Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/cMSMdjE8Vxzjj3DlevfGI4xTKUk.roa
File:                     cMSMdjE8Vxzjj3DlevfGI4xTKUk.roa (raw, json)
Hash identifier:          B+TPB6/d8J7oALkl7qKQjtwvCVR3Tu2zTZMlVM1Iz8Y=
Subject key identifier:   70:C4:8C:76:31:3C:57:1C:E3:8F:70:E5:7A:F7:C6:23:8C:53:29:49
Certificate issuer:       /CN=159d30b70b9a83cb8ed5501f554a7feca382f959
Certificate serial:       018CC8705371DBCEC4C4912A21770F8DE33B
Authority key identifier: 15:9D:30:B7:0B:9A:83:CB:8E:D5:50:1F:55:4A:7F:EC:A3:82:F9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/cMSMdjE8Vxzjj3DlevfGI4xTKUk.roa
Signing time:             Tue 02 Jan 2024 04:30:53 +0000
ROA not before:           Tue 02 Jan 2024 04:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199703
IP address blocks:        45.157.144.0/22 maxlen: 22
                          2a13:f000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:53:71:db:ce:c4:c4:91:2a:21:77:0f:8d:e3:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=159d30b70b9a83cb8ed5501f554a7feca382f959
        Validity
            Not Before: Jan  2 04:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70c48c76313c571ce38f70e57af7c6238c532949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:40:64:38:48:ed:ac:fa:3b:db:dd:2c:2c:dd:
                    6e:21:52:cd:f0:42:03:05:d1:f5:09:c2:22:82:2c:
                    3b:de:ae:1e:c2:45:3f:11:1b:6a:11:67:7b:89:06:
                    79:e6:e2:83:11:cf:fc:c7:cd:1b:8e:01:30:f2:1e:
                    ec:4f:cc:b1:2c:b6:56:33:7e:fd:3e:ab:94:6b:5f:
                    68:c3:aa:c7:3a:4e:b6:c0:b4:eb:bb:fb:08:7c:6c:
                    68:85:ff:0d:eb:d0:15:b7:90:6b:c8:f5:87:d3:bf:
                    60:64:f0:7c:4c:bc:c8:8e:ed:79:37:41:b2:bd:0e:
                    4d:9d:7a:d8:8b:fd:de:be:15:4e:04:62:7f:78:12:
                    6f:c5:c8:83:43:04:bf:a7:eb:87:e3:f7:b6:1b:b7:
                    67:22:7c:67:2e:0a:a2:72:de:c5:28:9a:da:c8:7f:
                    03:bd:7b:13:24:fc:78:50:45:81:c7:97:77:10:06:
                    6d:06:d6:29:92:6b:e0:a0:28:58:50:2e:5d:1e:5d:
                    e8:5f:40:56:a4:a1:c7:6b:17:0f:2e:5f:f8:11:8a:
                    64:46:aa:ea:81:1b:a6:ed:69:17:83:02:fb:93:16:
                    3f:ea:16:1e:ec:5f:54:c6:86:ae:94:60:82:9c:0f:
                    ff:2a:94:71:a8:48:59:aa:f1:c3:15:f3:38:9f:38:
                    b7:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C4:8C:76:31:3C:57:1C:E3:8F:70:E5:7A:F7:C6:23:8C:53:29:49
            X509v3 Authority Key Identifier:
                keyid:15:9D:30:B7:0B:9A:83:CB:8E:D5:50:1F:55:4A:7F:EC:A3:82:F9:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/cMSMdjE8Vxzjj3DlevfGI4xTKUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.144.0/22
