Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/3bPOoAKvXwUuvSsCWE906BkkNrw.roa
File:                     3bPOoAKvXwUuvSsCWE906BkkNrw.roa (raw, json)
Hash identifier:          9aa2UD2K+krwyXAfpe1xqdzCvWmIZ2tLkV3mS4NfNJU=
Subject key identifier:   DD:B3:CE:A0:02:AF:5F:05:2E:BD:2B:02:58:4F:74:E8:19:24:36:BC
Certificate issuer:       /CN=edf54be1b5ed5fd592faca468df1110095f3ea0a
Certificate serial:       018CC9BA65F0FCE3A31657833D2EA4A340B3
Authority key identifier: ED:F5:4B:E1:B5:ED:5F:D5:92:FA:CA:46:8D:F1:11:00:95:F3:EA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7fVL4bXtX9WS-spGjfERAJXz6go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/3bPOoAKvXwUuvSsCWE906BkkNrw.roa
Signing time:             Tue 02 Jan 2024 10:31:25 +0000
ROA not before:           Tue 02 Jan 2024 10:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.129.55.0/24 maxlen: 32
                          45.129.52.0/24 maxlen: 32
                          45.129.54.0/24 maxlen: 32
                          45.129.53.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/7fVL4bXtX9WS-spGjfERAJXz6go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/7fVL4bXtX9WS-spGjfERAJXz6go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7fVL4bXtX9WS-spGjfERAJXz6go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:65:f0:fc:e3:a3:16:57:83:3d:2e:a4:a3:40:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edf54be1b5ed5fd592faca468df1110095f3ea0a
        Validity
            Not Before: Jan  2 10:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddb3cea002af5f052ebd2b02584f74e8192436bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0e:41:b3:d2:6a:95:61:2b:e5:b5:55:20:29:
                    24:7f:99:b5:6b:e7:f3:fa:66:c0:19:ef:72:61:26:
                    97:5f:9c:a0:1f:0d:a9:be:96:ff:6c:9f:93:0a:b1:
                    5d:b7:90:23:82:e2:7e:f5:1e:29:40:c5:78:f2:15:
                    a1:ac:0c:b8:b0:b5:62:88:8e:c6:cf:e4:0b:51:0c:
                    ba:b8:ef:31:8c:f5:ae:bc:b5:f2:58:15:9a:0f:b5:
                    c6:51:3f:ec:ee:30:96:80:88:6e:cd:2a:1f:d2:c0:
                    96:10:fe:48:f8:23:e0:09:d1:e3:5a:de:54:63:3e:
                    9a:51:fa:37:48:ad:a3:9a:3d:3d:ed:0d:03:fc:94:
                    41:46:cd:c1:72:86:60:34:e5:63:eb:9a:c7:9a:e9:
                    dd:28:8e:e2:7b:bd:f5:e8:e8:1c:fb:5a:bb:ca:cc:
                    66:aa:43:01:9a:ed:1e:6d:f6:dd:e5:d8:66:97:e7:
                    0f:2e:64:72:d1:e4:02:0c:2d:b8:ac:32:41:c7:87:
                    c0:32:9d:5a:48:01:78:bc:18:8a:65:99:d0:d4:8b:
                    b5:f7:18:7c:1d:ee:8f:4e:77:8b:c1:ce:58:70:af:
                    12:7a:84:47:1a:f0:76:5e:40:9a:2b:4c:6b:a1:88:
                    05:95:7c:dc:60:08:de:f1:d4:63:fc:37:0f:a5:19:
                    47:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:B3:CE:A0:02:AF:5F:05:2E:BD:2B:02:58:4F:74:E8:19:24:36:BC
            X509v3 Authority Key Identifier:
