Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Hn7vczJkSoOQvURdQB7raZ26E3o.roa
File:                     Hn7vczJkSoOQvURdQB7raZ26E3o.roa (raw, json)
Hash identifier:          zoJ+3YmxDQb5rYmrKSoCC5B476eF9MN7HsaH4Ezz94A=
Subject key identifier:   1E:7E:EF:73:32:64:4A:83:90:BD:44:5D:40:1E:EB:69:9D:BA:13:7A
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019320C0DBAAF8E856F2E0C0587C71C32AE7
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Hn7vczJkSoOQvURdQB7raZ26E3o.roa
Signing time:             Tue 12 Nov 2024 14:22:10 +0000
ROA not before:           Tue 12 Nov 2024 14:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215304
IP address blocks:        45.152.162.0/23 maxlen: 23
                          45.152.162.0/24 maxlen: 24
                          45.152.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:c0:db:aa:f8:e8:56:f2:e0:c0:58:7c:71:c3:2a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Nov 12 14:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e7eef7332644a8390bd445d401eeb699dba137a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:40:fb:a4:8a:22:c0:67:21:fe:69:2a:74:13:
                    b9:96:d5:1b:c1:13:49:48:14:bd:5a:23:57:e8:c4:
                    0a:9b:9b:ed:4c:39:14:dc:f9:f7:a6:0e:56:20:a5:
                    a4:ac:70:41:3e:b9:1e:88:23:27:5a:ed:95:c5:87:
                    ae:07:94:0a:79:c4:a9:3f:aa:15:b8:e2:41:8d:85:
                    3a:c4:ca:8d:58:79:cd:14:4f:60:4e:0a:65:fb:60:
                    6b:57:78:fa:77:53:b5:00:81:78:e3:a5:e4:c7:12:
                    6f:cc:98:c8:78:14:58:49:94:8c:75:fd:af:c4:05:
                    9d:42:60:85:c3:66:28:35:9f:d5:79:5a:2a:c4:91:
                    4e:08:89:e5:64:b3:08:b6:59:0d:be:a1:52:f7:f4:
                    c3:a9:a5:9c:3a:08:aa:09:f9:a9:62:d1:4c:af:80:
                    04:a6:79:cc:9e:af:8e:19:0c:98:07:50:82:3f:bb:
                    bf:28:e9:a0:40:d1:d8:0b:e1:43:27:19:f7:f2:7f:
                    bd:93:1c:5c:9f:c9:27:9f:18:ac:33:31:95:0e:27:
                    46:56:e8:f9:d5:fb:c5:66:1f:a8:6d:76:50:70:88:
                    b9:6c:ce:0a:7c:c1:be:cc:48:5f:2a:37:5e:99:48:
                    5d:a7:3f:ef:ed:f9:cc:92:9d:87:02:e5:a0:6c:3e:
                    42:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:7E:EF:73:32:64:4A:83:90:BD:44:5D:40:1E:EB:69:9D:BA:13:7A
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Hn7vczJkSoOQvURdQB7raZ26E3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:59:2b:86:f0:9e:b7:e2:42:44:b0:c2:28:54:11:b4:da:e6:
         67:87:f6:8b:be:24:e8:97:3a:d2:31:90:8e:10:a3:10:46:fb:
         91:83:0a:32:d5:66:62:85:a6:78:83:ea:36:74:0d:d7:ea:6a:
         6b:43:8a:d3:b4:b3:1e:a3:9a:ea:58:e3:1f:7c:31:74:96:a3:
         8f:0d:67:3e:20:e0:de:16:05:f1:ef:ea:04:78:cc:b3:fc:a9:
         33:e6:fc:c9:c0:e1:a8:86:f6:52:0a:ad:9d:fb:27:de:f0:f9:
         a5:d3:f9:a9:f8:6c:2b:0e:19:7e:73:a3:e6:f2:00:99:aa:af:
         a7:bc:cb:63:3b:fc:61:2a:86:54:0a:68:95:40:66:6b:1b:33:
         5c:95:db:47:81:cf:51:f6:13:56:4e:ed:fe:f0:cf:6f:90:9c:
         d9:45:c9:c5:54:7a:b7:16:51:ea:93:da:ca:47:24:6f:df:10:
         a5:a4:61:97:18:f1:28:46:c0:87:e0:16:65:6b:e2:25:4b:fc:
         27:d3:c6:94:23:c2:e7:1b:a4:12:9b:c5:f1:e8:58:2e:0a:34:
         60:8e:f1:fb:78:6b:98:75:75:c8:99:ab:b0:56:29:7a:f4:ef:
         1b:0c:27:3c:41:53:9e:ae:91:31:1d:3e:04:97:7d:7c:ac:ac:
         59:65:bf:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMgwNuq+OhW8uDAWHxxwyrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQxMTEyMTQyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTdlZWY3MzMyNjQ0YTgzOTBiZDQ0NWQ0MDFlZWI2OTlkYmExMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUD7pIoiwGch/mkqdBO5ltUbwRNJ
SBS9WiNX6MQKm5vtTDkU3Pn3pg5WIKWkrHBBPrkeiCMnWu2VxYeuB5QKecSpP6oV
uOJBjYU6xMqNWHnNFE9gTgpl+2BrV3j6d1O1AIF446XkxxJvzJjIeBRYSZSMdf2v
xAWdQmCFw2YoNZ/VeVoqxJFOCInlZLMItlkNvqFS9/TDqaWcOgiqCfmpYtFMr4AE
pnnMnq+OGQyYB1CCP7u/KOmgQNHYC+FDJxn38n+9kxxcn8knnxisMzGVDidGVuj5
1fvFZh+obXZQcIi5bM4KfMG+zEhfKjdemUhdpz/v7fnMkp2HAuWgbD5CbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5+73MyZEqDkL1EXUAe62mduhN6MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvSG43dmN6SmtTb09RdlVSZFFCN3JhWjI2RTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZiiMA0G
CSqGSIb3DQEBCwUAA4IBAQBHWSuG8J634kJEsMIoVBG02uZnh/aLviTolzrSMZCO
EKMQRvuRgwoy1WZihaZ4g+o2dA3X6mprQ4rTtLMeo5rqWOMffDF0lqOPDWc+IODe
FgXx7+oEeMyz/Kkz5vzJwOGohvZSCq2d+yfe8Pml0/mp+GwrDhl+c6Pm8gCZqq+n
vMtjO/xhKoZUCmiVQGZrGzNcldtHgc9R9hNWTu3+8M9vkJzZRcnFVHq3FlHqk9rK
RyRv3xClpGGXGPEoRsCH4BZla+IlS/wn08aUI8LnG6QSm8Xx6FguCjRgjvH7eGuY
dXXImauwVil69O8bDCc8QVOerpExHT4El318rKxZZb/0
-----END CERTIFICATE-----