Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0iEI9GwQfQwrkIqO7GvDgX2ScHI.roa
File:                     0iEI9GwQfQwrkIqO7GvDgX2ScHI.roa (raw, json)
Hash identifier:          jA9JKUaAEwBJ87rRIEGzxzEQEk6iZwbjBymm4o7Y+Yo=
Subject key identifier:   D2:21:08:F4:6C:10:7D:0C:2B:90:8A:8E:EC:6B:C3:81:7D:92:70:72
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E390D4D614B94D50A45C79A19AA03
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0iEI9GwQfQwrkIqO7GvDgX2ScHI.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133219
IP address blocks:        194.15.39.0/24 maxlen: 24
                          45.147.6.0/24 maxlen: 24
                          45.67.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:39:0d:4d:61:4b:94:d5:0a:45:c7:9a:19:aa:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d22108f46c107d0c2b908a8eec6bc3817d927072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c2:77:64:55:80:e3:b1:c4:2e:9d:0c:f4:58:
                    08:44:b4:90:bd:cf:68:79:6b:1c:5c:0d:97:bc:45:
                    33:24:5b:5f:81:10:5b:72:c7:77:6f:66:df:5e:a9:
                    ca:b7:d4:f9:7f:10:e9:ea:76:20:30:a0:bd:51:15:
                    70:aa:64:c1:50:b8:30:46:4c:fc:60:ff:d3:b7:ab:
                    e2:3c:2a:b2:92:2e:d5:04:e3:a3:9b:cb:fe:ff:17:
                    f2:6f:4e:ed:dc:10:92:e9:79:f4:73:39:7f:96:d4:
                    2d:72:58:93:44:d6:75:42:be:16:f3:82:a9:59:47:
                    c5:a1:94:ee:f5:be:9e:df:91:4a:82:d9:f2:f9:fc:
                    9b:37:fd:75:a6:23:56:e9:92:de:93:0a:24:60:67:
                    75:29:6d:2a:51:9d:89:f4:36:e0:9d:db:74:00:44:
                    4a:ba:d7:90:53:35:12:79:8d:d0:ad:4c:15:36:32:
                    d9:33:d0:f0:89:dc:27:ea:d4:93:15:3a:4e:8f:55:
                    ff:f8:ad:bc:9c:fa:e9:ae:4c:8a:67:14:b9:e8:c2:
                    3c:a0:da:43:ac:13:66:ea:7e:08:71:8c:42:a4:aa:
                    ed:7b:18:69:36:84:17:e6:6b:95:33:78:68:92:c9:
                    14:59:c2:c5:22:6d:a1:1b:0d:2b:df:70:af:d1:21:
                    77:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:21:08:F4:6C:10:7D:0C:2B:90:8A:8E:EC:6B:C3:81:7D:92:70:72
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0iEI9GwQfQwrkIqO7GvDgX2ScHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.138.0/24
                  45.147.6.0/24
                  194.15.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:06:84:e4:70:ee:d9:b3:7b:1f:fc:58:1a:7c:d6:11:5d:34:
         91:57:86:33:03:12:de:12:9a:91:14:25:58:db:bc:c8:9c:81:
         62:31:9e:d0:19:bb:68:34:05:c0:1c:4d:77:1c:e0:6f:0c:af:
         62:55:0a:b6:5e:6b:f8:e6:02:2a:82:5c:6f:f4:94:be:1e:c7:
         07:68:8f:53:1c:1d:c3:26:bf:cf:e4:5d:1d:6b:6e:ca:e0:b2:
         a2:a8:5c:8f:2b:8d:78:e6:1f:4b:bb:e9:76:c3:86:a3:2a:54:
         5a:fe:3c:aa:04:99:0f:15:16:85:d3:57:43:0d:42:48:f9:be:
         6c:b7:a6:55:4e:2d:24:e4:24:60:58:75:63:62:2a:a0:05:19:
         95:1b:3a:3f:57:5b:3c:eb:9a:d6:04:95:e3:5e:3c:15:df:40:
         a7:08:ca:a7:41:59:93:7a:66:d5:f3:1a:5d:2b:d0:fa:b5:17:
         1a:e3:6c:6b:6f:fc:97:2c:c1:7b:0d:02:92:49:cd:a7:b2:a4:
         56:12:be:3b:d5:c5:57:c2:84:89:92:42:42:86:63:2a:17:f7:
         23:b3:7f:c4:36:1f:29:50:9e:73:0f:f1:fc:ad:ae:7b:ed:4b:
         af:f9:52:76:60:a4:79:30:a0:2a:30:3f:aa:97:6a:66:59:93:
         7c:14:62:b8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTjkNTWFLlNUKRceaGaoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIxMDhmNDZjMTA3ZDBjMmI5MDhhOGVlYzZiYzM4MTdkOTI3MDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMJ3ZFWA47HELp0M9FgIRLSQvc9o
eWscXA2XvEUzJFtfgRBbcsd3b2bfXqnKt9T5fxDp6nYgMKC9URVwqmTBULgwRkz8
YP/Tt6viPCqyki7VBOOjm8v+/xfyb07t3BCS6Xn0czl/ltQtcliTRNZ1Qr4W84Kp
WUfFoZTu9b6e35FKgtny+fybN/11piNW6ZLekwokYGd1KW0qUZ2J9Dbgndt0AERK
uteQUzUSeY3QrUwVNjLZM9Dwidwn6tSTFTpOj1X/+K28nPrprkyKZxS56MI8oNpD
rBNm6n4IcYxCpKrtexhpNoQX5muVM3hokskUWcLFIm2hGw0r33Cv0SF3VQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNIhCPRsEH0MK5CKjuxrw4F9knByMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMGlFSTlHd1FmUXdya0lxTzdHdkRnWDJTY0hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUOKAwQA
LZMGAwQAwg8nMA0GCSqGSIb3DQEBCwUAA4IBAQAABoTkcO7Zs3sf/FgafNYRXTSR
V4YzAxLeEpqRFCVY27zInIFiMZ7QGbtoNAXAHE13HOBvDK9iVQq2Xmv45gIqglxv
9JS+HscHaI9THB3DJr/P5F0da27K4LKiqFyPK4145h9Lu+l2w4ajKlRa/jyqBJkP
FRaF01dDDUJI+b5st6ZVTi0k5CRgWHVjYiqgBRmVGzo/V1s865rWBJXjXjwV30Cn
CMqnQVmTembV8xpdK9D6tRca42xrb/yXLMF7DQKSSc2nsqRWEr471cVXwoSJkkJC
hmMqF/cjs3/ENh8pUJ5zD/H8ra577Uuv+VJ2YKR5MKAqMD+ql2pmWZN8FGK4
-----END CERTIFICATE-----