Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/17a621-edae-4a9b-8455-fcc0091fe9e6/1/PBvrkqoouaudyQOCl3fsTqIhmrI.roa
File:                     PBvrkqoouaudyQOCl3fsTqIhmrI.roa (raw, json)
Hash identifier:          TQ4tOohP+zIQwp7u3EwVXtoxNHnik8Km7GW3JjGpfKs=
Subject key identifier:   3C:1B:EB:92:AA:28:B9:AB:9D:C9:03:82:97:77:EC:4E:A2:21:9A:B2
Certificate issuer:       /CN=747bb7c24505b6f58f94817d7c8d5376756d37fc
Certificate serial:       018CC348D268C97EB8B10412A47032BC7E2C
Authority key identifier: 74:7B:B7:C2:45:05:B6:F5:8F:94:81:7D:7C:8D:53:76:75:6D:37:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dHu3wkUFtvWPlIF9fI1TdnVtN_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/17a621-edae-4a9b-8455-fcc0091fe9e6/1/PBvrkqoouaudyQOCl3fsTqIhmrI.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215982
IP address blocks:        45.132.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/17a621-edae-4a9b-8455-fcc0091fe9e6/1/dHu3wkUFtvWPlIF9fI1TdnVtN_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/17a621-edae-4a9b-8455-fcc0091fe9e6/1/dHu3wkUFtvWPlIF9fI1TdnVtN_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dHu3wkUFtvWPlIF9fI1TdnVtN_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d2:68:c9:7e:b8:b1:04:12:a4:70:32:bc:7e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=747bb7c24505b6f58f94817d7c8d5376756d37fc
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c1beb92aa28b9ab9dc903829777ec4ea2219ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2c:80:c8:2e:84:b2:a7:1d:68:10:b1:47:00:
                    2d:e6:81:ff:40:cb:c0:2d:2e:0d:f1:a7:97:76:b8:
                    19:e6:ce:15:53:87:66:59:d3:75:ca:f7:0a:29:5a:
                    5c:75:b5:27:18:d8:80:ff:87:2d:b4:f2:4f:3c:5a:
                    72:7f:51:da:8e:78:a7:49:b9:2b:d8:73:dd:aa:3e:
                    6b:f3:91:ea:b3:b1:d3:5a:47:d3:b9:9d:13:dd:1a:
                    18:3f:62:f8:89:34:83:4b:51:37:24:e0:7a:48:5b:
                    3b:41:bf:5c:3b:69:36:c6:c0:85:64:5c:34:22:cc:
                    c4:42:15:89:ca:7c:2f:d5:27:fb:a6:a9:85:4a:9b:
                    c9:4a:86:6b:fa:63:01:0e:7c:61:87:1c:1b:92:36:
                    b8:5a:b7:e2:74:ac:1f:39:60:1a:d8:58:cc:93:82:
                    8f:92:20:1f:db:05:b5:e7:b3:9f:99:9f:47:39:24:
                    29:7f:88:9e:47:47:0b:c5:38:60:ae:8c:d9:bf:7a:
                    e0:0e:5a:7f:f2:f0:d3:ef:d9:53:c4:02:63:93:7b:
                    c3:b3:9a:a4:c1:a5:f1:65:9b:d5:93:c2:32:bb:22:
                    6c:8b:f5:f6:4b:3e:fe:4e:35:9d:ab:11:e0:03:2a:
                    12:db:64:de:6f:75:32:01:31:4b:87:83:d8:78:c2:
                    59:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1B:EB:92:AA:28:B9:AB:9D:C9:03:82:97:77:EC:4E:A2:21:9A:B2
            X509v3 Authority Key Identifier:
