Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/kDbOIUdibCBeatS_fI0vXSFdc9M.roa
File:                     kDbOIUdibCBeatS_fI0vXSFdc9M.roa (raw, json)
Hash identifier:          XpezS0S7M/+85L/bZyL8KTDm5MpI3Rp4A4M4rzDVq04=
Subject key identifier:   90:36:CE:21:47:62:6C:20:5E:6A:D4:BF:7C:8D:2F:5D:21:5D:73:D3
Certificate issuer:       /CN=4c0006e05896f6ffb30161e7c8dda2f9ad05b561
Certificate serial:       018CC26D3C23524FC615361FE02D444FBC5A
Authority key identifier: 4C:00:06:E0:58:96:F6:FF:B3:01:61:E7:C8:DD:A2:F9:AD:05:B5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TAAG4FiW9v-zAWHnyN2i-a0FtWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/kDbOIUdibCBeatS_fI0vXSFdc9M.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.133.144.0/24 maxlen: 24
                          45.133.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/TAAG4FiW9v-zAWHnyN2i-a0FtWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/TAAG4FiW9v-zAWHnyN2i-a0FtWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TAAG4FiW9v-zAWHnyN2i-a0FtWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3c:23:52:4f:c6:15:36:1f:e0:2d:44:4f:bc:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c0006e05896f6ffb30161e7c8dda2f9ad05b561
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9036ce2147626c205e6ad4bf7c8d2f5d215d73d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7e:61:95:09:47:ee:90:c9:2f:ef:27:b9:40:
                    45:c7:ac:0a:3c:89:24:64:83:0f:5f:ba:7c:93:a9:
                    bf:57:7a:74:42:70:8b:04:91:c0:de:db:2f:a0:98:
                    e1:41:25:3a:1f:2e:7e:89:66:e0:2a:7e:7e:7a:0c:
                    92:15:f4:db:0e:ff:81:71:5c:bd:67:eb:bb:c4:ce:
                    e4:27:7f:29:a3:10:4c:d7:d7:1a:4d:89:f8:b3:52:
                    42:c7:21:61:17:13:36:20:f6:1f:48:2e:a6:d7:2f:
                    4e:0b:3c:0a:31:82:d7:3e:09:62:4a:77:5f:d5:a6:
                    78:aa:0a:2a:04:fb:4c:fc:58:bc:4a:c8:c9:07:ec:
                    f2:02:68:4e:0d:69:39:08:54:f5:80:33:69:83:d4:
                    80:c1:c8:1a:b7:85:42:2f:23:c3:8b:0c:05:b6:2f:
                    ce:54:84:32:b4:13:e0:16:d0:53:b8:cd:d4:03:ff:
                    ef:fa:34:1f:50:21:88:36:a4:4b:df:05:7c:f8:6f:
                    0a:c8:80:db:28:6b:fd:af:0d:d9:84:80:0b:1f:22:
                    9b:9c:32:a2:7c:7e:64:a4:9a:e8:43:73:b7:7f:cd:
                    5a:18:bd:a4:fb:ce:b5:90:79:54:fb:58:1b:83:f7:
                    67:2b:be:a4:b4:77:d1:30:21:a6:cb:72:c3:fd:37:
                    cf:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:36:CE:21:47:62:6C:20:5E:6A:D4:BF:7C:8D:2F:5D:21:5D:73:D3
            X509v3 Authority Key Identifier:
