Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/M1mBcsQxGLKIziW_PsbHHFdIE7M.roa
File:                     M1mBcsQxGLKIziW_PsbHHFdIE7M.roa (raw, json)
Hash identifier:          WObgTt6fiPcAVI+PuqxBC0jjE2LAM/RvUq4lR73cSso=
Subject key identifier:   33:59:81:72:C4:31:18:B2:88:CE:25:BF:3E:C6:C7:1C:57:48:13:B3
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B6B5866244B735AE078232431996B
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/M1mBcsQxGLKIziW_PsbHHFdIE7M.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212951
IP address blocks:        45.153.10.0/24 maxlen: 24
                          45.153.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6b:58:66:24:4b:73:5a:e0:78:23:24:31:99:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33598172c43118b288ce25bf3ec6c71c574813b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:67:f5:30:2b:10:2a:23:55:39:3b:80:e0:0e:
                    6e:10:76:1f:72:02:17:76:93:8d:cd:ff:72:3e:b7:
                    84:15:0a:72:ce:8a:87:3a:5f:37:05:5f:19:28:1d:
                    74:65:2d:e6:03:a1:35:32:be:22:44:14:93:7d:99:
                    32:f1:77:55:f1:07:80:fb:2d:48:a2:63:9d:ac:72:
                    61:20:e9:83:d9:75:67:ab:27:9d:92:9b:c5:79:78:
                    11:74:92:f5:f9:d5:4f:a7:06:7c:8a:97:e8:71:5c:
                    4e:01:99:00:18:fe:9f:e9:9d:a4:a8:65:7f:12:64:
                    7e:c5:e9:5d:16:c9:39:ee:9d:2e:9a:52:1a:53:48:
                    e0:01:71:ac:b5:e0:b5:82:8f:f3:67:aa:61:11:bc:
                    5d:c9:d4:7c:bc:d5:1c:91:70:4a:f3:bf:37:72:0f:
                    8c:3e:24:a7:34:fc:b7:36:e9:a4:02:ab:51:1e:76:
                    6b:2b:9a:8d:b8:03:90:cc:51:06:92:98:dd:6a:38:
                    32:44:b3:68:46:b9:d9:88:eb:df:3f:29:8a:e4:d7:
                    7d:60:dd:76:09:e0:97:ba:fd:d0:33:4c:9f:d3:66:
                    8e:1f:c4:31:c0:0a:c2:02:78:b3:18:a2:4d:d2:93:
                    10:f5:4f:fd:6c:a3:d2:86:5b:ba:33:03:52:a3:f8:
                    55:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:59:81:72:C4:31:18:B2:88:CE:25:BF:3E:C6:C7:1C:57:48:13:B3
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/M1mBcsQxGLKIziW_PsbHHFdIE7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:33:c2:a6:89:02:e4:28:02:d3:58:df:9d:e0:03:61:b9:f7:
         85:bd:ec:3e:df:7f:cf:47:ca:7e:ad:ce:83:1e:a5:d0:1f:aa:
         b3:0b:f1:f0:ff:7a:83:46:d2:df:7e:6d:02:66:dc:07:6a:f3:
         d3:c4:32:28:4e:f0:47:3a:46:72:6f:b8:c2:af:90:f4:47:fc:
         67:60:f8:90:3c:ac:a2:74:27:e6:05:1d:15:28:61:b9:eb:77:
         80:f3:13:81:2f:1b:98:d9:98:ab:db:ce:a5:7a:bd:f1:55:1f:
         77:61:c3:0a:0e:b9:55:48:5a:c0:67:04:79:27:b9:2e:c5:62:
         85:29:5f:e2:c3:a2:07:88:33:2e:7f:49:32:62:0b:34:eb:7d:
         20:9f:68:2a:69:f7:d7:ae:94:bc:89:c6:1c:bf:9c:23:9f:d7:
         21:e7:1f:46:c7:ad:50:f5:c0:5e:6f:54:dc:18:2c:6d:73:4a:
         ce:90:05:33:bc:bd:34:44:b9:45:d3:58:c6:5e:83:31:6d:b2:
         d1:6d:cf:0c:20:0e:1a:56:5a:a3:46:79:00:0b:6c:59:e2:86:
         1d:ae:5b:54:b4:0e:f7:c8:b6:67:f4:b3:52:26:3f:34:d4:d4:
         da:86:8c:d0:76:35:bf:12:4c:3e:65:d4:8e:f3:43:ad:fd:7f:
         95:75:41:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2tYZiRLc1rgeCMkMZlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzU5ODE3MmM0MzExOGIyODhjZTI1YmYzZWM2YzcxYzU3NDgxM2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2f1MCsQKiNVOTuA4A5uEHYfcgIX
dpONzf9yPreEFQpyzoqHOl83BV8ZKB10ZS3mA6E1Mr4iRBSTfZky8XdV8QeA+y1I
omOdrHJhIOmD2XVnqyedkpvFeXgRdJL1+dVPpwZ8ipfocVxOAZkAGP6f6Z2kqGV/
EmR+xeldFsk57p0umlIaU0jgAXGsteC1go/zZ6phEbxdydR8vNUckXBK8783cg+M
PiSnNPy3NumkAqtRHnZrK5qNuAOQzFEGkpjdajgyRLNoRrnZiOvfPymK5Nd9YN12
CeCXuv3QM0yf02aOH8QxwArCAnizGKJN0pMQ9U/9bKPShlu6MwNSo/hVswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNZgXLEMRiyiM4lvz7GxxxXSBOzMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvTTFtQmNzUXhHTEtJemlXX1BzYkhIRmRJRTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZkKMA0G
CSqGSIb3DQEBCwUAA4IBAQAcM8KmiQLkKALTWN+d4ANhufeFvew+33/PR8p+rc6D
HqXQH6qzC/Hw/3qDRtLffm0CZtwHavPTxDIoTvBHOkZyb7jCr5D0R/xnYPiQPKyi
dCfmBR0VKGG563eA8xOBLxuY2Zir286ler3xVR93YcMKDrlVSFrAZwR5J7kuxWKF
KV/iw6IHiDMuf0kyYgs0630gn2gqaffXrpS8icYcv5wjn9ch5x9Gx61Q9cBeb1Tc
GCxtc0rOkAUzvL00RLlF01jGXoMxbbLRbc8MIA4aVlqjRnkAC2xZ4oYdrltUtA73
yLZn9LNSJj801NTahozQdjW/Ekw+ZdSO80Ot/X+VdUFn
-----END CERTIFICATE-----