Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/HMoWLyurCAGI3484DOKwudi2WO0.roa
File:                     HMoWLyurCAGI3484DOKwudi2WO0.roa (raw, json)
Hash identifier:          5PIZ2VpttyjH/6kasf5DESvhNVMC22qtXEqBs8ALa4g=
Subject key identifier:   1C:CA:16:2F:2B:AB:08:01:88:DF:8F:38:0C:E2:B0:B9:D8:B6:58:ED
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       018CCA2AFD77222C3A71EB69039D47F5FAE8
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/HMoWLyurCAGI3484DOKwudi2WO0.roa
Signing time:             Tue 02 Jan 2024 12:34:24 +0000
ROA not before:           Tue 02 Jan 2024 12:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202272
IP address blocks:        45.152.68.0/24 maxlen: 24
                          2a0f:4900::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:fd:77:22:2c:3a:71:eb:69:03:9d:47:f5:fa:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  2 12:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cca162f2bab080188df8f380ce2b0b9d8b658ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:20:14:6f:e7:be:18:a7:8d:c3:28:21:71:c2:
                    83:20:75:de:35:b4:62:e5:53:ec:10:ec:3d:9f:b3:
                    d8:c5:4f:68:b3:19:50:da:02:d8:5c:ca:73:39:c2:
                    a5:9c:a5:83:cf:1d:d4:17:47:e6:d9:fd:40:5c:79:
                    9d:9b:42:66:95:cc:30:28:9c:bf:7c:c7:00:b6:52:
                    60:9e:14:97:fb:a9:80:40:1a:bb:f0:7a:d1:86:f5:
                    c1:c2:3f:08:6e:8c:c8:4c:ee:78:91:ce:f3:9d:0e:
                    30:33:8a:1b:9e:7b:98:f6:12:f5:0b:6e:76:f4:15:
                    21:c1:f3:dc:62:ae:3b:56:7e:23:58:2d:18:2f:6b:
                    cb:f3:d0:73:24:84:a9:10:ef:1c:4f:f0:ba:d3:eb:
                    3d:d2:34:c0:55:94:bc:0d:61:69:bb:dc:d0:22:a3:
                    2f:bf:22:27:1b:3c:13:f1:37:b1:b0:65:21:2e:b6:
                    34:d5:72:0b:7d:c3:b8:4d:77:6a:52:69:3a:2c:e7:
                    a6:4f:8e:e4:a8:43:3b:06:28:b3:75:5b:bf:9c:c7:
                    aa:a8:5b:85:93:54:ed:c7:64:5c:c1:47:d2:cf:56:
                    89:55:41:64:0c:7b:60:e6:aa:c5:98:7c:d2:19:79:
                    1b:dc:7d:8e:ef:b8:72:fa:69:28:9c:fa:08:79:52:
                    ba:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CA:16:2F:2B:AB:08:01:88:DF:8F:38:0C:E2:B0:B9:D8:B6:58:ED
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/HMoWLyurCAGI3484DOKwudi2WO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.68.0/24
                IPv6:
                  2a0f:4900::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:dd:03:1e:7c:7b:83:14:10:a5:65:9c:16:f9:d3:95:cc:0d:
         26:4e:74:44:00:c9:f5:7c:5d:f8:d5:7e:13:ed:09:46:1e:15:
         b8:79:79:3d:0c:aa:2b:9e:1c:cb:6d:90:49:cd:9d:a9:1d:f0:
         ec:da:9a:e0:6e:b2:41:a5:ab:e3:61:aa:e5:72:44:9c:41:c6:
         53:29:3c:a7:ed:fe:eb:a3:f5:62:6d:5e:11:9c:94:fe:2d:29:
         07:bb:1b:6a:9e:0b:f7:a2:8a:5d:f9:f2:95:69:fc:f9:03:9d:
         25:bc:c2:c5:d4:94:02:bb:27:07:9f:8a:19:51:df:60:fb:19:
         bb:e1:da:6c:3a:4e:a6:17:e7:a5:7e:85:7f:ef:e4:5e:37:78:
         d7:ba:4b:1c:bb:29:1d:73:2c:a5:90:0d:96:01:5b:4c:4d:22:
         59:0c:71:c2:5a:43:fa:90:71:a3:cb:dd:36:29:ac:c8:7f:6d:
         c5:75:8f:c1:a5:1a:a9:fa:a7:26:32:01:52:92:62:35:50:d1:
         18:f8:19:97:e5:c6:d8:67:dc:c8:3f:9f:9b:6a:24:59:7b:a2:
         73:6c:a1:c0:61:69:0a:f2:a3:4a:bf:69:9c:c0:81:e5:26:9c:
         c6:91:dc:0b:07:3e:d5:83:88:f9:70:a0:a7:fc:c1:50:be:3c:
         cf:86:4c:df
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKv13Iiw6cetpA51H9froMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjQwMTAyMTIzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NhMTYyZjJiYWIwODAxODhkZjhmMzgwY2UyYjBiOWQ4YjY1OGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiAUb+e+GKeNwyghccKDIHXeNbRi
5VPsEOw9n7PYxU9osxlQ2gLYXMpzOcKlnKWDzx3UF0fm2f1AXHmdm0JmlcwwKJy/
fMcAtlJgnhSX+6mAQBq78HrRhvXBwj8IbozITO54kc7znQ4wM4obnnuY9hL1C252
9BUhwfPcYq47Vn4jWC0YL2vL89BzJISpEO8cT/C60+s90jTAVZS8DWFpu9zQIqMv
vyInGzwT8TexsGUhLrY01XILfcO4TXdqUmk6LOemT47kqEM7BiizdVu/nMeqqFuF
k1Ttx2RcwUfSz1aJVUFkDHtg5qrFmHzSGXkb3H2O77hy+mkonPoIeVK6/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBzKFi8rqwgBiN+POAzisLnYtljtMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvSE1vV0x5dXJDQUdJMzQ4NERPS3d1ZGkyV08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZhEMA8E
AgACMAkDBwQqD0kAAAAwDQYJKoZIhvcNAQELBQADggEBAIXdAx58e4MUEKVlnBb5
05XMDSZOdEQAyfV8XfjVfhPtCUYeFbh5eT0MqiueHMttkEnNnakd8OzamuBuskGl
q+NhquVyRJxBxlMpPKft/uuj9WJtXhGclP4tKQe7G2qeC/eiil358pVp/PkDnSW8
wsXUlAK7JwefihlR32D7Gbvh2mw6TqYX56V+hX/v5F43eNe6Sxy7KR1zLKWQDZYB
W0xNIlkMccJaQ/qQcaPL3TYprMh/bcV1j8GlGqn6pyYyAVKSYjVQ0Rj4GZflxthn
3Mg/n5tqJFl7onNsocBhaQryo0q/aZzAgeUmnMaR3AsHPtWDiPlwoKf8wVC+PM+G
TN8=
-----END CERTIFICATE-----