                keyid:4C:00:06:E0:58:96:F6:FF:B3:01:61:E7:C8:DD:A2:F9:AD:05:B5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TAAG4FiW9v-zAWHnyN2i-a0FtWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/kDbOIUdibCBeatS_fI0vXSFdc9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/TAAG4FiW9v-zAWHnyN2i-a0FtWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:c9:8d:e0:ee:ae:71:2a:06:a9:39:1f:d7:e6:6a:af:90:b8:
         74:e9:8a:ba:eb:e3:c1:74:c2:d2:cd:9a:85:67:fc:02:53:b2:
         36:f4:ae:e7:ca:39:56:11:db:95:5a:51:3e:83:52:ab:64:d6:
         22:fb:06:21:fd:0b:3e:13:17:5e:e3:9e:0f:e4:b9:35:24:10:
         f8:68:92:b6:96:d0:41:7c:9c:ab:a9:07:af:bc:a7:5b:fb:61:
         f6:5e:03:c7:ee:09:3b:2b:6f:73:2b:5e:00:fd:cf:58:d1:10:
         17:93:d5:04:6f:29:24:a2:ee:79:69:3f:73:4d:1e:57:17:66:
         c4:eb:8b:99:da:6d:bc:79:ed:d9:28:93:8a:ba:d9:99:2e:99:
         bf:6d:12:4e:d6:d5:4c:cf:5c:75:5d:b5:da:b9:32:b9:18:fa:
         19:08:0f:73:be:29:ec:2a:74:32:fb:e1:92:be:8f:35:00:91:
         ce:17:8d:fc:cc:e5:31:0c:b2:e1:ce:ea:9e:48:ca:e7:6c:b9:
         34:0c:ff:4c:1f:53:46:48:a1:bc:6b:d8:39:fa:e9:3a:14:38:
         3c:83:50:92:60:33:71:db:44:2c:60:de:2f:3b:55:25:80:b6:
         74:d8:71:fc:b7:25:2a:5a:8f:61:68:2d:ac:f2:94:6c:e3:fc:
         db:d6:1c:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTwjUk/GFTYf4C1ET7xaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMDAwNmUwNTg5NmY2ZmZiMzAxNjFlN2M4ZGRhMmY5YWQw
NWI1NjEwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM2Y2UyMTQ3NjI2YzIwNWU2YWQ0YmY3YzhkMmY1ZDIxNWQ3M2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkH5hlQlH7pDJL+8nuUBFx6wKPIkk
ZIMPX7p8k6m/V3p0QnCLBJHA3tsvoJjhQSU6Hy5+iWbgKn5+egySFfTbDv+BcVy9
Z+u7xM7kJ38poxBM19caTYn4s1JCxyFhFxM2IPYfSC6m1y9OCzwKMYLXPgliSndf
1aZ4qgoqBPtM/Fi8SsjJB+zyAmhODWk5CFT1gDNpg9SAwcgat4VCLyPDiwwFti/O
VIQytBPgFtBTuM3UA//v+jQfUCGINqRL3wV8+G8KyIDbKGv9rw3ZhIALHyKbnDKi
fH5kpJroQ3O3f81aGL2k+861kHlU+1gbg/dnK76ktHfRMCGmy3LD/TfPuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA2ziFHYmwgXmrUv3yNL10hXXPTMB8GA1UdIwQY
MBaAFEwABuBYlvb/swFh58jdovmtBbVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEFBRzRGaVc5di16QVdIbnlOMmktYTBGdFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9iN2Y4MzktYzY4MC00NWVhLWE4ZWUt
MTMwODdiZWJkMWU0LzEva0RiT0lVZGliQ0JlYXRTX2ZJMHZYU0ZkYzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9iN2Y4MzktYzY4MC00NWVhLWE4ZWUtMTMwODdiZWJkMWU0
LzEvVEFBRzRGaVc5di16QVdIbnlOMmktYTBGdFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYWQMA0G
CSqGSIb3DQEBCwUAA4IBAQAmyY3g7q5xKgapOR/X5mqvkLh06Yq66+PBdMLSzZqF
Z/wCU7I29K7nyjlWEduVWlE+g1KrZNYi+wYh/Qs+Exde454P5Lk1JBD4aJK2ltBB
fJyrqQevvKdb+2H2XgPH7gk7K29zK14A/c9Y0RAXk9UEbykkou55aT9zTR5XF2bE
64uZ2m28ee3ZKJOKutmZLpm/bRJO1tVMz1x1XbXauTK5GPoZCA9zvinsKnQy++GS
vo81AJHOF438zOUxDLLhzuqeSMrnbLk0DP9MH1NGSKG8a9g5+uk6FDg8g1CSYDNx
20QsYN4vO1UlgLZ02HH8tyUqWo9haC2s8pRs4/zb1hzh
-----END CERTIFICATE-----