                keyid:ED:F5:4B:E1:B5:ED:5F:D5:92:FA:CA:46:8D:F1:11:00:95:F3:EA:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7fVL4bXtX9WS-spGjfERAJXz6go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/3bPOoAKvXwUuvSsCWE906BkkNrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/7fVL4bXtX9WS-spGjfERAJXz6go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:88:b7:f0:64:1c:3f:d3:4f:64:cd:7d:e3:14:04:2a:9f:ea:
         a6:c9:c1:2c:49:c0:63:06:5e:a3:63:16:80:56:f6:15:22:83:
         7d:d9:66:36:31:84:a9:50:66:d1:c1:0d:3e:84:c1:de:6d:fb:
         17:b9:24:08:12:a2:46:fc:78:f1:38:be:a9:33:b7:9d:ac:b0:
         15:40:44:a0:06:1a:02:fc:f6:11:a9:02:a9:fa:34:2f:b9:40:
         64:2e:d1:2c:fa:21:7b:34:e1:aa:72:ce:7f:32:1b:b1:ba:ad:
         2b:4a:b2:13:ae:cc:a4:aa:a3:ec:a7:18:57:f2:7a:13:fa:dd:
         7f:d9:fa:9a:9c:ec:cd:15:07:0b:a3:41:71:86:ff:a3:b5:be:
         32:60:b4:e8:fb:b6:a4:32:b0:24:a7:8d:56:47:de:c7:4c:be:
         6a:40:90:28:08:cf:1d:cc:57:e7:d4:92:05:7b:82:ff:45:b1:
         aa:c9:1d:b1:47:ad:2f:bf:0b:d4:f8:71:c9:08:54:4d:84:c3:
         b2:de:d3:1c:a6:e5:2c:05:a5:aa:e5:64:9f:9a:26:fe:b7:e2:
         39:39:1c:80:87:31:43:5a:0d:d7:fe:ac:20:29:1a:3d:85:e4:
         3b:9a:6d:89:50:96:7b:79:87:93:bc:54:d3:e3:01:de:ab:e6:
         71:15:b7:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumXw/OOjFleDPS6ko0CzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZjU0YmUxYjVlZDVmZDU5MmZhY2E0NjhkZjExMTAwOTVm
M2VhMGEwHhcNMjQwMTAyMTAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGIzY2VhMDAyYWY1ZjA1MmViZDJiMDI1ODRmNzRlODE5MjQzNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ5Bs9JqlWEr5bVVICkkf5m1a+fz
+mbAGe9yYSaXX5ygHw2pvpb/bJ+TCrFdt5AjguJ+9R4pQMV48hWhrAy4sLViiI7G
z+QLUQy6uO8xjPWuvLXyWBWaD7XGUT/s7jCWgIhuzSof0sCWEP5I+CPgCdHjWt5U
Yz6aUfo3SK2jmj097Q0D/JRBRs3BcoZgNOVj65rHmundKI7ie7316Ogc+1q7ysxm
qkMBmu0ebfbd5dhml+cPLmRy0eQCDC24rDJBx4fAMp1aSAF4vBiKZZnQ1Iu19xh8
He6PTneLwc5YcK8SeoRHGvB2XkCaK0xroYgFlXzcYAje8dRj/DcPpRlHDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2zzqACr18FLr0rAlhPdOgZJDa8MB8GA1UdIwQY
MBaAFO31S+G17V/VkvrKRo3xEQCV8+oKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2ZWTDRiWHRYOVdTLXNwR2pmRVJBSlh6NmdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80MGQ4OTMtZTA5OS00MTQ4LWIyOGUt
OWU2MTRmNDQ2NmM1LzEvM2JQT29BS3ZYd1V1dlNzQ1dFOTA2QmtrTnJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80MGQ4OTMtZTA5OS00MTQ4LWIyOGUtOWU2MTRmNDQ2NmM1
LzEvN2ZWTDRiWHRYOVdTLXNwR2pmRVJBSlh6NmdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYE0MA0G
CSqGSIb3DQEBCwUAA4IBAQBniLfwZBw/009kzX3jFAQqn+qmycEsScBjBl6jYxaA
VvYVIoN92WY2MYSpUGbRwQ0+hMHebfsXuSQIEqJG/HjxOL6pM7edrLAVQESgBhoC
/PYRqQKp+jQvuUBkLtEs+iF7NOGqcs5/Mhuxuq0rSrITrsykqqPspxhX8noT+t1/
2fqanOzNFQcLo0Fxhv+jtb4yYLTo+7akMrAkp41WR97HTL5qQJAoCM8dzFfn1JIF
e4L/RbGqyR2xR60vvwvU+HHJCFRNhMOy3tMcpuUsBaWq5WSfmib+t+I5ORyAhzFD
Wg3X/qwgKRo9heQ7mm2JUJZ7eYeTvFTT4wHeq+ZxFbcl
-----END CERTIFICATE-----