Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cQ8ze6y1LnPu4EfAnEKmY9Xdmf8.roa
File:                     cQ8ze6y1LnPu4EfAnEKmY9Xdmf8.roa (raw, json)
Hash identifier:          xt1bp6XM2w0iRyzYeCHLnNTtVyHEllzxzb3tmQdB3JI=
Subject key identifier:   71:0F:33:7B:AC:B5:2E:73:EE:E0:47:C0:9C:42:A6:63:D5:DD:99:FF
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E32939A99DD14A5C596F1286A4882
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cQ8ze6y1LnPu4EfAnEKmY9Xdmf8.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38001
IP address blocks:        45.67.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:93:9a:99:dd:14:a5:c5:96:f1:28:6a:48:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=710f337bacb52e73eee047c09c42a663d5dd99ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7b:1d:ff:52:33:72:8a:5d:60:b7:6b:e9:e5:
                    72:0f:1c:79:7d:51:a4:c2:e4:d6:ba:a9:b4:ea:70:
                    f7:0b:33:1f:78:31:1c:68:a6:29:63:21:06:42:73:
                    0c:cd:0a:40:eb:d5:d7:7d:27:8a:13:1c:87:31:92:
                    e9:55:57:91:19:91:11:b8:dc:78:d0:eb:17:5b:ab:
                    54:b0:3f:85:89:5c:f3:51:73:df:9f:1c:f4:0d:8e:
                    59:a9:46:7c:70:6a:67:c4:a1:d3:47:0c:28:5a:75:
                    b6:6e:34:d7:a7:ad:9d:1e:eb:62:e8:cc:98:ee:3c:
                    6e:23:32:87:ae:cc:1d:d9:ad:20:ad:09:8c:94:df:
                    c0:3e:b0:83:d0:d2:b3:99:2d:fd:21:b3:1b:d2:cb:
                    3c:c9:01:b4:92:8e:d8:62:8d:68:a7:44:97:e8:c5:
                    f9:8d:dd:36:cd:8e:e8:98:9d:5b:bd:b2:03:f5:1b:
                    b4:16:e4:5f:a7:7c:a8:49:eb:af:30:8d:e4:a5:d6:
                    6a:8f:83:1e:5d:02:39:e1:65:1b:96:cb:18:de:6e:
                    23:47:52:14:07:71:b7:16:a9:24:57:48:a3:98:8e:
                    09:0e:c9:4b:38:70:ac:e2:7c:cb:0e:55:57:20:2e:
                    c8:bf:81:14:c7:de:2a:a4:82:e4:04:0b:e4:69:c8:
                    71:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:0F:33:7B:AC:B5:2E:73:EE:E0:47:C0:9C:42:A6:63:D5:DD:99:FF
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cQ8ze6y1LnPu4EfAnEKmY9Xdmf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:76:99:b3:8f:96:b1:7d:ea:81:1e:81:13:5e:0a:d5:1e:88:
         64:5b:a6:b2:07:34:ad:62:2f:b7:5d:10:9e:db:cb:01:12:37:
         35:5f:51:34:c2:ee:6d:eb:2f:77:95:47:d6:6d:d4:be:1f:30:
         ed:11:2a:e0:a8:14:45:84:75:78:63:e5:df:57:85:7e:a9:7b:
         21:28:48:af:f8:5e:7d:c1:ae:2b:ca:71:1f:45:66:f0:2e:f8:
         f6:7d:bd:c3:aa:8f:ac:5d:68:56:31:cd:fa:ce:ec:97:1e:14:
         9f:35:9a:85:ba:08:51:bd:f2:45:5c:b4:97:e0:3e:25:f3:35:
         57:8f:05:cc:38:f2:05:f9:e7:d1:38:5a:a9:68:89:e2:df:41:
         fa:3f:63:f8:7c:8e:a8:ca:2b:8c:d3:0b:b0:39:5a:3e:e2:3f:
         c7:10:8c:f7:75:bc:cd:e4:55:55:ca:44:86:a1:32:70:30:6e:
         74:f8:57:2f:cf:c0:75:33:c9:c6:ab:2b:ed:34:77:6b:01:03:
         fa:a9:9a:68:1d:7e:91:ac:44:bb:f6:ad:6a:65:59:5f:dc:2e:
         e3:c7:20:df:7b:19:42:9e:59:65:d5:94:c5:a7:c0:6f:9f:d8:
         ce:90:b3:ec:20:6f:21:2f:e2:50:a9:f9:7f:cc:ae:cd:0b:c6:
         90:b2:0b:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjKTmpndFKXFlvEoakiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTBmMzM3YmFjYjUyZTczZWVlMDQ3YzA5YzQyYTY2M2Q1ZGQ5OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHsd/1IzcopdYLdr6eVyDxx5fVGk
wuTWuqm06nD3CzMfeDEcaKYpYyEGQnMMzQpA69XXfSeKExyHMZLpVVeRGZERuNx4
0OsXW6tUsD+FiVzzUXPfnxz0DY5ZqUZ8cGpnxKHTRwwoWnW2bjTXp62dHuti6MyY
7jxuIzKHrswd2a0grQmMlN/APrCD0NKzmS39IbMb0ss8yQG0ko7YYo1op0SX6MX5
jd02zY7omJ1bvbID9Ru0FuRfp3yoSeuvMI3kpdZqj4MeXQI54WUblssY3m4jR1IU
B3G3FqkkV0ijmI4JDslLOHCs4nzLDlVXIC7Iv4EUx94qpILkBAvkachxawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEPM3ustS5z7uBHwJxCpmPV3Zn/MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvY1E4emU2eTFMblB1NEVmQW5FS21ZOVhkbWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUOJMA0G
CSqGSIb3DQEBCwUAA4IBAQBndpmzj5axfeqBHoETXgrVHohkW6ayBzStYi+3XRCe
28sBEjc1X1E0wu5t6y93lUfWbdS+HzDtESrgqBRFhHV4Y+XfV4V+qXshKEiv+F59
wa4rynEfRWbwLvj2fb3Dqo+sXWhWMc36zuyXHhSfNZqFughRvfJFXLSX4D4l8zVX
jwXMOPIF+efROFqpaIni30H6P2P4fI6oyiuM0wuwOVo+4j/HEIz3dbzN5FVVykSG
oTJwMG50+Fcvz8B1M8nGqyvtNHdrAQP6qZpoHX6RrES79q1qZVlf3C7jxyDfexlC
nlll1ZTFp8Bvn9jOkLPsIG8hL+JQqfl/zK7NC8aQsgvG
-----END CERTIFICATE-----