Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/wIoUijKm8q8hv90-ixuX1q2f6To.roa
File:                     wIoUijKm8q8hv90-ixuX1q2f6To.roa (raw, json)
Hash identifier:          /pVZczPDChzxuX3Otg38tQsFhTnJrznxAADvpnxTSHQ=
Subject key identifier:   C0:8A:14:8A:32:A6:F2:AF:21:BF:DD:3E:8B:1B:97:D6:AD:9F:E9:3A
Certificate issuer:       /CN=f4ef5dba100a92b2444f3e512d01a592c01951c2
Certificate serial:       018DA8EB7DBFE6330DD581E33089A0056E9F
Authority key identifier: F4:EF:5D:BA:10:0A:92:B2:44:4F:3E:51:2D:01:A5:92:C0:19:51:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/wIoUijKm8q8hv90-ixuX1q2f6To.roa
Signing time:             Wed 14 Feb 2024 18:40:21 +0000
ROA not before:           Wed 14 Feb 2024 18:40:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215687
IP address blocks:        45.148.212.0/24 maxlen: 24
                          45.148.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:eb:7d:bf:e6:33:0d:d5:81:e3:30:89:a0:05:6e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4ef5dba100a92b2444f3e512d01a592c01951c2
        Validity
            Not Before: Feb 14 18:40:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c08a148a32a6f2af21bfdd3e8b1b97d6ad9fe93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:23:92:95:32:00:73:e8:2e:82:43:1f:b7:3f:
                    3f:aa:2b:d5:1c:9a:b3:63:ba:a5:bb:74:28:36:70:
                    84:a2:9e:e5:b7:1c:6a:b6:99:81:90:7c:cb:13:9b:
                    5f:a6:00:99:51:f9:3a:e9:23:bf:45:ab:c5:b6:f3:
                    b1:69:96:48:06:98:5a:41:e9:8b:e1:05:9d:7e:39:
                    97:7e:12:03:49:ce:73:dd:ee:e6:e6:7e:52:55:a3:
                    ad:8e:5a:39:35:ac:05:9f:63:a2:34:97:57:3a:02:
                    6b:db:08:91:20:15:ee:5b:eb:6c:69:ba:df:37:f0:
                    55:dc:45:ee:2e:98:43:eb:9e:fd:ab:21:51:01:68:
                    40:dd:f4:d5:12:93:f6:34:61:27:09:c1:26:44:83:
                    e8:3b:fb:b6:26:2e:bd:bd:68:72:76:07:1f:cb:2e:
                    23:8d:25:c5:f7:b4:06:e3:82:2c:d0:1f:5a:5d:de:
                    5a:e6:59:e9:33:ed:91:10:2b:66:51:96:24:07:c1:
                    a6:3c:c9:35:de:3a:05:e5:5f:8a:f2:b1:fb:a0:b0:
                    12:26:17:25:29:57:87:6d:98:43:01:aa:cf:a1:5d:
                    2f:47:24:f5:ba:fd:2b:f4:25:a8:87:9e:48:c8:a7:
                    a2:e9:38:c9:92:75:ad:3f:1d:be:93:79:af:c0:6e:
                    92:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8A:14:8A:32:A6:F2:AF:21:BF:DD:3E:8B:1B:97:D6:AD:9F:E9:3A
            X509v3 Authority Key Identifier:
                keyid:F4:EF:5D:BA:10:0A:92:B2:44:4F:3E:51:2D:01:A5:92:C0:19:51:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/wIoUijKm8q8hv90-ixuX1q2f6To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:90:b8:28:f2:07:31:b5:71:ca:db:d3:71:5c:dd:a4:d9:3e:
         bd:dd:ed:24:4d:d4:cb:18:42:df:00:ee:b4:f2:7c:56:c4:0c:
         ab:6b:27:3d:c1:7c:05:db:8b:bd:7d:c9:19:ee:de:05:df:43:
         43:68:8b:27:e9:cf:d6:61:cc:6d:ad:16:6c:6b:9b:41:17:11:
         1a:75:67:71:7f:2c:6c:17:43:77:bd:2f:01:22:5b:45:9a:b9:
         a6:9b:c9:6c:83:2f:fb:37:1a:26:dd:2d:47:2b:eb:57:2c:57:
         29:62:b2:35:66:c3:41:54:5e:c2:e6:5e:b7:f4:3c:23:f3:1f:
         fe:6c:6c:c1:24:4e:54:aa:da:2b:e5:77:56:be:5d:3f:55:a9:
         32:e1:5b:68:e8:e4:07:25:8e:d7:5d:23:ad:70:75:9d:49:c1:
         e8:5a:a4:8c:21:88:12:8f:b4:ab:31:ab:0c:0b:69:ce:27:a2:
         05:c1:47:30:b9:e4:1d:dc:ee:19:11:af:9d:ea:31:ce:c1:6d:
         3b:0a:ff:b3:72:3f:8c:b5:36:8b:98:80:d8:2e:a0:e6:be:75:
         22:08:4e:a8:ba:25:e9:aa:5a:bb:58:a8:e6:79:7c:3c:05:41:
         47:6d:94:d7:36:1d:a5:71:6b:3d:76:19:a9:28:05:51:6e:2b:
         36:48:1a:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2o632/5jMN1YHjMImgBW6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZWY1ZGJhMTAwYTkyYjI0NDRmM2U1MTJkMDFhNTkyYzAx
OTUxYzIwHhcNMjQwMjE0MTg0MDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhhMTQ4YTMyYTZmMmFmMjFiZmRkM2U4YjFiOTdkNmFkOWZlOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliOSlTIAc+gugkMftz8/qivVHJqz
Y7qlu3QoNnCEop7ltxxqtpmBkHzLE5tfpgCZUfk66SO/RavFtvOxaZZIBphaQemL
4QWdfjmXfhIDSc5z3e7m5n5SVaOtjlo5NawFn2OiNJdXOgJr2wiRIBXuW+tsabrf
N/BV3EXuLphD6579qyFRAWhA3fTVEpP2NGEnCcEmRIPoO/u2Ji69vWhydgcfyy4j
jSXF97QG44Is0B9aXd5a5lnpM+2RECtmUZYkB8GmPMk13joF5V+K8rH7oLASJhcl
KVeHbZhDAarPoV0vRyT1uv0r9CWoh55IyKei6TjJknWtPx2+k3mvwG6SiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCKFIoypvKvIb/dPosbl9atn+k6MB8GA1UdIwQY
MBaAFPTvXboQCpKyRE8+US0BpZLAGVHCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU85ZHVoQUtrckpFVHo1UkxRR2xrc0FaVWNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iMzViZTEtNjY3My00ODExLWE3MDct
YWQwMjdlOTVjNWM3LzEvd0lvVWlqS204cThodjkwLWl4dVgxcTJmNlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iMzViZTEtNjY3My00ODExLWE3MDctYWQwMjdlOTVjNWM3
LzEvOU85ZHVoQUtrckpFVHo1UkxRR2xrc0FaVWNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZTUMA0G
CSqGSIb3DQEBCwUAA4IBAQAYkLgo8gcxtXHK29NxXN2k2T693e0kTdTLGELfAO60
8nxWxAyrayc9wXwF24u9fckZ7t4F30NDaIsn6c/WYcxtrRZsa5tBFxEadWdxfyxs
F0N3vS8BIltFmrmmm8lsgy/7Nxom3S1HK+tXLFcpYrI1ZsNBVF7C5l639Dwj8x/+
bGzBJE5Uqtor5XdWvl0/Vaky4Vto6OQHJY7XXSOtcHWdScHoWqSMIYgSj7SrMasM
C2nOJ6IFwUcwueQd3O4ZEa+d6jHOwW07Cv+zcj+MtTaLmIDYLqDmvnUiCE6ouiXp
qlq7WKjmeXw8BUFHbZTXNh2lcWs9dhmpKAVRbis2SBpK
-----END CERTIFICATE-----