                keyid:74:7B:B7:C2:45:05:B6:F5:8F:94:81:7D:7C:8D:53:76:75:6D:37:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHu3wkUFtvWPlIF9fI1TdnVtN_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/17a621-edae-4a9b-8455-fcc0091fe9e6/1/PBvrkqoouaudyQOCl3fsTqIhmrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/17a621-edae-4a9b-8455-fcc0091fe9e6/1/dHu3wkUFtvWPlIF9fI1TdnVtN_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:d8:8c:ff:14:bd:2a:ca:77:26:57:c5:4f:f9:5c:52:5f:d5:
         db:59:24:88:48:63:e9:1f:26:44:cc:18:94:61:7f:0d:52:7f:
         55:ad:4b:2b:40:b5:34:fc:1f:18:6a:55:ec:04:ba:18:61:f9:
         af:47:01:48:66:f3:e5:9d:03:35:9c:71:5e:bb:52:a0:8f:a7:
         47:18:e7:d0:a7:e4:1d:0e:7f:e2:71:4a:dc:0c:9d:01:95:3f:
         3b:57:5d:45:9b:6d:73:7e:2a:45:8c:97:46:bd:01:15:09:97:
         44:5a:92:57:b7:af:df:c6:b4:20:e2:8d:73:58:fe:04:4e:8a:
         94:ca:33:52:d5:94:8a:08:ba:62:19:6d:36:65:f4:6c:94:ca:
         ee:80:7e:20:a8:4e:c7:32:c5:4f:2d:82:73:a1:26:9c:cb:bb:
         d2:96:8b:c3:d0:19:7f:7c:aa:93:db:50:cd:e8:15:e9:d2:da:
         ed:7a:81:19:34:f8:89:50:c3:be:c0:5f:4b:06:cf:67:fa:95:
         cc:b4:1f:53:10:aa:8d:32:14:ef:39:fb:6e:6a:7e:cf:75:bb:
         77:11:6f:25:be:f1:0e:b7:91:75:b8:12:aa:13:0d:62:c7:85:
         45:77:d7:96:89:92:cf:99:58:12:b7:29:63:c0:3f:9f:4a:fb:
         38:ce:2e:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNJoyX64sQQSpHAyvH4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0N2JiN2MyNDUwNWI2ZjU4Zjk0ODE3ZDdjOGQ1Mzc2NzU2
ZDM3ZmMwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzFiZWI5MmFhMjhiOWFiOWRjOTAzODI5Nzc3ZWM0ZWEyMjE5YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniyAyC6EsqcdaBCxRwAt5oH/QMvA
LS4N8aeXdrgZ5s4VU4dmWdN1yvcKKVpcdbUnGNiA/4cttPJPPFpyf1HajninSbkr
2HPdqj5r85Hqs7HTWkfTuZ0T3RoYP2L4iTSDS1E3JOB6SFs7Qb9cO2k2xsCFZFw0
IszEQhWJynwv1Sf7pqmFSpvJSoZr+mMBDnxhhxwbkja4WrfidKwfOWAa2FjMk4KP
kiAf2wW157OfmZ9HOSQpf4ieR0cLxThgrozZv3rgDlp/8vDT79lTxAJjk3vDs5qk
waXxZZvVk8IyuyJsi/X2Sz7+TjWdqxHgAyoS22Teb3UyATFLh4PYeMJZhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwb65KqKLmrnckDgpd37E6iIZqyMB8GA1UdIwQY
MBaAFHR7t8JFBbb1j5SBfXyNU3Z1bTf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEh1M3drVUZ0dldQbElGOWZJMVRkblZ0Tl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8xN2E2MjEtZWRhZS00YTliLTg0NTUt
ZmNjMDA5MWZlOWU2LzEvUEJ2cmtxb291YXVkeVFPQ2wzZnNUcUlobXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8xN2E2MjEtZWRhZS00YTliLTg0NTUtZmNjMDA5MWZlOWU2
LzEvZEh1M3drVUZ0dldQbElGOWZJMVRkblZ0Tl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYSYMA0G
CSqGSIb3DQEBCwUAA4IBAQBL2Iz/FL0qyncmV8VP+VxSX9XbWSSISGPpHyZEzBiU
YX8NUn9VrUsrQLU0/B8YalXsBLoYYfmvRwFIZvPlnQM1nHFeu1Kgj6dHGOfQp+Qd
Dn/icUrcDJ0BlT87V11Fm21zfipFjJdGvQEVCZdEWpJXt6/fxrQg4o1zWP4EToqU
yjNS1ZSKCLpiGW02ZfRslMrugH4gqE7HMsVPLYJzoSacy7vSlovD0Bl/fKqT21DN
6BXp0trteoEZNPiJUMO+wF9LBs9n+pXMtB9TEKqNMhTvOftuan7Pdbt3EW8lvvEO
t5F1uBKqEw1ix4VFd9eWiZLPmVgStyljwD+fSvs4zi66
-----END CERTIFICATE-----