Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0FBwRaO9utGgfew3aDlOyxcxRvM.roa
File:                     0FBwRaO9utGgfew3aDlOyxcxRvM.roa (raw, json)
Hash identifier:          JDKycckEdbRthZBe78jlqNpwYeTKqnsOAaxiWB9TVjo=
Subject key identifier:   D0:50:70:45:A3:BD:BA:D1:A0:7D:EC:37:68:39:4E:CB:17:31:46:F3
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2CE89920EED0250E67BF449BE748
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0FBwRaO9utGgfew3aDlOyxcxRvM.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.140.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2c:e8:99:20:ee:d0:25:0e:67:bf:44:9b:e7:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0507045a3bdbad1a07dec3768394ecb173146f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:4a:cf:2c:65:33:d2:76:bc:6d:d3:3a:b7:03:
                    00:96:8c:c3:f0:03:dd:37:90:d1:54:0a:eb:bf:32:
                    05:d9:46:17:14:be:cb:cb:18:c1:5b:97:e0:23:9f:
                    9d:09:23:9a:0c:af:0d:ea:27:3d:05:13:e4:e5:08:
                    b8:76:d2:b3:87:cb:9a:26:73:44:cf:00:d5:17:ea:
                    ec:35:a8:4c:ca:3f:b7:70:c2:ec:c0:c1:52:62:6f:
                    ad:f1:2f:e6:48:8a:84:78:1f:f9:39:10:ee:d3:77:
                    27:d0:c2:c9:84:58:07:96:0c:95:d0:3c:f9:e2:c3:
                    1f:63:e9:20:9e:38:95:72:ff:5e:99:98:2b:71:a4:
                    98:21:98:6a:ae:4e:67:a2:04:d6:0a:cd:47:86:2e:
                    40:3e:2b:6d:77:09:d3:32:08:6d:eb:4e:c8:1a:a7:
                    67:2c:d9:a5:01:44:49:17:bb:f0:1b:82:b5:4f:06:
                    fe:e4:13:bc:97:1a:16:ff:f4:b9:b4:1b:d1:fc:35:
                    8c:b3:03:98:c7:fe:20:4f:a7:ab:3c:0b:5c:03:fc:
                    f9:67:a4:07:45:8e:bf:2a:48:3e:a3:0b:16:4e:95:
                    75:33:29:34:88:af:84:a6:be:7a:5d:5c:47:ae:77:
                    a6:6c:e5:ea:87:b1:d6:60:4b:6f:d7:c7:2b:b5:4c:
                    62:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:50:70:45:A3:BD:BA:D1:A0:7D:EC:37:68:39:4E:CB:17:31:46:F3
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0FBwRaO9utGgfew3aDlOyxcxRvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:7a:8f:ba:19:e9:30:bc:2a:80:43:4e:94:88:b6:54:c6:14:
         53:81:fd:7e:0e:4b:88:21:dc:5e:21:83:33:2a:ff:27:e7:6a:
         95:28:f6:30:6b:b3:f5:f0:73:92:02:d6:d1:6d:d4:5e:cf:de:
         ef:06:aa:57:0b:88:92:34:43:06:e3:1d:31:cf:6e:3f:b2:80:
         e4:4d:73:31:62:cd:08:1b:a5:62:2a:20:e4:ca:ed:d8:f6:12:
         d2:01:06:a1:8b:0c:13:e3:41:a2:9e:9a:c6:7f:cc:65:3f:3d:
         c0:24:e2:ea:04:74:af:6c:12:b5:08:37:1a:ec:77:22:f5:7f:
         59:bd:a6:be:fd:2c:48:6f:df:d6:3d:7b:58:8d:64:7d:b6:ae:
         ee:05:c6:5e:5c:9d:69:37:b9:45:b2:94:36:9d:b7:2c:7b:21:
         ff:4e:31:82:c8:59:50:6e:87:e7:1b:24:55:ee:3f:38:2a:c0:
         75:cd:b1:3e:07:8a:f8:fd:9b:a7:ad:36:9d:a3:8c:63:37:e3:
         c1:9c:68:71:01:41:66:63:60:99:35:40:11:13:6f:4d:0b:9d:
         43:79:95:8a:74:fc:34:86:ca:c3:4f:a3:f9:d5:43:96:ef:9a:
         cb:45:c0:1e:25:a5:4f:7d:1c:d2:03:f9:2a:d4:30:ba:63:6e:
         8d:d2:a8:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTizomSDu0CUOZ79Em+dIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDUwNzA0NWEzYmRiYWQxYTA3ZGVjMzc2ODM5NGVjYjE3MzE0NmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkrPLGUz0na8bdM6twMAlozD8APd
N5DRVArrvzIF2UYXFL7LyxjBW5fgI5+dCSOaDK8N6ic9BRPk5Qi4dtKzh8uaJnNE
zwDVF+rsNahMyj+3cMLswMFSYm+t8S/mSIqEeB/5ORDu03cn0MLJhFgHlgyV0Dz5
4sMfY+kgnjiVcv9emZgrcaSYIZhqrk5nogTWCs1Hhi5APittdwnTMght607IGqdn
LNmlAURJF7vwG4K1Twb+5BO8lxoW//S5tBvR/DWMswOYx/4gT6erPAtcA/z5Z6QH
RY6/Kkg+owsWTpV1Myk0iK+Epr56XVxHrnembOXqh7HWYEtv18crtUxixQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBQcEWjvbrRoH3sN2g5TssXMUbzMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMEZCd1JhTzl1dEdnZmV3M2FEbE95eGN4UnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYyYMA0G
CSqGSIb3DQEBCwUAA4IBAQCUeo+6GekwvCqAQ06UiLZUxhRTgf1+DkuIIdxeIYMz
Kv8n52qVKPYwa7P18HOSAtbRbdRez97vBqpXC4iSNEMG4x0xz24/soDkTXMxYs0I
G6ViKiDkyu3Y9hLSAQahiwwT40GinprGf8xlPz3AJOLqBHSvbBK1CDca7Hci9X9Z
vaa+/SxIb9/WPXtYjWR9tq7uBcZeXJ1pN7lFspQ2nbcseyH/TjGCyFlQbofnGyRV
7j84KsB1zbE+B4r4/ZunrTado4xjN+PBnGhxAUFmY2CZNUARE29NC51DeZWKdPw0
hsrDT6P51UOW75rLRcAeJaVPfRzSA/kq1DC6Y26N0qi1
-----END CERTIFICATE-----