Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/wbomfPUy19klEDGB4NC2OIGSel4.roa
File:                     wbomfPUy19klEDGB4NC2OIGSel4.roa (raw, json)
Hash identifier:          RipwjABoDGmBYvT4ggpPgjGIuYq/TuMZurNU8JmTWl4=
Subject key identifier:   C1:BA:26:7C:F5:32:D7:D9:25:10:31:81:E0:D0:B6:38:81:92:7A:5E
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2DFF47B819C33BF0864878A8C296
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/wbomfPUy19klEDGB4NC2OIGSel4.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23422
IP address blocks:        152.89.252.0/24 maxlen: 24
                          45.10.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2d:ff:47:b8:19:c3:3b:f0:86:48:78:a8:c2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1ba267cf532d7d925103181e0d0b63881927a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ed:f3:d1:9c:e1:34:ad:59:b2:c1:d5:4d:6f:
                    37:66:b2:17:2c:c3:88:4e:ce:4a:5a:cf:f8:c8:a1:
                    23:46:32:af:68:17:53:5f:4c:b7:ee:84:4f:f1:7a:
                    37:f6:43:d3:52:80:ff:40:e7:3e:f2:01:e4:2d:81:
                    5c:a7:e8:b0:10:94:82:20:fe:33:a2:2c:66:78:86:
                    58:df:22:cc:f7:67:78:1d:84:b7:b8:78:5d:0e:9b:
                    cd:aa:eb:f0:b5:7b:7d:6f:f4:23:f3:8b:d8:ba:84:
                    4e:60:a8:87:c6:35:bb:19:af:0f:68:2e:6c:51:e9:
                    65:a0:70:3c:e3:c3:a9:33:d7:9d:0d:0e:74:1b:93:
                    f5:dd:50:90:06:8f:66:ef:87:d3:c1:f3:39:7b:0a:
                    d5:06:cd:dc:7c:9d:92:70:79:1f:cc:dc:33:af:27:
                    c5:40:47:f8:86:5b:27:46:52:42:4a:7a:47:90:f7:
                    e7:81:14:c3:2c:a3:67:89:08:bf:fd:b0:5b:97:38:
                    d2:2a:85:12:77:9c:7d:da:ca:5b:95:16:6d:5d:d3:
                    3b:c4:de:c8:d8:de:da:24:0b:ac:a8:00:09:58:ff:
                    e5:bd:6a:2a:4f:06:fc:3b:2a:8d:0b:41:18:21:97:
                    39:87:7c:be:8d:75:29:81:da:0b:92:cc:d5:d5:d7:
                    68:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BA:26:7C:F5:32:D7:D9:25:10:31:81:E0:D0:B6:38:81:92:7A:5E
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/wbomfPUy19klEDGB4NC2OIGSel4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.21.0/24
                  152.89.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:90:06:e4:e2:8e:57:ed:40:c7:b1:de:da:bb:8c:84:ce:fd:
         cd:bf:83:0d:f3:c4:2d:60:d2:19:df:a1:ed:a4:59:92:cd:24:
         09:36:6e:53:28:aa:e2:a2:3c:44:ef:ad:bc:00:08:99:c3:8c:
         30:4f:64:58:76:33:40:47:fc:f1:a8:23:4c:ee:c2:46:ba:16:
         44:bd:15:8b:6e:ca:3d:22:44:50:1b:c6:a5:e6:d6:71:df:98:
         19:01:04:85:60:8f:eb:91:db:40:8e:2c:5a:91:01:b5:82:b9:
         66:18:87:a7:64:6a:78:75:47:cf:00:ec:61:c9:5d:cd:7a:a0:
         4b:a9:c6:bc:a2:2e:57:d8:95:31:9a:6f:03:63:bc:8b:df:b4:
         2e:73:95:31:eb:cd:0a:17:45:f7:de:7b:d4:15:82:ba:62:56:
         71:2b:34:10:a4:fd:76:2d:c3:1c:28:da:4f:7e:ab:6a:4f:75:
         0f:b1:3e:3d:45:7b:7a:e9:5e:f1:f7:66:1b:6d:a3:c3:fe:bf:
         68:23:e3:73:d0:aa:58:00:37:5c:0a:58:47:b2:0e:b1:fd:c6:
         d3:f3:dd:f2:c1:6d:e6:45:a5:09:7c:ff:9a:23:db:18:b8:7e:
         59:1e:19:15:56:96:c0:0b:4f:c4:39:00:b4:d9:82:71:56:a6:
         ec:86:ce:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTi3/R7gZwzvwhkh4qMKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJhMjY3Y2Y1MzJkN2Q5MjUxMDMxODFlMGQwYjYzODgxOTI3YTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO3z0ZzhNK1ZssHVTW83ZrIXLMOI
Ts5KWs/4yKEjRjKvaBdTX0y37oRP8Xo39kPTUoD/QOc+8gHkLYFcp+iwEJSCIP4z
oixmeIZY3yLM92d4HYS3uHhdDpvNquvwtXt9b/Qj84vYuoROYKiHxjW7Ga8PaC5s
UelloHA848OpM9edDQ50G5P13VCQBo9m74fTwfM5ewrVBs3cfJ2ScHkfzNwzryfF
QEf4hlsnRlJCSnpHkPfngRTDLKNniQi//bBblzjSKoUSd5x92spblRZtXdM7xN7I
2N7aJAusqAAJWP/lvWoqTwb8OyqNC0EYIZc5h3y+jXUpgdoLkszV1ddobQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMG6Jnz1MtfZJRAxgeDQtjiBknpeMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvd2JvbWZQVXkxOWtsRURHQjROQzJPSUdTZWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQoVAwQA
mFn8MA0GCSqGSIb3DQEBCwUAA4IBAQBEkAbk4o5X7UDHsd7au4yEzv3Nv4MN88Qt
YNIZ36HtpFmSzSQJNm5TKKriojxE7628AAiZw4wwT2RYdjNAR/zxqCNM7sJGuhZE
vRWLbso9IkRQG8al5tZx35gZAQSFYI/rkdtAjixakQG1grlmGIenZGp4dUfPAOxh
yV3NeqBLqca8oi5X2JUxmm8DY7yL37Quc5Ux680KF0X33nvUFYK6YlZxKzQQpP12
LcMcKNpPfqtqT3UPsT49RXt66V7x92YbbaPD/r9oI+Nz0KpYADdcClhHsg6x/cbT
893ywW3mRaUJfP+aI9sYuH5ZHhkVVpbAC0/EOQC02YJxVqbshs70
-----END CERTIFICATE-----