Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/neYb4fGVNij4CTTkSZDDix5MaL0.roa
File:                     neYb4fGVNij4CTTkSZDDix5MaL0.roa (raw, json)
Hash identifier:          WyfOMEsYsW9pOZ5/ycvpSi3FtzdvYKWO7hjtq3SJsMc=
Subject key identifier:   9D:E6:1B:E1:F1:95:36:28:F8:09:34:E4:49:90:C3:8B:1E:4C:68:BD
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E3A8EF27DD9BE0DE983D2A11EF4B2
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/neYb4fGVNij4CTTkSZDDix5MaL0.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135343
IP address blocks:        45.141.118.0/24 maxlen: 24
                          45.141.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3a:8e:f2:7d:d9:be:0d:e9:83:d2:a1:1e:f4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9de61be1f1953628f80934e44990c38b1e4c68bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:09:4b:fb:cb:50:1f:28:77:51:bc:6b:84:37:
                    3b:1c:a1:99:5b:b9:a9:7f:04:c6:2d:a8:a1:e7:99:
                    6d:1f:a9:c2:03:c6:2c:da:80:20:cc:df:c2:92:4b:
                    96:d2:da:a6:c4:e2:40:fd:d2:51:cf:f8:f1:0d:27:
                    01:9b:c7:c8:9c:1c:ee:b2:b2:5a:3d:43:8c:37:9a:
                    18:4c:65:0a:8f:80:8c:df:87:43:c7:88:c8:6d:49:
                    e0:e6:4a:d0:96:a9:e8:77:e8:99:7a:6a:06:4b:68:
                    9c:dd:fb:5f:1b:5d:ac:05:27:33:3b:4b:b5:0d:9f:
                    89:54:12:ba:9f:33:4d:f2:d3:97:b4:b8:30:c6:85:
                    cc:6b:96:8b:df:25:7d:a9:20:55:66:0a:23:cf:80:
                    76:f6:22:da:ed:f2:93:bd:c4:f5:16:50:26:8e:dc:
                    1a:eb:7a:50:a5:13:26:0b:73:77:7f:fd:de:68:f7:
                    1c:ad:7d:07:24:fe:37:c5:3a:25:87:28:3d:a1:7f:
                    33:6d:b0:a0:dd:f6:b8:d1:42:f8:36:d2:e0:cd:fb:
                    99:47:ce:f0:4f:53:ab:8b:f6:74:86:bb:2c:3c:75:
                    67:7d:0c:8b:af:24:34:b4:a6:c6:21:2e:54:94:60:
                    d0:93:09:ac:d3:4a:d6:3c:e7:6b:88:7d:82:c6:b1:
                    d9:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:E6:1B:E1:F1:95:36:28:F8:09:34:E4:49:90:C3:8B:1E:4C:68:BD
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/neYb4fGVNij4CTTkSZDDix5MaL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:1b:d3:9d:3f:21:99:0f:fa:a4:4c:69:b7:29:02:c3:4a:1d:
         5e:68:95:8f:3b:a8:f8:f9:7c:d3:65:ae:ae:87:0f:35:e6:fd:
         6a:9c:e4:7d:86:3d:ae:07:e8:9e:c2:cf:af:ef:4a:d1:09:e5:
         81:6a:31:1d:ed:d9:09:4d:2d:8d:ea:bf:d7:f4:25:64:95:8b:
         98:47:01:e8:e6:85:84:4a:4e:28:98:4c:f6:53:76:d1:87:87:
         6e:52:73:70:1b:54:17:f7:85:09:0c:04:96:20:00:ed:ad:b5:
         5b:08:94:b5:2e:e2:f2:08:65:91:41:5f:71:9b:c8:f0:36:bb:
         3e:0e:35:d3:89:ad:f1:51:36:b7:2d:b2:d7:f0:de:a4:d4:4d:
         72:cd:08:ca:a7:45:44:25:99:10:0e:19:53:8b:88:78:ff:d8:
         b8:1f:57:f8:56:92:42:a3:2a:4c:6a:dd:a8:b1:0e:cc:4b:19:
         06:e5:ef:d3:46:03:17:2a:05:26:37:26:bd:b2:1d:eb:d9:84:
         54:b9:a3:33:50:e3:22:c9:27:d5:57:4d:de:e2:94:7a:c3:12:
         64:19:d5:f8:10:90:4f:6a:15:6b:84:a1:95:0c:af:38:c1:83:
         2e:94:b2:65:d3:48:40:a9:94:86:9c:f0:a2:ee:20:a3:96:84:
         c7:c2:fd:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjqO8n3Zvg3pg9KhHvSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGU2MWJlMWYxOTUzNjI4ZjgwOTM0ZTQ0OTkwYzM4YjFlNGM2OGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQlL+8tQHyh3UbxrhDc7HKGZW7mp
fwTGLaih55ltH6nCA8Ys2oAgzN/CkkuW0tqmxOJA/dJRz/jxDScBm8fInBzusrJa
PUOMN5oYTGUKj4CM34dDx4jIbUng5krQlqnod+iZemoGS2ic3ftfG12sBSczO0u1
DZ+JVBK6nzNN8tOXtLgwxoXMa5aL3yV9qSBVZgojz4B29iLa7fKTvcT1FlAmjtwa
63pQpRMmC3N3f/3eaPccrX0HJP43xTolhyg9oX8zbbCg3fa40UL4NtLgzfuZR87w
T1Ori/Z0hrssPHVnfQyLryQ0tKbGIS5UlGDQkwms00rWPOdriH2CxrHZlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3mG+HxlTYo+Ak05EmQw4seTGi9MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvbmVZYjRmR1ZOaWo0Q1RUa1NaRERpeDVNYUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY12MA0G
CSqGSIb3DQEBCwUAA4IBAQByG9OdPyGZD/qkTGm3KQLDSh1eaJWPO6j4+XzTZa6u
hw815v1qnOR9hj2uB+iews+v70rRCeWBajEd7dkJTS2N6r/X9CVklYuYRwHo5oWE
Sk4omEz2U3bRh4duUnNwG1QX94UJDASWIADtrbVbCJS1LuLyCGWRQV9xm8jwNrs+
DjXTia3xUTa3LbLX8N6k1E1yzQjKp0VEJZkQDhlTi4h4/9i4H1f4VpJCoypMat2o
sQ7MSxkG5e/TRgMXKgUmNya9sh3r2YRUuaMzUOMiySfVV03e4pR6wxJkGdX4EJBP
ahVrhKGVDK84wYMulLJl00hAqZSGnPCi7iCjloTHwv0E
-----END CERTIFICATE-----