Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/_9d1BYNFq_6GXl8PUBuR1YpqnrI.roa
File:                     _9d1BYNFq_6GXl8PUBuR1YpqnrI.roa (raw, json)
Hash identifier:          Ok71z/5j94AGdsveg9szgoE2g3Aa3vdDO1L3jxAQWcU=
Subject key identifier:   FF:D7:75:05:83:45:AB:FE:86:5E:5F:0F:50:1B:91:D5:8A:6A:9E:B2
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018E66019B6E0F0C01FE8C3A1DF5E59621C1
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/_9d1BYNFq_6GXl8PUBuR1YpqnrI.roa
Signing time:             Fri 22 Mar 2024 11:52:45 +0000
ROA not before:           Fri 22 Mar 2024 11:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199306
IP address blocks:        45.151.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:01:9b:6e:0f:0c:01:fe:8c:3a:1d:f5:e5:96:21:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Mar 22 11:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffd775058345abfe865e5f0f501b91d58a6a9eb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d4:48:af:77:97:4d:c2:21:ed:e8:15:b2:1e:
                    de:38:99:bd:7f:58:42:cd:d3:11:f4:5d:2a:8d:24:
                    eb:d5:ad:89:d0:e9:c0:82:da:c6:de:7b:1f:6d:56:
                    08:6d:5c:6b:65:d4:81:86:c1:d0:c6:7d:77:6d:fa:
                    73:71:e3:94:1e:2b:2e:54:64:97:c4:50:6e:a3:71:
                    12:36:cb:7c:66:17:18:2c:42:b5:34:5b:30:c5:5e:
                    c9:ef:bd:73:0c:7e:43:55:39:81:fc:dc:b8:d9:49:
                    2a:32:d2:e5:57:2f:85:30:b9:fd:8f:c2:37:3f:fc:
                    e4:44:31:a8:85:18:78:6d:82:00:11:91:8b:af:af:
                    cf:89:de:dd:8b:b2:cf:ee:bc:28:99:f2:57:8d:42:
                    82:2c:7e:57:b4:ad:02:5d:46:03:cf:86:7e:31:f2:
                    f4:fa:b8:0f:13:72:f4:c0:2a:46:01:88:2f:09:bd:
                    74:66:f7:b0:58:9e:87:26:e1:71:14:2e:a0:a3:02:
                    14:2b:c1:60:f6:bc:3c:f5:5f:20:73:66:60:b6:1d:
                    3e:4f:35:6e:f9:c6:69:cd:31:2a:30:87:ca:39:94:
                    23:d1:3b:42:fc:7e:76:f9:20:8d:8a:54:38:64:69:
                    b5:5c:46:f4:13:71:f5:46:63:7e:e3:0e:e6:98:14:
                    fe:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D7:75:05:83:45:AB:FE:86:5E:5F:0F:50:1B:91:D5:8A:6A:9E:B2
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/_9d1BYNFq_6GXl8PUBuR1YpqnrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:2b:75:44:c6:0c:ad:c0:1f:47:6a:f1:39:63:04:e9:77:a6:
         61:bf:24:01:cc:59:40:6e:83:c1:5a:12:4d:78:98:d7:6e:b5:
         72:03:01:0e:db:1e:2e:cc:40:58:96:34:e9:a4:6a:71:7f:dd:
         3e:66:77:4d:79:9e:e9:82:f6:26:a4:e8:25:8b:4d:d6:78:b8:
         96:dd:66:8f:ad:47:b9:1a:af:64:a4:80:3f:37:95:cf:0c:7a:
         bc:b3:5e:40:6a:99:67:72:49:da:ca:a7:b1:21:05:6e:f3:99:
         88:87:1b:a2:b7:fd:6b:95:cf:cf:c4:c0:98:f0:37:76:3d:8e:
         d5:0a:b6:e2:43:77:51:de:85:88:ff:25:7c:89:af:f9:22:b6:
         0c:48:92:d0:5e:18:19:13:cd:3d:04:8d:0c:f6:1f:05:7c:12:
         94:a1:84:d3:0f:1d:a7:ce:95:2a:06:92:c9:f7:4e:9e:e8:e7:
         59:ee:93:ab:bd:49:f7:07:df:da:37:6d:2c:e1:b2:67:26:b2:
         cb:23:a6:fa:55:b0:e1:3d:87:77:f5:ee:c1:a9:2e:a8:8c:9d:
         1f:1a:ac:41:37:0f:2f:aa:5c:a0:ea:a0:54:23:96:9b:bb:30:
         91:9a:87:3b:be:a5:af:7e:94:10:6d:ba:78:c3:2a:ae:8a:be:
         01:63:f3:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mAZtuDwwB/ow6HfXlliHBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMzIyMTE1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ3NzUwNTgzNDVhYmZlODY1ZTVmMGY1MDFiOTFkNThhNmE5ZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdRIr3eXTcIh7egVsh7eOJm9f1hC
zdMR9F0qjSTr1a2J0OnAgtrG3nsfbVYIbVxrZdSBhsHQxn13bfpzceOUHisuVGSX
xFBuo3ESNst8ZhcYLEK1NFswxV7J771zDH5DVTmB/Ny42UkqMtLlVy+FMLn9j8I3
P/zkRDGohRh4bYIAEZGLr6/Pid7di7LP7rwomfJXjUKCLH5XtK0CXUYDz4Z+MfL0
+rgPE3L0wCpGAYgvCb10ZvewWJ6HJuFxFC6gowIUK8Fg9rw89V8gc2Zgth0+TzVu
+cZpzTEqMIfKOZQj0TtC/H52+SCNilQ4ZGm1XEb0E3H1RmN+4w7mmBT+8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/XdQWDRav+hl5fD1AbkdWKap6yMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvXzlkMUJZTkZxXzZHWGw4UFVCdVIxWXBxbnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc5MA0G
CSqGSIb3DQEBCwUAA4IBAQClK3VExgytwB9HavE5YwTpd6ZhvyQBzFlAboPBWhJN
eJjXbrVyAwEO2x4uzEBYljTppGpxf90+ZndNeZ7pgvYmpOgli03WeLiW3WaPrUe5
Gq9kpIA/N5XPDHq8s15AaplncknayqexIQVu85mIhxuit/1rlc/PxMCY8Dd2PY7V
CrbiQ3dR3oWI/yV8ia/5IrYMSJLQXhgZE809BI0M9h8FfBKUoYTTDx2nzpUqBpLJ
906e6OdZ7pOrvUn3B9/aN20s4bJnJrLLI6b6VbDhPYd39e7BqS6ojJ0fGqxBNw8v
qlyg6qBUI5abuzCRmoc7vqWvfpQQbbp4wyquir4BY/OX
-----END CERTIFICATE-----