Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PBtzTDMrKE9II3xxYW7GfudUu1U.roa
File:                     PBtzTDMrKE9II3xxYW7GfudUu1U.roa (raw, json)
Hash identifier:          3XnsmplsllsAVaaDayh6o5sM3SIu6vLR/qr5h32to9Q=
Subject key identifier:   3C:1B:73:4C:33:2B:28:4F:48:23:7C:71:61:6E:C6:7E:E7:54:BB:55
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E3658C377D2380FAFF1D371B0221E
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PBtzTDMrKE9II3xxYW7GfudUu1U.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        45.141.116.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:36:58:c3:77:d2:38:0f:af:f1:d3:71:b0:22:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c1b734c332b284f48237c71616ec67ee754bb55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f8:bb:8f:82:f3:3f:3d:d9:79:4b:91:a8:85:
                    d9:62:f4:ca:5a:b7:80:82:79:7e:e5:27:55:34:c6:
                    0f:4d:71:e8:de:0f:9a:37:1a:88:38:8a:4c:7b:a6:
                    53:09:1c:da:04:e9:cf:17:cf:b9:00:0b:30:d8:34:
                    c9:a7:70:90:4f:3f:da:63:55:8b:48:42:5a:ac:07:
                    3d:a1:dd:fd:f3:58:71:89:7b:76:ec:fb:57:2c:fd:
                    a4:fc:ae:c4:ea:85:ad:1c:f8:6c:71:1b:c7:c3:39:
                    41:af:e4:81:81:a1:e2:a5:7c:82:29:a8:21:52:f3:
                    dc:c2:88:80:8a:0e:92:d0:cf:58:84:cd:ec:5d:7d:
                    04:89:b4:43:1c:97:70:2f:28:b6:6b:5e:9e:7a:6b:
                    d0:09:bc:6f:7e:29:7f:99:08:5a:2c:b0:55:d9:8f:
                    53:50:a8:0f:fa:37:e7:20:2d:41:99:94:22:22:f8:
                    9a:70:ad:b0:08:11:79:25:03:f7:ae:c3:54:09:a8:
                    a7:bd:31:be:47:8c:1d:fb:ce:d2:67:d3:c2:9e:dd:
                    5b:5d:70:2e:e1:cf:9e:56:4b:21:b5:d6:9a:e8:d7:
                    6a:0a:93:cd:76:99:5b:50:1c:5b:35:9a:cc:68:7d:
                    2b:6b:57:e9:cd:bf:a1:08:0d:f2:8c:a1:3b:e8:56:
                    60:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1B:73:4C:33:2B:28:4F:48:23:7C:71:61:6E:C6:7E:E7:54:BB:55
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PBtzTDMrKE9II3xxYW7GfudUu1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:c5:02:8b:b4:a2:72:30:bb:4f:3e:e2:1a:fc:ee:5b:26:cf:
         09:ca:a5:ca:fc:7a:f7:b6:32:7d:f5:42:71:fb:dd:22:24:e7:
         38:fd:b3:31:9d:a6:1e:e0:81:db:3f:ea:20:b0:86:85:7f:a3:
         e5:0d:4b:5c:f6:2d:cc:ed:e4:5c:2e:8c:71:d8:bc:eb:8d:eb:
         e5:6f:17:21:0d:32:cf:6f:ae:2f:99:39:58:5d:95:f7:31:f1:
         b2:d1:cd:2c:62:b4:7b:4c:30:0c:95:04:a9:1a:02:9c:8d:81:
         fc:43:17:04:02:6c:ec:50:61:7f:58:fd:11:64:d7:89:57:95:
         b5:66:c4:03:dc:ef:a6:b2:e6:26:f1:0f:17:c6:f2:ee:48:de:
         77:53:db:7e:99:79:51:c7:ba:24:30:d4:9d:db:9c:35:6d:74:
         5d:38:53:9a:a1:05:eb:9f:e7:91:c2:d0:c5:1c:58:1f:88:44:
         08:af:a0:71:a5:f5:78:3c:ba:2b:a1:8e:26:c5:60:4d:76:25:
         7a:09:54:c3:75:c0:b3:42:68:f2:32:fa:aa:77:67:ae:99:c7:
         ab:cb:cd:1e:bd:54:6c:72:39:77:d7:10:d8:9e:a0:c1:e0:53:
         e4:af:76:99:85:84:68:38:92:53:f2:3e:db:bd:80:52:f1:4e:
         0c:b4:8d:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjZYw3fSOA+v8dNxsCIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzFiNzM0YzMzMmIyODRmNDgyMzdjNzE2MTZlYzY3ZWU3NTRiYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvi7j4LzPz3ZeUuRqIXZYvTKWreA
gnl+5SdVNMYPTXHo3g+aNxqIOIpMe6ZTCRzaBOnPF8+5AAsw2DTJp3CQTz/aY1WL
SEJarAc9od3981hxiXt27PtXLP2k/K7E6oWtHPhscRvHwzlBr+SBgaHipXyCKagh
UvPcwoiAig6S0M9YhM3sXX0EibRDHJdwLyi2a16eemvQCbxvfil/mQhaLLBV2Y9T
UKgP+jfnIC1BmZQiIviacK2wCBF5JQP3rsNUCainvTG+R4wd+87SZ9PCnt1bXXAu
4c+eVkshtdaa6NdqCpPNdplbUBxbNZrMaH0ra1fpzb+hCA3yjKE76FZgKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwbc0wzKyhPSCN8cWFuxn7nVLtVMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvUEJ0elRETXJLRTlJSTN4eFlXN0dmdWRVdTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY10MA0G
CSqGSIb3DQEBCwUAA4IBAQBQxQKLtKJyMLtPPuIa/O5bJs8JyqXK/Hr3tjJ99UJx
+90iJOc4/bMxnaYe4IHbP+ogsIaFf6PlDUtc9i3M7eRcLoxx2LzrjevlbxchDTLP
b64vmTlYXZX3MfGy0c0sYrR7TDAMlQSpGgKcjYH8QxcEAmzsUGF/WP0RZNeJV5W1
ZsQD3O+msuYm8Q8XxvLuSN53U9t+mXlRx7okMNSd25w1bXRdOFOaoQXrn+eRwtDF
HFgfiEQIr6BxpfV4PLoroY4mxWBNdiV6CVTDdcCzQmjyMvqqd2eumcery80evVRs
cjl31xDYnqDB4FPkr3aZhYRoOJJT8j7bvYBS8U4MtI0P
-----END CERTIFICATE-----