Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/cOGOgI5vf82Y5RAl5H71YBxcB20.roa
File:                     cOGOgI5vf82Y5RAl5H71YBxcB20.roa (raw, json)
Hash identifier:          GlYMmZ+DvuOXSABwUVpgUb5lXqZCOqRPJZktdMkMhmw=
Subject key identifier:   70:E1:8E:80:8E:6F:7F:CD:98:E5:10:25:E4:7E:F5:60:1C:5C:07:6D
Certificate issuer:       /CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
Certificate serial:       018CCAE9077E62F9FA06C7B5C3F05A257C55
Authority key identifier: 7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/cOGOgI5vf82Y5RAl5H71YBxcB20.roa
Signing time:             Tue 02 Jan 2024 16:01:58 +0000
ROA not before:           Tue 02 Jan 2024 16:01:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.151.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:e9:07:7e:62:f9:fa:06:c7:b5:c3:f0:5a:25:7c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
        Validity
            Not Before: Jan  2 16:01:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70e18e808e6f7fcd98e51025e47ef5601c5c076d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ab:65:df:2b:88:ae:23:11:93:9b:33:56:de:
                    78:9a:c6:65:52:a6:03:77:39:b6:fc:b4:55:cc:c4:
                    59:6d:e3:a5:6e:e5:00:2d:14:f3:37:09:a1:19:7e:
                    85:6b:93:26:fc:37:d6:42:28:00:16:9a:c7:72:31:
                    3e:46:a1:d3:60:2e:0f:0f:04:bc:52:1e:12:66:21:
                    c7:fa:34:39:e7:eb:9e:b9:66:31:5a:61:fb:3d:bc:
                    b5:ee:61:25:9b:46:f7:a0:40:66:5f:12:77:92:cc:
                    70:d0:6e:96:b8:db:2d:f7:70:7a:19:4c:e0:b3:64:
                    0b:89:d9:06:20:68:9b:eb:3f:c9:0b:65:b4:02:05:
                    d0:11:d5:32:26:9b:76:ca:b8:f2:78:a0:f4:90:02:
                    13:e8:8f:ef:c1:d1:0b:66:36:2b:01:39:29:9d:e7:
                    88:39:32:45:25:7f:37:52:e0:6c:4d:37:ba:c5:41:
                    9f:18:44:62:49:c3:41:9c:81:8a:6e:ac:7e:cf:6b:
                    31:7b:9e:54:a0:3e:5f:db:04:fd:9a:9a:49:73:d3:
                    f0:6f:69:7c:b8:f1:b5:a4:98:4b:eb:93:2f:52:5f:
                    38:fb:f7:0e:75:75:f1:90:82:e4:f6:5f:01:34:62:
                    a2:1f:e9:13:0d:0c:c8:b4:10:89:02:1b:f0:83:e1:
                    26:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E1:8E:80:8E:6F:7F:CD:98:E5:10:25:E4:7E:F5:60:1C:5C:07:6D
            X509v3 Authority Key Identifier:
                keyid:7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/cOGOgI5vf82Y5RAl5H71YBxcB20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:66:41:e4:a2:26:88:65:f2:a2:87:78:19:c2:3c:47:1d:1d:
         d7:71:a2:86:b1:c7:73:6a:a9:61:88:77:27:bc:fe:af:98:dc:
         df:d4:d5:cc:5c:13:04:0e:1f:e5:5d:27:cb:8f:47:8d:76:f8:
         2e:1e:23:8f:3f:d9:50:bf:61:36:a2:ee:00:b9:f3:be:4d:47:
         81:db:b7:8b:89:af:cd:55:3d:89:00:ac:e4:50:6f:a0:7d:77:
         5c:c2:28:1b:b1:ab:38:a3:6d:f7:bf:4d:5a:81:b7:f8:7e:b4:
         e3:a6:52:a4:47:b8:ea:9e:dc:87:c0:2f:f2:2f:f3:32:e1:d2:
         06:4f:25:d2:c0:05:ff:20:90:f4:0e:cc:5e:94:6b:8c:e0:39:
         90:f6:f4:b9:93:89:c5:ed:7a:1a:ab:9c:2c:75:a0:ca:b9:85:
         72:04:27:f2:b8:46:36:ca:34:bf:c7:09:f1:98:4f:ce:9c:94:
         6a:4a:e0:5e:d1:00:84:01:91:66:21:c6:f5:72:b8:de:49:c6:
         6d:be:86:ab:3a:6f:69:b0:fb:d1:28:fb:4a:49:c1:4d:8c:91:
         85:e2:43:58:d1:54:e0:47:56:f6:c8:8b:aa:f1:61:67:21:1f:
         e1:9d:94:8c:79:9b:b8:b8:c2:69:b9:cd:04:43:fa:dc:90:0e:
         75:a5:04:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzK6Qd+Yvn6Bse1w/BaJXxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYTNmOTlkYmE5NGEzMDdiNmNkMmUxZDkwZjY3OGRhYzA1
NjgxZjgwHhcNMjQwMTAyMTYwMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGUxOGU4MDhlNmY3ZmNkOThlNTEwMjVlNDdlZjU2MDFjNWMwNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqtl3yuIriMRk5szVt54msZlUqYD
dzm2/LRVzMRZbeOlbuUALRTzNwmhGX6Fa5Mm/DfWQigAFprHcjE+RqHTYC4PDwS8
Uh4SZiHH+jQ55+ueuWYxWmH7Pby17mElm0b3oEBmXxJ3ksxw0G6WuNst93B6GUzg
s2QLidkGIGib6z/JC2W0AgXQEdUyJpt2yrjyeKD0kAIT6I/vwdELZjYrATkpneeI
OTJFJX83UuBsTTe6xUGfGERiScNBnIGKbqx+z2sxe55UoD5f2wT9mppJc9Pwb2l8
uPG1pJhL65MvUl84+/cOdXXxkILk9l8BNGKiH+kTDQzItBCJAhvwg+EmtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDhjoCOb3/NmOUQJeR+9WAcXAdtMB8GA1UdIwQY
MBaAFH+j+Z26lKMHts0uHZD2eNrAVoH4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUt
NGVhNDdjY2UwYzYzLzEvY09HT2dJNXZmODJZNVJBbDVINzFZQnhjQjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUtNGVhNDdjY2UwYzYz
LzEvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZeNMA0G
CSqGSIb3DQEBCwUAA4IBAQAdZkHkoiaIZfKih3gZwjxHHR3XcaKGscdzaqlhiHcn
vP6vmNzf1NXMXBMEDh/lXSfLj0eNdvguHiOPP9lQv2E2ou4AufO+TUeB27eLia/N
VT2JAKzkUG+gfXdcwigbsas4o233v01agbf4frTjplKkR7jqntyHwC/yL/My4dIG
TyXSwAX/IJD0DsxelGuM4DmQ9vS5k4nF7Xoaq5wsdaDKuYVyBCfyuEY2yjS/xwnx
mE/OnJRqSuBe0QCEAZFmIcb1crjeScZtvoarOm9psPvRKPtKScFNjJGF4kNY0VTg
R1b2yIuq8WFnIR/hnZSMeZu4uMJpuc0EQ/rckA51pQTe
-----END CERTIFICATE-----