:f0:53:bc:a2:ce:86:91:8e:9b:1a:46:8a:b1:50:25:45:
         f8:af:31:a5:6e:3a:ce:f6:ec:7b:d7:c5:a6:0f:f3:0a:ef:60:
         d6:4a:07:9c:5d:95:e0:25:3d:47:de:72:62:ae:60:e4:a5:75:
         1d:77:eb:67:e4:26:b1:68:88:bc:6d:2b:5c:4a:9d:f3:c1:c2:
         cc:17:16:e1:5c:fc:25:2b:46:bf:89:10:34:e7:7a:0f:07:17:
         d6:fc:65:da:1a:ba:67:2c:72:96:ed:7c:0c:46:f7:65:2e:ea:
         02:0b:93:93:ad:74:71:14:ae:b1:fc:3a:92:e7:7a:cc:d7:a2:
         8a:dd:29:dc:99:bd:fc:3a:78:aa:db:40:04:b9:78:c8:2b:83:
         35:f4:1d:18:c4:1a:6c:f8:c4:33:ee:8f:06:00:85:b8:cb:c7:
         7e:fa:e5:e7:e1:48:27:00:e9:37:9e:17:28:48:6e:ba:60:5d:
         9a:60:41:bf:9d:f4:9c:3c:2c:6f:c4:61:6f:0d:93:ce:d3:59:
         a6:1f:46:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtzkzYPppJfVwz8DvR7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYTNmOTlkYmE5NGEzMDdiNmNkMmUxZDkwZjY3OGRhYzA1
NjgxZjgwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGIzZTlhNWMwZTNiNjcyZjlmZWQzOWRhOGM0OWQ2ODRmZWY5ZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiorcHlpgtunJZpx+nkcZfzgnsiZ
/V1x8EuUWhyTbfCWdSzIQ68qDG90omunV3Wy8NNu3b2F90NmLTkEamJBMv0a/riS
/buwjQp1iAXz8aK+hwXsxo6Toy9Orp6BywELrVTRb/VZpcu3UrbRAozI2a5MAikq
Z9yfXy10lJCOPeR+SGphNP9CLhyFBSr+RWwWjb3Bu2Gnkf9GDmnbDPfEeEhPJRdT
UzgV4x/m95bDwe/GPeoT1/JmctgRePmINK8pvgEJN/U/lzhPLRNAJhcoN+1Y0DW9
ynS75GckHc5cdLcjw50hurjM5gPQWUNmkn+V8kf/MxFEUM9dS406erhidQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCz6aXA47Zy+f7TnajEnWhP755eMB8GA1UdIwQY
MBaAFH+j+Z26lKMHts0uHZD2eNrAVoH4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUt
NGVhNDdjY2UwYzYzLzEvTUxQcHBjRGp0bkw1X3RPZHFNU2RhRV92bmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUtNGVhNDdjY2UwYzYz
LzEvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZePMA0G
CSqGSIb3DQEBCwUAA4IBAQCQCpkTsZphLoZNmzAF4XmLzulI+6R6rYQnjqCIzXuy
B9R0kaf8GZYfKOwOQoBNfHgNBIKAx2cVDPBTvKLOhpGOmxpGirFQJUX4rzGlbjrO
9ux718WmD/MK72DWSgecXZXgJT1H3nJirmDkpXUdd+tn5CaxaIi8bStcSp3zwcLM
FxbhXPwlK0a/iRA053oPBxfW/GXaGrpnLHKW7XwMRvdlLuoCC5OTrXRxFK6x/DqS
53rM16KK3Sncmb38Oniq20AEuXjIK4M19B0YxBps+MQz7o8GAIW4y8d++uXn4Ugn
AOk3nhcoSG66YF2aYEG/nfScPCxvxGFvDZPO01mmH0Zs
-----END CERTIFICATE-----