Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/Os5W01NBOZpXdNt7oCVCfUKFDno.roa
File:                     Os5W01NBOZpXdNt7oCVCfUKFDno.roa (raw, json)
Hash identifier:          ZKFXB3/Q2H/ISS1J0/LhTgYrpj4LjVAR8pAAdpP7MHw=
Subject key identifier:   3A:CE:56:D3:53:41:39:9A:57:74:DB:7B:A0:25:42:7D:42:85:0E:7A
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018CC5015064FFD8DD66A2E0F4AE4D610F84
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/Os5W01NBOZpXdNt7oCVCfUKFDno.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47720
IP address blocks:        45.140.144.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:50:64:ff:d8:dd:66:a2:e0:f4:ae:4d:61:0f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ace56d35341399a5774db7ba025427d42850e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:98:5c:81:88:1d:a7:60:ed:de:c9:e7:74:04:
                    c4:a2:90:94:06:b1:41:eb:b7:75:99:c4:ef:0e:89:
                    9d:ed:f5:b3:25:08:ac:ae:bb:5f:eb:d3:ca:8f:b2:
                    21:87:28:ca:1b:39:5e:4f:4d:c9:5b:5f:e9:8e:3e:
                    3c:77:a2:3e:25:5c:57:ea:7e:de:b5:81:28:c8:72:
                    e0:a7:27:1f:e4:d4:ce:31:8a:b4:4f:59:a7:97:c3:
                    b6:25:73:ce:ef:89:04:0c:5f:93:18:09:dc:89:89:
                    57:24:6a:23:3d:f3:87:2d:dd:1c:4a:71:c1:a8:a5:
                    a5:75:15:ef:2e:d1:78:e3:90:bd:4b:e3:1d:5d:d3:
                    81:30:70:7e:74:41:df:3f:cb:93:7c:6e:84:9d:2c:
                    55:43:65:6b:a9:60:5b:c5:bd:6c:ff:7d:57:79:0b:
                    1c:83:12:e7:f1:42:4a:c3:6e:f3:1c:f7:08:94:b0:
                    56:f2:43:8f:16:b3:ca:73:75:19:2c:dc:95:79:91:
                    90:1b:0b:5f:c5:bd:34:7b:51:0b:9a:72:e8:b8:99:
                    2e:6f:01:bf:df:1b:ee:04:1f:03:d9:f1:4e:ab:15:
                    dd:da:d6:f7:c2:9b:5e:64:b6:f3:c2:02:44:99:87:
                    b0:42:fc:a5:23:62:98:83:b8:d1:9b:d0:d1:14:7a:
                    da:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:CE:56:D3:53:41:39:9A:57:74:DB:7B:A0:25:42:7D:42:85:0E:7A
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/Os5W01NBOZpXdNt7oCVCfUKFDno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:8f:25:1a:46:4f:71:a4:41:f8:71:63:9d:28:c5:b9:6d:b4:
         99:e7:f8:f3:d7:e7:7d:28:a5:cf:fc:dd:02:15:79:6f:c5:22:
         9c:53:c7:27:32:0a:73:d7:db:17:39:22:cb:29:87:95:af:76:
         1f:aa:66:59:6e:6d:3c:fd:e5:5c:27:4a:67:ca:49:9f:c7:f9:
         f8:64:e8:6f:49:b3:06:2c:4b:01:da:11:9e:bc:91:1f:07:c7:
         29:79:47:f9:98:bd:b3:d8:50:ff:40:06:d5:b6:d0:8a:d2:74:
         23:8e:65:83:a0:6b:c8:6c:6e:70:30:5c:97:b6:25:ac:55:96:
         74:27:25:cd:b2:fa:80:fc:04:b9:ed:4a:85:7c:b0:f1:28:fc:
         34:bd:af:7e:d4:6e:e7:06:c7:7f:24:53:00:83:bc:01:c6:36:
         40:70:ef:2b:d1:cb:45:26:fd:6a:66:df:56:a3:0b:c4:fc:28:
         8c:73:b2:85:ab:94:6f:cc:8a:70:80:b2:86:f9:ce:54:60:b7:
         ab:c8:58:a5:7d:ae:3d:8d:6d:66:4f:23:68:6e:cb:4b:45:68:
         d9:bb:d5:4c:ba:6d:a7:ee:b9:a8:4a:df:20:b3:63:5f:d9:a8:
         f4:93:31:dc:c5:42:ae:55:e4:08:db:64:8d:90:35:e3:ca:36:
         81:a3:4e:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVBk/9jdZqLg9K5NYQ+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWNlNTZkMzUzNDEzOTlhNTc3NGRiN2JhMDI1NDI3ZDQyODUwZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkphcgYgdp2Dt3snndATEopCUBrFB
67d1mcTvDomd7fWzJQisrrtf69PKj7IhhyjKGzleT03JW1/pjj48d6I+JVxX6n7e
tYEoyHLgpycf5NTOMYq0T1mnl8O2JXPO74kEDF+TGAnciYlXJGojPfOHLd0cSnHB
qKWldRXvLtF445C9S+MdXdOBMHB+dEHfP8uTfG6EnSxVQ2VrqWBbxb1s/31XeQsc
gxLn8UJKw27zHPcIlLBW8kOPFrPKc3UZLNyVeZGQGwtfxb00e1ELmnLouJkubwG/
3xvuBB8D2fFOqxXd2tb3wpteZLbzwgJEmYewQvylI2KYg7jRm9DRFHraawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrOVtNTQTmaV3Tbe6AlQn1ChQ56MB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvT3M1VzAxTkJPWnBYZE50N29DVkNmVUtGRG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYyQMA0G
CSqGSIb3DQEBCwUAA4IBAQCgjyUaRk9xpEH4cWOdKMW5bbSZ5/jz1+d9KKXP/N0C
FXlvxSKcU8cnMgpz19sXOSLLKYeVr3YfqmZZbm08/eVcJ0pnykmfx/n4ZOhvSbMG
LEsB2hGevJEfB8cpeUf5mL2z2FD/QAbVttCK0nQjjmWDoGvIbG5wMFyXtiWsVZZ0
JyXNsvqA/AS57UqFfLDxKPw0va9+1G7nBsd/JFMAg7wBxjZAcO8r0ctFJv1qZt9W
owvE/CiMc7KFq5RvzIpwgLKG+c5UYLeryFilfa49jW1mTyNobstLRWjZu9VMum2n
7rmoSt8gs2Nf2aj0kzHcxUKuVeQI22SNkDXjyjaBo07h
-----END CERTIFICATE-----