Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/4dpSZGWVjQeEExKjA7YIXh0lepc.roa
File:                     4dpSZGWVjQeEExKjA7YIXh0lepc.roa (raw, json)
Hash identifier:          4RlTKTiDsQHnaXRvhTdKoL0qev9bHol71gVy3VxEdWU=
Subject key identifier:   E1:DA:52:64:65:95:8D:07:84:13:12:A3:03:B6:08:5E:1D:25:7A:97
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E44C4EF05C6359901329CC661B01E
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/4dpSZGWVjQeEExKjA7YIXh0lepc.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395681
IP address blocks:        45.135.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:44:c4:ef:05:c6:35:99:01:32:9c:c6:61:b0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1da526465958d07841312a303b6085e1d257a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:3d:ba:2f:78:5a:67:ed:22:9b:e7:7b:c0:
                    3b:77:aa:22:ec:54:5b:bb:a2:b2:92:87:ea:6d:84:
                    9d:d9:d3:8d:07:8e:eb:aa:6f:90:0e:cd:c6:71:86:
                    bf:84:bc:d4:ce:38:f9:1d:72:a4:87:99:7e:0a:a8:
                    aa:ec:a5:fc:e8:d6:0c:3f:fc:cc:0c:3a:db:3e:d6:
                    08:b0:17:87:57:ad:62:cf:5c:b5:11:c4:87:fb:6e:
                    c1:e9:d6:90:be:d8:da:67:aa:44:55:d2:12:77:93:
                    2c:ab:1b:83:ad:08:0a:a2:89:14:a0:9e:2e:1a:55:
                    2b:3a:41:04:54:ad:33:5e:e4:73:70:9b:e9:ff:e1:
                    b9:0d:c4:0c:dc:19:bb:43:87:36:ec:21:84:b0:43:
                    b0:a2:3c:9e:f9:47:3b:78:80:bc:e8:af:9c:9d:9e:
                    c0:4a:f4:3a:e5:dc:2d:31:2b:78:56:ab:cd:36:ab:
                    86:d1:12:20:44:1f:65:99:8b:f4:c3:e7:0f:25:dd:
                    c6:28:42:e3:05:58:a6:9b:1f:e0:e4:98:8a:d2:c9:
                    19:1b:d0:af:0b:66:04:a4:93:82:53:ff:bb:5b:b5:
                    25:97:1b:32:ae:57:65:d5:fd:81:b5:80:43:90:4d:
                    2a:59:cf:6a:d6:0e:ea:80:b4:95:6c:23:09:9e:61:
                    96:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:DA:52:64:65:95:8D:07:84:13:12:A3:03:B6:08:5E:1D:25:7A:97
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/4dpSZGWVjQeEExKjA7YIXh0lepc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:86:86:6b:ef:48:bb:7c:1a:2e:82:b7:30:a3:af:35:c6:70:
         a2:bc:1d:5b:84:fd:2b:4f:13:ff:5e:64:9f:4b:40:b3:10:2a:
         67:9e:e4:6f:d8:ff:af:ba:ad:c5:df:7a:67:1c:05:44:a5:a1:
         b7:c6:2a:3a:6a:84:83:70:b9:6a:20:6a:81:22:55:90:d1:30:
         62:60:ac:30:34:a5:7a:fe:27:7e:cc:d4:b3:20:96:95:33:56:
         c8:af:d3:6b:75:ca:52:23:7b:af:c2:48:7c:cb:56:a3:98:e0:
         64:5d:bb:6e:5b:7d:18:66:68:6a:f1:7a:50:06:43:27:3d:be:
         b3:24:29:e9:e3:fe:1b:6d:d0:b2:8e:dc:a4:1c:56:88:45:4a:
         d4:53:95:bd:2d:7e:6b:4b:4e:20:51:5c:71:3d:7b:bf:a5:5c:
         4e:e9:4a:e4:b7:37:9d:f4:19:33:0c:b3:fa:35:b2:f4:3d:76:
         4c:3b:fc:12:d8:e8:dc:99:65:14:8f:4c:34:d1:d9:56:06:83:
         97:97:ae:83:bb:e0:b7:cf:0b:3d:f0:1b:c3:60:20:7e:a4:13:
         04:37:60:18:34:0f:49:75:16:02:d6:f9:20:84:64:6c:7e:97:
         8e:8b:2e:f3:b0:31:7e:06:0e:84:92:41:5e:76:cd:75:7a:a6:
         92:9b:11:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkTE7wXGNZkBMpzGYbAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWRhNTI2NDY1OTU4ZDA3ODQxMzEyYTMwM2I2MDg1ZTFkMjU3YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvg9ui94WmftIpvne8A7d6oi7FRb
u6KykofqbYSd2dONB47rqm+QDs3GcYa/hLzUzjj5HXKkh5l+Cqiq7KX86NYMP/zM
DDrbPtYIsBeHV61iz1y1EcSH+27B6daQvtjaZ6pEVdISd5MsqxuDrQgKookUoJ4u
GlUrOkEEVK0zXuRzcJvp/+G5DcQM3Bm7Q4c27CGEsEOwojye+Uc7eIC86K+cnZ7A
SvQ65dwtMSt4VqvNNquG0RIgRB9lmYv0w+cPJd3GKELjBVimmx/g5JiK0skZG9Cv
C2YEpJOCU/+7W7Ullxsyrldl1f2BtYBDkE0qWc9q1g7qgLSVbCMJnmGWBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHaUmRllY0HhBMSowO2CF4dJXqXMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvNGRwU1pHV1ZqUWVFRXhLakE3WUlYaDBsZXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeVMA0G
CSqGSIb3DQEBCwUAA4IBAQBShoZr70i7fBougrcwo681xnCivB1bhP0rTxP/XmSf
S0CzECpnnuRv2P+vuq3F33pnHAVEpaG3xio6aoSDcLlqIGqBIlWQ0TBiYKwwNKV6
/id+zNSzIJaVM1bIr9NrdcpSI3uvwkh8y1ajmOBkXbtuW30YZmhq8XpQBkMnPb6z
JCnp4/4bbdCyjtykHFaIRUrUU5W9LX5rS04gUVxxPXu/pVxO6Urktzed9BkzDLP6
NbL0PXZMO/wS2OjcmWUUj0w00dlWBoOXl66Du+C3zws98BvDYCB+pBMEN2AYNA9J
dRYC1vkghGRsfpeOiy7zsDF+Bg6EkkFeds11eqaSmxHl
-----END CERTIFICATE-----