Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f56d7f-1b78-4453-81e7-ba56378a6476/1/AAlClWERfkBgVcq04yJe6L8oF00.roa
File:                     AAlClWERfkBgVcq04yJe6L8oF00.roa (raw, json)
Hash identifier:          6UR+WzTrXZQCfKT2SJMkTA8z09CEnkFWqCrTLO1khWY=
Subject key identifier:   00:09:42:95:61:11:7E:40:60:55:CA:B4:E3:22:5E:E8:BF:28:17:4D
Certificate issuer:       /CN=153b46702839a795baba8d8d15ecdcca637e336c
Certificate serial:       018CC64B7AB99CEC63585FB217CC89DD1924
Authority key identifier: 15:3B:46:70:28:39:A7:95:BA:BA:8D:8D:15:EC:DC:CA:63:7E:33:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FTtGcCg5p5W6uo2NFezcymN-M2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f56d7f-1b78-4453-81e7-ba56378a6476/1/AAlClWERfkBgVcq04yJe6L8oF00.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8823
IP address blocks:        185.245.22.0/24 maxlen: 24
                          2a0c:d4c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f56d7f-1b78-4453-81e7-ba56378a6476/1/FTtGcCg5p5W6uo2NFezcymN-M2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f56d7f-1b78-4453-81e7-ba56378a6476/1/FTtGcCg5p5W6uo2NFezcymN-M2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FTtGcCg5p5W6uo2NFezcymN-M2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7a:b9:9c:ec:63:58:5f:b2:17:cc:89:dd:19:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153b46702839a795baba8d8d15ecdcca637e336c
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0009429561117e406055cab4e3225ee8bf28174d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ca:dd:1e:22:d3:b6:3d:9d:0d:30:8e:d3:fe:
                    c8:e2:cc:95:3a:3d:cf:fc:e1:65:0a:fa:73:92:77:
                    2f:f9:88:39:67:70:dd:7d:ac:5d:88:47:80:56:43:
                    fb:09:e7:c2:46:37:39:81:38:88:db:00:05:d3:54:
                    9e:a3:29:b5:b3:43:a8:b7:1e:e4:28:fd:f9:9d:7e:
                    51:56:d0:03:3d:0e:37:ed:1b:ed:c3:ff:58:21:22:
                    e9:81:e9:0c:13:ce:6e:eb:dc:21:1f:07:39:e8:eb:
                    08:33:51:6a:99:70:4a:20:6c:8b:08:83:9b:52:8b:
                    c0:b2:de:0d:53:52:83:63:ce:b0:82:dd:8a:3d:fb:
                    14:6d:21:2a:ef:28:ac:0d:a5:6b:6f:8f:71:59:6b:
                    cc:4d:66:20:a2:2b:68:8d:f4:59:0a:9d:fa:80:78:
                    8f:51:64:41:11:12:48:06:3c:c8:b3:a7:4b:f1:0d:
                    7c:ea:b3:c2:b5:e3:18:c7:29:e7:bb:6c:78:35:9a:
                    64:e2:a6:a3:b2:ad:11:65:41:68:60:60:18:1e:98:
                    1b:bc:1c:2e:52:76:e6:d9:c6:34:56:f5:8f:8f:d7:
                    04:04:aa:f7:aa:28:84:55:b7:d2:f8:95:80:6d:ee:
                    29:a0:ee:a2:45:bb:23:2a:79:aa:73:c5:47:2c:60:
                    53:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:09:42:95:61:11:7E:40:60:55:CA:B4:E3:22:5E:E8:BF:28:17:4D
            X509v3 Authority Key Identifier:
