Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/u1vk3HFTLKXaSMwx5PRhwBlr-Ok.roa
File:                     u1vk3HFTLKXaSMwx5PRhwBlr-Ok.roa (raw, json)
Hash identifier:          DdJgqWzI+keERaTlwP4E0bS6h4w82qdOJGgebBKYY3k=
Subject key identifier:   BB:5B:E4:DC:71:53:2C:A5:DA:48:CC:31:E4:F4:61:C0:19:6B:F8:E9
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DD1E8C34A1633A34EDBD6C2E7F68FA290
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/u1vk3HFTLKXaSMwx5PRhwBlr-Ok.roa
Signing time:             Thu 22 Feb 2024 17:41:48 +0000
ROA not before:           Thu 22 Feb 2024 17:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44094
IP address blocks:        45.138.157.0/24 maxlen: 24
                          193.201.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:e8:c3:4a:16:33:a3:4e:db:d6:c2:e7:f6:8f:a2:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 22 17:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb5be4dc71532ca5da48cc31e4f461c0196bf8e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f7:4c:4c:cd:a9:46:80:0c:33:15:44:d1:5f:
                    96:63:4f:d9:2b:7c:e9:39:eb:c7:e9:c5:28:e3:bd:
                    68:a8:0a:e9:e3:b8:6e:b2:6a:45:b7:cc:b5:0b:08:
                    34:04:a8:3e:55:38:d2:51:76:cb:f0:ef:a4:97:85:
                    1e:76:85:67:fe:4b:0d:5b:86:61:cc:ff:b6:a4:80:
                    5e:f9:29:ec:f9:a7:c8:d5:ed:b5:6d:1f:cf:20:06:
                    e4:4c:ca:84:a7:5c:b0:44:40:03:e6:58:ee:92:9d:
                    05:2a:18:69:de:0e:b6:a5:95:f0:d9:b0:77:71:b8:
                    fb:8a:11:d4:0d:0d:0b:da:d0:60:6c:f8:19:ac:21:
                    23:53:b7:27:52:f6:66:7b:35:f5:68:33:5d:34:83:
                    9e:18:57:56:b1:f9:70:ea:5f:1f:89:e4:da:e5:c8:
                    09:a7:c2:6e:9e:8b:a3:37:84:6b:b1:d8:b0:24:9a:
                    b2:8a:24:a8:a9:af:13:80:79:99:75:65:7f:a1:ca:
                    f0:15:8f:b3:46:1e:06:49:09:35:1f:3f:df:d0:b1:
                    e9:01:86:0b:25:9c:50:1b:f7:df:77:0a:ac:87:2f:
                    e6:96:22:7d:9a:a8:ba:20:24:8e:72:93:e4:fc:e9:
                    4a:25:f9:80:d2:10:87:6c:26:dc:7c:9c:c9:71:ef:
                    f1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:5B:E4:DC:71:53:2C:A5:DA:48:CC:31:E4:F4:61:C0:19:6B:F8:E9
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/u1vk3HFTLKXaSMwx5PRhwBlr-Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.157.0/24
                  193.201.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:dd:5b:13:dc:cb:35:9a:23:77:96:6b:b7:5c:d8:c7:e3:6c:
         b6:7f:90:bb:e3:6b:5e:df:33:03:59:06:c5:0e:e7:31:eb:65:
         ee:f8:7b:ad:2c:8c:49:f3:09:f9:1a:d2:0f:e5:25:20:a9:e6:
         ff:df:ae:c2:b0:d4:af:42:fd:c8:3f:12:49:1a:99:2c:ab:22:
         5e:f8:bd:f4:c4:40:e5:07:0c:6b:63:8c:99:ec:b0:a7:22:13:
         59:44:88:7e:70:cb:33:13:5e:29:6c:88:d7:dd:21:91:3f:d5:
         1e:a2:e4:b9:de:40:1a:b9:44:28:64:8a:83:79:f7:c0:9f:f9:
         56:21:67:4b:72:7a:6f:cc:b8:06:8d:db:2b:94:4a:1f:fe:72:
         0d:c6:6b:c0:bd:52:b1:4e:62:a6:97:b0:de:c4:fa:43:1a:f3:
         d2:8c:6d:f0:aa:5d:8a:41:19:de:95:01:ca:92:d8:72:3c:a8:
         08:07:9f:d1:1a:59:17:38:db:e1:8e:69:7d:68:3b:39:e7:e6:
         67:cb:a4:77:de:93:5d:69:ef:a8:6f:c0:d2:5d:e0:d2:4b:87:
         3b:49:51:82:12:a7:2c:7a:cc:db:e5:2e:22:3b:a9:aa:18:09:
         ec:7d:79:5b:b4:07:f0:e6:ed:96:3a:05:20:4c:ff:ae:33:69:
         e5:63:97:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3R6MNKFjOjTtvWwuf2j6KQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjIyMTc0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjViZTRkYzcxNTMyY2E1ZGE0OGNjMzFlNGY0NjFjMDE5NmJmOGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/dMTM2pRoAMMxVE0V+WY0/ZK3zp
OevH6cUo471oqArp47husmpFt8y1Cwg0BKg+VTjSUXbL8O+kl4UedoVn/ksNW4Zh
zP+2pIBe+Sns+afI1e21bR/PIAbkTMqEp1ywREAD5ljukp0FKhhp3g62pZXw2bB3
cbj7ihHUDQ0L2tBgbPgZrCEjU7cnUvZmezX1aDNdNIOeGFdWsflw6l8fieTa5cgJ
p8JunoujN4RrsdiwJJqyiiSoqa8TgHmZdWV/ocrwFY+zRh4GSQk1Hz/f0LHpAYYL
JZxQG/ffdwqshy/mliJ9mqi6ICSOcpPk/OlKJfmA0hCHbCbcfJzJce/xlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLtb5NxxUyyl2kjMMeT0YcAZa/jpMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvdTF2azNIRlRMS1hhU013eDVQUmh3QmxyLU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYqdAwQA
wcl+MA0GCSqGSIb3DQEBCwUAA4IBAQBK3VsT3Ms1miN3lmu3XNjH42y2f5C742te
3zMDWQbFDucx62Xu+HutLIxJ8wn5GtIP5SUgqeb/367CsNSvQv3IPxJJGpksqyJe
+L30xEDlBwxrY4yZ7LCnIhNZRIh+cMszE14pbIjX3SGRP9UeouS53kAauUQoZIqD
effAn/lWIWdLcnpvzLgGjdsrlEof/nINxmvAvVKxTmKml7DexPpDGvPSjG3wql2K
QRnelQHKkthyPKgIB5/RGlkXONvhjml9aDs55+Zny6R33pNdae+ob8DSXeDSS4c7
SVGCEqcseszb5S4iO6mqGAnsfXlbtAfw5u2WOgUgTP+uM2nlY5fl
-----END CERTIFICATE-----