Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Wkz8VOjPi4z9PQRfporuB5s6aEw.roa
File:                     Wkz8VOjPi4z9PQRfporuB5s6aEw.roa (raw, json)
Hash identifier:          HABixcsN/HQw2KCNEI9eCsg+FiRqoKw1890Y2wGCL7c=
Subject key identifier:   5A:4C:FC:54:E8:CF:8B:8C:FD:3D:04:5F:A6:8A:EE:07:9B:3A:68:4C
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D692B08E1EDAC687A0371814ED9200B76
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Wkz8VOjPi4z9PQRfporuB5s6aEw.roa
Signing time:             Fri 02 Feb 2024 09:34:04 +0000
ROA not before:           Fri 02 Feb 2024 09:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51789
IP address blocks:        45.149.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:2b:08:e1:ed:ac:68:7a:03:71:81:4e:d9:20:0b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  2 09:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a4cfc54e8cf8b8cfd3d045fa68aee079b3a684c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fc:0b:ff:74:0f:67:9a:14:6d:87:22:f8:fa:
                    ca:6d:7d:4b:57:1c:ff:e7:25:7f:2c:16:b9:82:43:
                    d5:59:96:9b:7c:7c:af:a3:e3:8a:10:4b:4a:c1:3f:
                    91:f5:36:d2:36:91:c5:b5:a4:bc:90:d5:01:84:55:
                    7d:d9:33:2d:22:99:d4:d0:f7:6e:04:46:11:8d:c5:
                    b9:c1:bd:1f:79:f4:33:75:7c:be:c8:4f:b4:47:47:
                    2a:db:c1:e0:97:e4:c6:74:ee:b7:fe:37:7a:e8:f0:
                    a7:92:58:50:ea:36:d7:52:1f:d2:16:a4:9b:99:ee:
                    37:a0:00:6b:74:50:1f:6d:e9:46:18:46:28:e0:9a:
                    56:e3:b1:38:5b:f1:f3:b5:1f:bb:62:86:d6:3f:96:
                    6e:b1:93:f9:69:ee:10:c1:b1:7d:46:ad:c0:e1:ab:
                    64:9c:6a:c7:e4:f2:cb:41:5a:7a:87:de:a4:77:4a:
                    9f:24:e3:22:5e:25:f0:36:ce:bb:05:c1:1e:01:ef:
                    37:5e:2c:dd:f5:95:c9:d1:9b:ff:16:80:15:9c:29:
                    e6:4c:f8:6f:aa:fc:06:10:6c:69:9f:10:6f:eb:b2:
                    87:c0:30:83:b4:72:a4:2b:fb:08:e3:80:07:af:11:
                    c7:f8:ee:d4:6c:a7:e1:6d:08:12:9e:b5:b9:a6:a4:
                    ce:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:4C:FC:54:E8:CF:8B:8C:FD:3D:04:5F:A6:8A:EE:07:9B:3A:68:4C
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Wkz8VOjPi4z9PQRfporuB5s6aEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:90:7c:13:11:77:86:15:47:db:dd:a4:3e:92:88:3c:16:43:
         40:d7:4e:1f:ec:1b:0e:ca:fa:67:79:1e:4f:86:cf:fa:a2:84:
         46:ed:61:7b:a1:8c:bc:72:0a:c8:ea:1d:6c:71:16:45:77:24:
         7b:3b:85:ff:de:ad:a1:12:81:d2:14:f1:0e:a9:89:fc:31:2d:
         6c:e8:28:7d:1f:92:81:24:f7:c2:df:d0:3e:03:84:c9:9c:44:
         7e:4d:f4:ac:fd:ec:eb:42:ae:03:f5:b2:0b:f7:44:97:8b:98:
         b7:33:fe:29:2a:8f:f7:c3:ea:c6:3b:3e:1c:78:29:ab:de:e4:
         a7:8e:1f:e0:08:e9:da:ae:7a:fd:10:de:17:b4:86:9a:cf:cd:
         22:81:d0:f6:b9:b7:17:62:2a:54:fa:ae:a8:9f:9b:85:f3:9e:
         5f:6a:67:59:12:e9:0b:e2:3f:77:ec:ba:3c:c6:b0:2e:c0:8c:
         f6:e8:42:74:fc:89:7c:e3:35:58:12:40:7c:6f:b7:fc:d0:05:
         63:bd:e1:43:ca:60:8f:f5:44:60:32:d8:f9:94:ce:17:6a:5e:
         87:7f:af:1b:1e:bc:c3:c8:1e:9a:d6:60:92:06:89:2f:51:af:
         1b:6b:7a:ea:12:aa:2e:a3:ef:dc:33:f3:35:b6:0d:5a:9a:19:
         8c:e9:05:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pKwjh7axoegNxgU7ZIAt2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjAyMDkzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTRjZmM1NGU4Y2Y4YjhjZmQzZDA0NWZhNjhhZWUwNzliM2E2ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfwL/3QPZ5oUbYci+PrKbX1LVxz/
5yV/LBa5gkPVWZabfHyvo+OKEEtKwT+R9TbSNpHFtaS8kNUBhFV92TMtIpnU0Pdu
BEYRjcW5wb0fefQzdXy+yE+0R0cq28Hgl+TGdO63/jd66PCnklhQ6jbXUh/SFqSb
me43oABrdFAfbelGGEYo4JpW47E4W/HztR+7YobWP5ZusZP5ae4QwbF9Rq3A4atk
nGrH5PLLQVp6h96kd0qfJOMiXiXwNs67BcEeAe83Xizd9ZXJ0Zv/FoAVnCnmTPhv
qvwGEGxpnxBv67KHwDCDtHKkK/sI44AHrxHH+O7UbKfhbQgSnrW5pqTOaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpM/FToz4uM/T0EX6aK7gebOmhMMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvV2t6OFZPalBpNHo5UFFSZnBvcnVCNXM2YUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWAMA0G
CSqGSIb3DQEBCwUAA4IBAQBjkHwTEXeGFUfb3aQ+kog8FkNA104f7BsOyvpneR5P
hs/6ooRG7WF7oYy8cgrI6h1scRZFdyR7O4X/3q2hEoHSFPEOqYn8MS1s6Ch9H5KB
JPfC39A+A4TJnER+TfSs/ezrQq4D9bIL90SXi5i3M/4pKo/3w+rGOz4ceCmr3uSn
jh/gCOnarnr9EN4XtIaaz80igdD2ubcXYipU+q6on5uF855famdZEukL4j937Lo8
xrAuwIz26EJ0/Il84zVYEkB8b7f80AVjveFDymCP9URgMtj5lM4Xal6Hf68bHrzD
yB6a1mCSBokvUa8ba3rqEqouo+/cM/M1tg1amhmM6QW7
-----END CERTIFICATE-----