Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/IoJIP0XwP0v7lV3QtCzSaZBfch4.roa
File:                     IoJIP0XwP0v7lV3QtCzSaZBfch4.roa (raw, json)
Hash identifier:          U8W7LFG/c/Se2Vx2CkZsUS+6hHsEU9hrFiHEKXppkcE=
Subject key identifier:   22:82:48:3F:45:F0:3F:4B:FB:95:5D:D0:B4:2C:D2:69:90:5F:72:1E
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E45A9B45109268AE6F8CD28716698
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/IoJIP0XwP0v7lV3QtCzSaZBfch4.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398127
IP address blocks:        45.133.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:45:a9:b4:51:09:26:8a:e6:f8:cd:28:71:66:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2282483f45f03f4bfb955dd0b42cd269905f721e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:77:47:37:bd:73:a9:92:f5:67:43:48:a1:21:
                    cd:1a:93:5b:ab:5e:ed:47:71:7a:0a:be:78:a3:93:
                    81:07:e8:85:fc:2e:e9:b7:31:32:ec:5f:59:f9:2e:
                    cd:e1:79:81:df:4f:d3:4b:ba:d1:1d:a0:dd:ff:01:
                    a4:f9:27:4d:66:2b:66:68:cd:3a:6b:94:46:d3:c6:
                    41:d0:0e:b6:66:37:31:7b:75:0b:38:0f:fe:42:80:
                    bd:b0:26:86:d6:9a:37:14:bb:de:19:e8:1c:3c:48:
                    71:42:59:e9:56:7f:da:98:19:9b:17:a9:cd:28:93:
                    f0:7f:77:b9:9c:25:fc:49:70:be:e9:82:d1:60:82:
                    05:fc:ed:24:ca:2b:bc:aa:c1:a8:c4:e8:b5:1a:49:
                    d8:3e:4f:55:99:37:28:46:04:91:fc:0a:8f:fb:cf:
                    f1:16:78:b7:10:c8:6d:11:f7:c9:0f:cc:16:75:a1:
                    13:b6:50:8a:c9:ef:34:30:75:91:37:7d:85:d3:b6:
                    8b:32:aa:22:da:1b:05:7e:60:54:5d:56:be:fe:a8:
                    16:12:ac:16:87:e9:8b:f9:32:9c:fd:b4:f6:06:fe:
                    fc:6f:f1:78:27:77:e6:a0:da:e1:37:4d:22:aa:3e:
                    c2:10:bc:e1:6f:1e:3b:e5:41:3a:65:82:1c:49:d5:
                    95:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:82:48:3F:45:F0:3F:4B:FB:95:5D:D0:B4:2C:D2:69:90:5F:72:1E
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/IoJIP0XwP0v7lV3QtCzSaZBfch4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a0:b8:9b:82:65:4b:72:70:e1:42:d2:a8:1b:8f:0a:71:76:
         9a:eb:03:a5:e8:d2:b3:09:e7:b3:30:01:37:e1:32:bc:53:5e:
         17:1f:7e:10:d8:b1:b4:3e:21:4c:0b:23:b7:e6:76:ac:1e:06:
         c1:26:98:07:dd:78:a9:0e:53:90:42:c5:0f:91:bb:97:61:75:
         64:65:c8:b1:43:21:2a:74:78:fb:aa:d8:66:1c:a0:52:70:65:
         dc:fd:cb:3f:40:0f:aa:fc:60:53:8f:39:19:78:62:b6:b7:96:
         3e:52:05:e3:ec:39:4f:0c:9e:53:a1:f8:75:93:05:1d:00:49:
         7c:44:ec:7f:36:0d:8e:fd:56:a1:25:9b:d8:2d:ee:ea:6a:dd:
         d0:d6:a4:9a:3e:ac:ca:11:33:81:65:cd:e1:06:bf:cb:0b:8c:
         1f:0c:26:3e:2e:34:d5:6c:51:09:88:e4:b4:0a:3d:bf:05:ca:
         ea:a5:b6:d7:9f:1e:50:d0:ac:eb:15:c4:54:8c:95:bd:cd:16:
         bd:4f:8c:b5:36:ab:58:47:c3:dd:b1:53:57:d8:c8:af:05:88:
         09:b0:bb:79:7d:0a:b1:48:af:e8:51:02:44:ab:d1:ff:f8:d0:
         70:66:bf:99:60:91:9f:84:ad:7f:6c:c9:4f:af:9f:fb:3e:a4:
         00:63:b9:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkWptFEJJorm+M0ocWaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjgyNDgzZjQ1ZjAzZjRiZmI5NTVkZDBiNDJjZDI2OTkwNWY3MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtndHN71zqZL1Z0NIoSHNGpNbq17t
R3F6Cr54o5OBB+iF/C7ptzEy7F9Z+S7N4XmB30/TS7rRHaDd/wGk+SdNZitmaM06
a5RG08ZB0A62Zjcxe3ULOA/+QoC9sCaG1po3FLveGegcPEhxQlnpVn/amBmbF6nN
KJPwf3e5nCX8SXC+6YLRYIIF/O0kyiu8qsGoxOi1GknYPk9VmTcoRgSR/AqP+8/x
Fni3EMhtEffJD8wWdaETtlCKye80MHWRN32F07aLMqoi2hsFfmBUXVa+/qgWEqwW
h+mL+TKc/bT2Bv78b/F4J3fmoNrhN00iqj7CELzhbx475UE6ZYIcSdWV2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKCSD9F8D9L+5Vd0LQs0mmQX3IeMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvSW9KSVAwWHdQMHY3bFYzUXRDelNhWkJmY2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYVKMA0G
CSqGSIb3DQEBCwUAA4IBAQBooLibgmVLcnDhQtKoG48KcXaa6wOl6NKzCeezMAE3
4TK8U14XH34Q2LG0PiFMCyO35nasHgbBJpgH3XipDlOQQsUPkbuXYXVkZcixQyEq
dHj7qthmHKBScGXc/cs/QA+q/GBTjzkZeGK2t5Y+UgXj7DlPDJ5Tofh1kwUdAEl8
ROx/Ng2O/VahJZvYLe7qat3Q1qSaPqzKETOBZc3hBr/LC4wfDCY+LjTVbFEJiOS0
Cj2/BcrqpbbXnx5Q0KzrFcRUjJW9zRa9T4y1NqtYR8PdsVNX2MivBYgJsLt5fQqx
SK/oUQJEq9H/+NBwZr+ZYJGfhK1/bMlPr5/7PqQAY7mq
-----END CERTIFICATE-----