                keyid:15:3B:46:70:28:39:A7:95:BA:BA:8D:8D:15:EC:DC:CA:63:7E:33:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FTtGcCg5p5W6uo2NFezcymN-M2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f56d7f-1b78-4453-81e7-ba56378a6476/1/AAlClWERfkBgVcq04yJe6L8oF00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f56d7f-1b78-4453-81e7-ba56378a6476/1/FTtGcCg5p5W6uo2NFezcymN-M2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.22.0/24
                IPv6:
                  2a0c:d4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:69:8e:c8:ac:59:84:51:7e:cc:b7:50:8b:8e:a9:72:29:16:
         f2:91:b2:f9:8a:6e:21:3d:bb:dc:a7:28:f7:4e:f2:37:3a:16:
         ca:64:47:f9:ea:55:b2:48:78:fb:f0:db:1c:02:f0:b5:77:2f:
         3e:15:39:cc:72:24:6e:76:aa:c4:eb:47:36:3d:ed:cf:e4:dc:
         83:ae:34:b4:ce:54:b6:b5:66:15:23:c0:fd:e0:0e:46:09:ca:
         20:d2:93:20:22:a6:07:ea:ea:98:68:1b:44:5d:2b:a0:8e:7d:
         3a:69:7d:67:09:96:e3:63:77:43:5c:83:bf:01:f3:6f:02:56:
         b9:43:c2:c3:ef:58:4d:ad:87:eb:90:8c:ae:0a:7c:ba:3c:2b:
         5f:9f:54:be:0f:be:e0:81:f4:08:83:f7:e2:74:12:d4:38:3e:
         d5:50:37:fe:7c:84:96:46:fe:06:cb:33:42:16:ed:b0:22:3b:
         ac:03:1a:44:9f:66:92:91:0b:60:d2:a7:51:29:cc:09:03:48:
         9f:b8:b8:c5:e4:aa:05:ad:68:0a:56:6f:55:78:60:fb:8d:cf:
         3f:70:82:4b:c4:a1:ba:f5:b3:8e:a1:b6:38:0e:47:88:a0:1a:
         a3:9a:7b:a7:c8:63:28:b1:82:83:43:31:d9:7e:bb:80:b7:33:
         aa:0a:8c:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS3q5nOxjWF+yF8yJ3RkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2I0NjcwMjgzOWE3OTViYWJhOGQ4ZDE1ZWNkY2NhNjM3
ZTMzNmMwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA5NDI5NTYxMTE3ZTQwNjA1NWNhYjRlMzIyNWVlOGJmMjgxNzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8rdHiLTtj2dDTCO0/7I4syVOj3P
/OFlCvpzkncv+Yg5Z3DdfaxdiEeAVkP7CefCRjc5gTiI2wAF01Seoym1s0Ootx7k
KP35nX5RVtADPQ437Rvtw/9YISLpgekME85u69whHwc56OsIM1FqmXBKIGyLCIOb
UovAst4NU1KDY86wgt2KPfsUbSEq7yisDaVrb49xWWvMTWYgoitojfRZCp36gHiP
UWRBERJIBjzIs6dL8Q186rPCteMYxynnu2x4NZpk4qajsq0RZUFoYGAYHpgbvBwu
Unbm2cY0VvWPj9cEBKr3qiiEVbfS+JWAbe4poO6iRbsjKnmqc8VHLGBTowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAAJQpVhEX5AYFXKtOMiXui/KBdNMB8GA1UdIwQY
MBaAFBU7RnAoOaeVurqNjRXs3MpjfjNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlR0R2NDZzVwNVc2dW8yTkZlemN5bU4tTTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mNTZkN2YtMWI3OC00NDUzLTgxZTct
YmE1NjM3OGE2NDc2LzEvQUFsQ2xXRVJma0JnVmNxMDR5SmU2TDhvRjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mNTZkN2YtMWI3OC00NDUzLTgxZTctYmE1NjM3OGE2NDc2
LzEvRlR0R2NDZzVwNVc2dW8yTkZlemN5bU4tTTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufUWMA0E
AgACMAcDBQMqDNTAMA0GCSqGSIb3DQEBCwUAA4IBAQAqaY7IrFmEUX7Mt1CLjqly
KRbykbL5im4hPbvcpyj3TvI3OhbKZEf56lWySHj78NscAvC1dy8+FTnMciRudqrE
60c2Pe3P5NyDrjS0zlS2tWYVI8D94A5GCcog0pMgIqYH6uqYaBtEXSugjn06aX1n
CZbjY3dDXIO/AfNvAla5Q8LD71hNrYfrkIyuCny6PCtfn1S+D77ggfQIg/fidBLU
OD7VUDf+fISWRv4GyzNCFu2wIjusAxpEn2aSkQtg0qdRKcwJA0ifuLjF5KoFrWgK
Vm9VeGD7jc8/cIJLxKG69bOOobY4DkeIoBqjmnunyGMosYKDQzHZfruAtzOqCoxx
-----END CERTIFICATE-----