Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Dl96hi-J9558bkCYYyBDyabUVtw.roa
File:                     Dl96hi-J9558bkCYYyBDyabUVtw.roa (raw, json)
Hash identifier:          lOAk979wv61LQB1rFFzIOTgracLaTu/nvNk6YQimmr0=
Subject key identifier:   0E:5F:7A:86:2F:89:F7:9E:7C:6E:40:98:63:20:43:C9:A6:D4:56:DC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018F153125BCD90DAA687A3CA9B481D87CB9
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Dl96hi-J9558bkCYYyBDyabUVtw.roa
Signing time:             Thu 25 Apr 2024 12:18:13 +0000
ROA not before:           Thu 25 Apr 2024 12:18:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49217
IP address blocks:        45.151.3.0/24 maxlen: 24
                          146.19.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:31:25:bc:d9:0d:aa:68:7a:3c:a9:b4:81:d8:7c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 25 12:18:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e5f7a862f89f79e7c6e4098632043c9a6d456dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e2:3a:cb:2a:99:3e:4b:ad:32:31:d5:25:70:
                    04:42:53:5f:bf:6b:13:61:9e:b1:d7:02:55:a7:cd:
                    b8:d8:15:ad:64:f8:86:99:6b:3d:55:8a:1f:85:93:
                    ad:c2:af:95:24:8a:6f:56:af:c4:87:28:37:15:06:
                    9d:c3:97:be:c7:60:11:46:a3:7f:5c:54:1b:60:20:
                    38:49:be:07:14:5d:a4:cd:f0:15:26:20:f4:64:9d:
                    9d:8b:db:80:69:4f:0c:e4:a1:5a:ba:25:13:18:30:
                    7c:90:d1:0f:26:44:f1:2c:ec:ed:ad:71:44:0c:d0:
                    87:37:97:ef:e3:ab:b1:9c:7c:1e:50:c2:04:5d:ca:
                    7b:42:7b:df:09:19:a0:dd:39:0e:92:f9:a6:1e:f8:
                    96:b8:56:4d:35:ad:fa:ad:95:3d:c7:29:8c:d4:d6:
                    a9:5b:0f:6d:1f:b5:38:22:b2:05:d6:33:20:4b:5a:
                    7a:b0:24:7e:bf:e1:e3:37:e6:03:d2:3f:ef:9e:25:
                    a0:85:e8:bc:c9:b6:49:1c:d9:87:b3:78:f8:10:e9:
                    ac:16:cc:af:99:e7:cb:75:b7:7c:65:bc:8a:da:67:
                    d2:fd:22:f4:d2:17:42:c9:1d:cb:24:bc:67:7d:6b:
                    8f:ef:1f:98:b4:33:80:98:dd:4f:35:97:64:7b:a7:
                    af:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:5F:7A:86:2F:89:F7:9E:7C:6E:40:98:63:20:43:C9:A6:D4:56:DC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Dl96hi-J9558bkCYYyBDyabUVtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.3.0/24
                  146.19.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:e5:fc:16:58:6a:7e:80:4b:c6:97:e3:cf:1a:4b:b9:b2:c9:
         88:35:bd:f4:0d:eb:fb:aa:3d:85:d9:8d:54:67:43:1e:07:c3:
         5a:ae:75:9e:fb:71:d8:c1:4d:0b:da:d1:87:0f:2c:1d:64:a4:
         34:d9:11:df:4d:63:df:4a:b2:89:dd:24:c3:0e:64:01:a2:e0:
         20:ce:94:36:a9:f1:bc:73:e8:5f:b4:2e:4d:fa:35:2b:a0:3c:
         cb:09:7c:4d:27:4e:1c:d1:ba:77:79:16:f5:1d:aa:41:dc:df:
         af:54:6c:35:f2:f2:97:3d:88:9b:da:f0:de:5e:5c:5a:e8:0e:
         b0:0a:68:c0:30:d7:b0:77:da:60:95:31:c5:67:cd:e8:1c:01:
         1e:b4:46:48:ed:32:f4:60:56:5b:f1:16:25:fe:be:a0:2d:7d:
         51:31:0b:39:3c:aa:76:8b:4f:07:9f:1e:86:a7:e8:d7:23:9e:
         f1:87:b8:59:38:e3:19:84:2b:f6:70:92:18:15:30:ed:0d:f6:
         9f:1b:25:6d:66:35:1d:19:52:02:b6:41:a4:67:68:75:22:1f:
         d8:a3:de:17:ad:27:ed:ab:31:a9:bc:bb:cd:85:11:8c:e6:85:
         a1:fa:13:f4:38:79:23:35:09:6c:9c:22:33:b4:d5:06:0d:f9:
         cd:75:aa:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8VMSW82Q2qaHo8qbSB2Hy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNDI1MTIxODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTVmN2E4NjJmODlmNzllN2M2ZTQwOTg2MzIwNDNjOWE2ZDQ1NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOI6yyqZPkutMjHVJXAEQlNfv2sT
YZ6x1wJVp8242BWtZPiGmWs9VYofhZOtwq+VJIpvVq/Ehyg3FQadw5e+x2ARRqN/
XFQbYCA4Sb4HFF2kzfAVJiD0ZJ2di9uAaU8M5KFauiUTGDB8kNEPJkTxLOztrXFE
DNCHN5fv46uxnHweUMIEXcp7QnvfCRmg3TkOkvmmHviWuFZNNa36rZU9xymM1Nap
Ww9tH7U4IrIF1jMgS1p6sCR+v+HjN+YD0j/vniWghei8ybZJHNmHs3j4EOmsFsyv
mefLdbd8ZbyK2mfS/SL00hdCyR3LJLxnfWuP7x+YtDOAmN1PNZdke6evEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5feoYvifeefG5AmGMgQ8mm1FbcMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRGw5NmhpLUo5NTU4YmtDWVl5QkR5YWJVVnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZcDAwQA
khN9MA0GCSqGSIb3DQEBCwUAA4IBAQBK5fwWWGp+gEvGl+PPGku5ssmINb30Dev7
qj2F2Y1UZ0MeB8NarnWe+3HYwU0L2tGHDywdZKQ02RHfTWPfSrKJ3STDDmQBouAg
zpQ2qfG8c+hftC5N+jUroDzLCXxNJ04c0bp3eRb1HapB3N+vVGw18vKXPYib2vDe
Xlxa6A6wCmjAMNewd9pglTHFZ83oHAEetEZI7TL0YFZb8RYl/r6gLX1RMQs5PKp2
i08Hnx6Gp+jXI57xh7hZOOMZhCv2cJIYFTDtDfafGyVtZjUdGVICtkGkZ2h1Ih/Y
o94XrSftqzGpvLvNhRGM5oWh+hP0OHkjNQlsnCIztNUGDfnNdapF
-----END CERTIFICATE-----