Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/BM9XupTtXIiLHMToIUNY9p9JtYA.roa
File:                     BM9XupTtXIiLHMToIUNY9p9JtYA.roa (raw, json)
Hash identifier:          Qu7vR6NTD8Qav37GVmkBnVp5kzIi/pUl/Qoe5RD7RGU=
Subject key identifier:   04:CF:57:BA:94:ED:5C:88:8B:1C:C4:E8:21:43:58:F6:9F:49:B5:80
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       018CC79462E63D525D3B083E59FFB15D77EF
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/BM9XupTtXIiLHMToIUNY9p9JtYA.roa
Signing time:             Tue 02 Jan 2024 00:30:39 +0000
ROA not before:           Tue 02 Jan 2024 00:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43444
IP address blocks:        45.155.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:62:e6:3d:52:5d:3b:08:3e:59:ff:b1:5d:77:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Jan  2 00:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04cf57ba94ed5c888b1cc4e8214358f69f49b580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2e:9b:28:4f:85:a8:b0:52:42:25:53:f2:8e:
                    3d:e4:df:8b:b8:2d:47:6f:04:a3:e4:7b:5c:b2:dc:
                    00:bb:0f:7e:c4:41:97:56:19:0f:d4:e7:00:b5:f5:
                    39:af:9a:36:67:9b:43:9c:0a:02:03:47:ca:b8:4f:
                    e4:67:fb:d4:a1:f5:f4:81:53:8c:f9:6a:ee:0c:1e:
                    b2:2c:4f:7f:8d:45:07:20:5d:b8:7c:af:09:c6:ab:
                    ff:49:09:b0:4f:f0:8f:36:29:d5:ba:ef:3b:73:27:
                    a3:48:cb:d1:41:27:2b:c2:2d:83:ed:1e:4f:99:58:
                    09:04:fc:89:00:80:90:95:8b:dc:fc:c1:cc:d0:b6:
                    2e:9e:87:f8:98:f5:0e:d0:5d:53:c8:a6:22:26:6e:
                    b4:e9:06:fa:e6:be:38:a4:d1:5d:83:64:e3:8f:7d:
                    9a:32:80:fe:1f:a2:b6:a9:5b:fd:fc:57:4a:72:d0:
                    24:08:19:33:ff:38:fb:af:12:6e:2e:87:df:5b:43:
                    ae:02:d0:9b:62:c5:22:84:0e:c2:7c:96:d4:36:d9:
                    8b:9b:a0:b7:5b:78:48:69:f9:ae:7c:43:02:a7:3f:
                    41:26:1f:a8:a6:04:9a:95:1c:45:23:9d:b4:dd:9e:
                    d5:05:f8:1b:47:84:04:97:de:15:2a:8a:61:cd:1d:
                    c4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:CF:57:BA:94:ED:5C:88:8B:1C:C4:E8:21:43:58:F6:9F:49:B5:80
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/BM9XupTtXIiLHMToIUNY9p9JtYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:30:07:34:80:0a:41:9e:7a:ab:44:82:92:51:ac:3e:7a:a9:
         5f:fb:8a:27:db:60:e0:be:fc:05:79:9b:a7:a1:33:7a:af:27:
         c6:c5:89:d6:14:4f:50:2f:f0:7c:43:f3:6a:3b:0e:81:84:e5:
         0c:e0:e4:0d:a7:cf:f4:2b:2b:ab:f6:21:b7:bb:d2:ea:00:3d:
         8e:6e:24:76:ef:2c:b6:e0:a7:b7:2a:df:19:a6:d6:60:a7:02:
         7c:0b:41:0b:f0:87:d7:43:63:01:51:cd:87:a2:62:e8:35:88:
         92:0c:12:aa:13:05:c0:36:0a:32:36:56:22:cc:4b:cb:6e:a8:
         7b:7e:f0:6f:01:03:20:5f:f7:ab:2e:5f:88:ce:72:d9:14:1b:
         e7:30:5b:e3:a3:89:3c:6b:1a:d3:8a:08:63:cd:3f:66:af:84:
         7e:c6:8c:fa:2b:36:a0:c6:71:b3:af:a1:b7:f0:e4:8c:2c:ce:
         80:27:3f:64:4f:4b:df:57:f5:2f:9e:69:1c:42:1b:5b:23:3e:
         82:7d:34:7d:5c:c3:0f:c4:79:05:2c:12:30:8c:9f:9c:54:e9:
         09:2f:6c:85:97:84:7e:fd:4c:3a:ab:8b:97:97:8f:05:46:3b:
         c7:56:78:75:ae:0d:bd:d0:b4:3e:61:9e:55:0c:0b:5b:af:b6:
         ce:1a:86:7c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlGLmPVJdOwg+Wf+xXXfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjQwMTAyMDAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGNmNTdiYTk0ZWQ1Yzg4OGIxY2M0ZTgyMTQzNThmNjlmNDliNTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS6bKE+FqLBSQiVT8o495N+LuC1H
bwSj5HtcstwAuw9+xEGXVhkP1OcAtfU5r5o2Z5tDnAoCA0fKuE/kZ/vUofX0gVOM
+WruDB6yLE9/jUUHIF24fK8Jxqv/SQmwT/CPNinVuu87cyejSMvRQScrwi2D7R5P
mVgJBPyJAICQlYvc/MHM0LYunof4mPUO0F1TyKYiJm606Qb65r44pNFdg2Tjj32a
MoD+H6K2qVv9/FdKctAkCBkz/zj7rxJuLoffW0OuAtCbYsUihA7CfJbUNtmLm6C3
W3hIafmufEMCpz9BJh+opgSalRxFI5203Z7VBfgbR4QEl94VKophzR3E7wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFATPV7qU7VyIixzE6CFDWPafSbWAMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL0JNOVh1cFR0WElpTEhNVG9JVU5ZOXA5SnRZQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtm6Yw
DQYJKoZIhvcNAQELBQADggEBAGwwBzSACkGeeqtEgpJRrD56qV/7iifbYOC+/AV5
m6ehM3qvJ8bFidYUT1Av8HxD82o7DoGE5Qzg5A2nz/QrK6v2Ibe70uoAPY5uJHbv
LLbgp7cq3xmm1mCnAnwLQQvwh9dDYwFRzYeiYug1iJIMEqoTBcA2CjI2ViLMS8tu
qHt+8G8BAyBf96suX4jOctkUG+cwW+OjiTxrGtOKCGPNP2avhH7GjPorNqDGcbOv
obfw5IwszoAnP2RPS99X9S+eaRxCG1sjPoJ9NH1cww/EeQUsEjCMn5xU6QkvbIWX
hH79TDqri5eXjwVGO8dWeHWuDb3QtD5hnlUMC1uvts4ahnw=
-----END CERTIFICATE-----