                IPv6:
                  2a13:f000::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:62:c2:e2:ea:a9:d7:33:19:a8:a8:eb:f4:5a:03:b6:d6:fe:
         5f:55:2b:0c:d8:5b:95:fc:84:e1:d7:1c:de:0f:d6:93:59:52:
         b3:ce:bb:28:e4:de:19:b9:f4:7e:47:ba:07:a6:3f:97:0d:72:
         2d:75:23:29:95:22:55:a2:24:00:d1:d8:ff:b3:8f:dd:24:82:
         6a:f3:8e:85:30:7a:b8:63:88:f5:03:1b:b3:fc:26:c6:74:07:
         03:ff:b7:ed:2e:57:51:ce:0f:6f:64:0e:3b:70:83:05:55:fc:
         f2:5f:58:f3:f5:07:80:76:c4:c5:7d:8d:87:be:6f:69:e9:cf:
         21:97:ad:29:3a:6c:b3:64:cc:38:e9:0b:53:ce:d9:dd:c3:1c:
         40:33:76:d0:f7:14:29:49:0f:ef:e6:50:e7:b8:f6:d2:c1:03:
         31:02:4a:58:e6:84:26:3d:3b:c5:a1:d0:50:af:62:56:e9:d8:
         fa:21:e1:72:f1:84:72:52:e5:b0:09:b7:26:d5:07:49:fa:15:
         93:e7:e2:c8:5f:4c:ff:23:b9:3d:29:20:12:e5:d6:b1:10:0a:
         8a:b4:ae:97:46:cb:ba:9c:3c:25:1c:f7:20:76:2a:21:7a:09:
         3a:83:21:71:3a:d3:91:17:7c:b7:21:5d:4b:ba:18:36:aa:5b:
         4c:28:23:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcFNx287ExJEqIXcPjeM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OWQzMGI3MGI5YTgzY2I4ZWQ1NTAxZjU1NGE3ZmVjYTM4
MmY5NTkwHhcNMjQwMTAyMDQzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM0OGM3NjMxM2M1NzFjZTM4ZjcwZTU3YWY3YzYyMzhjNTMyOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkBkOEjtrPo7290sLN1uIVLN8EID
BdH1CcIigiw73q4ewkU/ERtqEWd7iQZ55uKDEc/8x80bjgEw8h7sT8yxLLZWM379
PquUa19ow6rHOk62wLTru/sIfGxohf8N69AVt5BryPWH079gZPB8TLzIju15N0Gy
vQ5NnXrYi/3evhVOBGJ/eBJvxciDQwS/p+uH4/e2G7dnInxnLgqict7FKJrayH8D
vXsTJPx4UEWBx5d3EAZtBtYpkmvgoChYUC5dHl3oX0BWpKHHaxcPLl/4EYpkRqrq
gRum7WkXgwL7kxY/6hYe7F9UxoaulGCCnA//KpRxqEhZqvHDFfM4nzi32QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHDEjHYxPFcc449w5Xr3xiOMUylJMB8GA1UdIwQY
MBaAFBWdMLcLmoPLjtVQH1VKf+yjgvlZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlowd3R3dWFnOHVPMVZBZlZVcF83S09DLVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85NTZjMzctOTkzYS00MWRlLWFiZTAt
NjVkNzIyODM3MTIxLzEvY01TTWRqRThWeHpqajNEbGV2ZkdJNHhUS1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85NTZjMzctOTkzYS00MWRlLWFiZTAtNjVkNzIyODM3MTIx
LzEvRlowd3R3dWFnOHVPMVZBZlZVcF83S09DLVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ2QMA0E
AgACMAcDBQAqE/AAMA0GCSqGSIb3DQEBCwUAA4IBAQAqYsLi6qnXMxmoqOv0WgO2
1v5fVSsM2FuV/ITh1xzeD9aTWVKzzrso5N4ZufR+R7oHpj+XDXItdSMplSJVoiQA
0dj/s4/dJIJq846FMHq4Y4j1Axuz/CbGdAcD/7ftLldRzg9vZA47cIMFVfzyX1jz
9QeAdsTFfY2Hvm9p6c8hl60pOmyzZMw46QtTztndwxxAM3bQ9xQpSQ/v5lDnuPbS
wQMxAkpY5oQmPTvFodBQr2JW6dj6IeFy8YRyUuWwCbcm1QdJ+hWT5+LIX0z/I7k9
KSAS5daxEAqKtK6XRsu6nDwlHPcgdiohegk6gyFxOtORF3y3IV1Luhg2qltMKCP+
-----END CERTIFICATE-----