Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/kGmF5zjCC_oG4KuRDdJaz6U3uKk.roa
File:                     kGmF5zjCC_oG4KuRDdJaz6U3uKk.roa (raw, json)
Hash identifier:          Len5xbogTL/keWJovDqifEIAhAaFg54F6Xc/pGBQhlU=
Subject key identifier:   90:69:85:E7:38:C2:0B:FA:06:E0:AB:91:0D:D2:5A:CF:A5:37:B8:A9
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2E311724B29E9E5FDBEDD9CED890
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/kGmF5zjCC_oG4KuRDdJaz6U3uKk.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        45.145.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2e:31:17:24:b2:9e:9e:5f:db:ed:d9:ce:d8:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=906985e738c20bfa06e0ab910dd25acfa537b8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:71:a2:7b:c5:a8:e9:c9:0e:83:a9:a9:8f:28:
                    76:68:e4:15:1d:05:18:b7:91:33:8e:e2:6f:e2:aa:
                    7b:d2:0c:a8:eb:6f:82:a9:9f:23:b9:a9:eb:17:8e:
                    ab:ef:dc:73:05:01:dc:e3:2d:23:47:21:33:0c:24:
                    1d:4e:04:85:5b:44:14:9b:11:8a:ff:0e:32:4c:72:
                    90:fb:a6:32:9b:f5:57:a4:9f:57:81:d0:ad:d8:7a:
                    92:21:40:60:f5:81:b0:de:d0:51:3c:57:ec:46:6b:
                    4d:0a:a0:e5:6e:49:34:14:44:5b:f5:b9:11:30:94:
                    6a:c2:d4:90:9c:a3:54:bb:7f:36:14:61:2f:50:4f:
                    9d:df:09:1a:39:95:71:ff:74:3f:79:27:90:99:a3:
                    6d:cc:6e:75:5f:17:c2:07:15:55:96:ce:18:6a:6a:
                    17:0f:f8:db:0d:cd:e8:b8:ac:4a:6a:6e:77:e7:41:
                    4a:80:40:34:d1:63:6b:24:b4:61:4b:89:6b:24:93:
                    75:7a:f8:1f:20:a5:b8:68:d1:26:5c:7c:13:76:06:
                    22:49:e7:05:ed:bc:36:79:97:16:26:f8:80:eb:74:
                    e9:de:81:88:85:d3:38:4b:b2:9c:d1:46:14:c7:bc:
                    2a:5b:b0:0c:c4:5b:c9:01:9f:df:52:c4:19:f9:95:
                    e8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:69:85:E7:38:C2:0B:FA:06:E0:AB:91:0D:D2:5A:CF:A5:37:B8:A9
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/kGmF5zjCC_oG4KuRDdJaz6U3uKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:c9:81:23:80:e6:89:97:2e:5a:55:22:2e:6c:d9:0d:b2:45:
         67:cf:46:df:7a:20:0a:47:10:86:81:6d:13:f3:7b:8d:6c:3c:
         b1:59:c5:0d:73:e7:88:bb:61:e1:ed:bd:44:1f:31:f3:ac:3c:
         38:b7:5d:0b:15:d7:27:41:6b:38:e3:95:08:f3:6f:1a:eb:92:
         3b:df:60:74:61:f1:c2:d1:74:4a:dd:f2:f5:9a:10:a6:ab:36:
         25:eb:4d:43:37:52:e0:fa:1f:c9:ae:1b:d6:69:ca:41:21:87:
         d4:60:81:91:4b:da:d2:1a:c0:76:ba:67:36:28:54:d2:dc:4b:
         ec:17:9b:27:06:6e:51:b9:ed:55:20:e3:af:7d:43:53:4c:80:
         70:30:f3:22:bc:f4:e7:45:1a:36:90:b8:2f:07:23:d9:4c:12:
         8c:7f:33:aa:47:90:e8:51:f3:3e:47:c6:77:a1:c4:e6:dd:b9:
         46:0e:3d:7b:8c:c0:51:71:9b:3d:4d:1a:52:20:57:2c:60:1a:
         ef:32:3e:3f:04:f0:d0:d8:2e:2a:98:be:40:0d:13:81:84:a3:
         b9:5c:e5:de:3b:6b:9b:98:4e:77:dd:a7:46:d0:ae:67:91:7a:
         3a:27:43:80:99:61:c5:6f:03:03:19:5f:37:56:0b:0d:d4:cf:
         30:d2:9b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi4xFySynp5f2+3ZztiQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDY5ODVlNzM4YzIwYmZhMDZlMGFiOTEwZGQyNWFjZmE1MzdiOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXGie8Wo6ckOg6mpjyh2aOQVHQUY
t5EzjuJv4qp70gyo62+CqZ8juanrF46r79xzBQHc4y0jRyEzDCQdTgSFW0QUmxGK
/w4yTHKQ+6Yym/VXpJ9XgdCt2HqSIUBg9YGw3tBRPFfsRmtNCqDlbkk0FERb9bkR
MJRqwtSQnKNUu382FGEvUE+d3wkaOZVx/3Q/eSeQmaNtzG51XxfCBxVVls4YamoX
D/jbDc3ouKxKam5350FKgEA00WNrJLRhS4lrJJN1evgfIKW4aNEmXHwTdgYiSecF
7bw2eZcWJviA63Tp3oGIhdM4S7Kc0UYUx7wqW7AMxFvJAZ/fUsQZ+ZXoNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBphec4wgv6BuCrkQ3SWs+lN7ipMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEva0dtRjV6akNDX29HNEt1UkRkSmF6NlUzdUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZHjMA0G
CSqGSIb3DQEBCwUAA4IBAQAWyYEjgOaJly5aVSIubNkNskVnz0bfeiAKRxCGgW0T
83uNbDyxWcUNc+eIu2Hh7b1EHzHzrDw4t10LFdcnQWs445UI828a65I732B0YfHC
0XRK3fL1mhCmqzYl601DN1Lg+h/JrhvWacpBIYfUYIGRS9rSGsB2umc2KFTS3Evs
F5snBm5Rue1VIOOvfUNTTIBwMPMivPTnRRo2kLgvByPZTBKMfzOqR5DoUfM+R8Z3
ocTm3blGDj17jMBRcZs9TRpSIFcsYBrvMj4/BPDQ2C4qmL5ADROBhKO5XOXeO2ub
mE533adG0K5nkXo6J0OAmWHFbwMDGV83VgsN1M8w0pvU
-----END CERTIFICATE-----