Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/_16esGG3l_RC7C0_cr2RJhhgGQ0.roa
File:                     _16esGG3l_RC7C0_cr2RJhhgGQ0.roa (raw, json)
Hash identifier:          C4EJcHJMgJvpeLPQbOlyh7ZmP8xhVZ7cz6w/Cqb9V6Y=
Subject key identifier:   FF:5E:9E:B0:61:B7:97:F4:42:EC:2D:3F:72:BD:91:26:18:60:19:0D
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       018CF23BE59398D8A640F8D6F257B7DEBC24
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/_16esGG3l_RC7C0_cr2RJhhgGQ0.roa
Signing time:             Wed 10 Jan 2024 07:17:40 +0000
ROA not before:           Wed 10 Jan 2024 07:17:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32167
IP address blocks:        45.148.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 15:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:3b:e5:93:98:d8:a6:40:f8:d6:f2:57:b7:de:bc:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jan 10 07:17:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff5e9eb061b797f442ec2d3f72bd91261860190d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:04:43:b3:17:7a:ad:a4:66:4a:fe:ed:98:62:
                    d8:d0:3b:cb:fb:70:aa:c5:78:7c:82:de:4b:32:2f:
                    54:69:7b:c8:f7:ac:1e:36:61:aa:6e:b3:e7:dd:14:
                    63:66:09:98:69:6a:eb:65:18:21:b5:e7:52:06:b1:
                    da:0b:12:15:5f:8f:3e:3c:bd:4e:97:0f:b1:4d:5a:
                    41:62:00:41:63:9f:e8:eb:ae:8d:de:5d:0f:2f:d4:
                    1a:07:cf:50:24:af:b8:a2:2b:04:33:6f:a2:6d:61:
                    cb:1c:ac:b2:d3:13:ad:8d:ec:81:a6:52:0b:08:35:
                    9c:d5:23:85:cb:3e:44:f8:f4:ac:21:1a:46:75:a6:
                    73:5f:56:02:0e:f1:63:fb:49:51:af:90:98:0b:20:
                    16:e8:1b:11:ad:40:58:0b:65:ae:67:9e:50:7b:a7:
                    50:5c:66:e3:90:9d:3f:4c:01:af:81:4d:46:ef:82:
                    51:37:b4:98:74:83:21:8a:ed:92:76:7b:53:f8:b4:
                    e1:0b:4f:83:2c:f0:e1:28:3f:f1:17:32:73:59:e7:
                    2a:83:a5:e3:6b:41:ff:34:df:d0:07:36:b9:21:3f:
                    6f:82:23:43:91:8e:a2:46:88:b7:ea:48:bf:cf:90:
                    e6:25:ec:d6:a2:f2:df:cc:b9:4b:21:0d:19:87:0f:
                    2f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5E:9E:B0:61:B7:97:F4:42:EC:2D:3F:72:BD:91:26:18:60:19:0D
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/_16esGG3l_RC7C0_cr2RJhhgGQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:fe:f8:03:b2:8c:a4:ce:cf:fa:b5:6b:b1:e7:e0:2c:2d:87:
         f1:a3:a3:5f:1a:cd:57:51:e8:d7:0c:0b:5f:b6:73:f9:36:39:
         a1:e2:4a:18:a8:33:ef:7e:74:29:9d:d9:8c:68:9d:b0:ec:f8:
         e2:88:75:e4:2e:fd:08:b8:b6:0f:03:01:18:29:fb:48:af:2c:
         7e:fc:2b:ed:c9:7e:8b:d7:b3:27:8d:75:f2:54:37:37:24:c4:
         55:95:43:b2:1d:26:d8:6a:81:bf:19:f9:df:56:e2:7b:01:25:
         2a:a1:9a:42:9b:00:4d:47:00:2c:a3:94:2e:4c:f3:fd:ad:54:
         94:f2:20:12:46:ec:20:22:fb:4f:d6:f2:7b:db:d4:b4:7a:40:
         c5:0f:55:3c:2c:e4:76:31:6b:54:4f:ad:a6:f6:ba:9b:dd:36:
         3a:c3:14:da:a8:7c:57:30:19:fd:a2:2a:19:82:fb:2f:c4:24:
         e7:7e:79:ef:bf:d5:81:a8:54:21:cc:61:00:86:0a:25:88:86:
         58:23:5b:97:22:bd:fa:08:8e:83:0a:2c:8d:d6:fb:24:79:37:
         83:b5:54:11:c6:eb:30:10:af:c2:05:b6:1f:c3:8c:5e:5b:de:
         43:bb:33:29:6f:2e:8b:66:94:4c:b8:35:aa:ed:13:4b:e1:aa:
         61:f4:73:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzyO+WTmNimQPjW8le33rwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjQwMTEwMDcxNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjVlOWViMDYxYjc5N2Y0NDJlYzJkM2Y3MmJkOTEyNjE4NjAxOTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgRDsxd6raRmSv7tmGLY0DvL+3Cq
xXh8gt5LMi9UaXvI96weNmGqbrPn3RRjZgmYaWrrZRghtedSBrHaCxIVX48+PL1O
lw+xTVpBYgBBY5/o666N3l0PL9QaB89QJK+4oisEM2+ibWHLHKyy0xOtjeyBplIL
CDWc1SOFyz5E+PSsIRpGdaZzX1YCDvFj+0lRr5CYCyAW6BsRrUBYC2WuZ55Qe6dQ
XGbjkJ0/TAGvgU1G74JRN7SYdIMhiu2SdntT+LThC0+DLPDhKD/xFzJzWecqg6Xj
a0H/NN/QBza5IT9vgiNDkY6iRoi36ki/z5DmJezWovLfzLlLIQ0Zhw8v+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9enrBht5f0QuwtP3K9kSYYYBkNMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvXzE2ZXNHRzNsX1JDN0MwX2NyMlJKaGhnR1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSEMA0G
CSqGSIb3DQEBCwUAA4IBAQBb/vgDsoykzs/6tWux5+AsLYfxo6NfGs1XUejXDAtf
tnP5Njmh4koYqDPvfnQpndmMaJ2w7PjiiHXkLv0IuLYPAwEYKftIryx+/CvtyX6L
17MnjXXyVDc3JMRVlUOyHSbYaoG/GfnfVuJ7ASUqoZpCmwBNRwAso5QuTPP9rVSU
8iASRuwgIvtP1vJ729S0ekDFD1U8LOR2MWtUT62m9rqb3TY6wxTaqHxXMBn9oioZ
gvsvxCTnfnnvv9WBqFQhzGEAhgoliIZYI1uXIr36CI6DCiyN1vskeTeDtVQRxusw
EK/CBbYfw4xeW95DuzMpby6LZpRMuDWq7RNL4aph9HPJ
-----END CERTIFICATE-----