Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/14OLg-o774Kap0x9DGGlYzuFtSQ.roa
File:                     14OLg-o774Kap0x9DGGlYzuFtSQ.roa (raw, json)
Hash identifier:          GftMjKgPNCQaJ3VV9qXQAM0nqhrHOmHbnyUOY5aoID4=
Subject key identifier:   D7:83:8B:83:EA:3B:EF:82:9A:A7:4C:7D:0C:61:A5:63:3B:85:B5:24
Certificate issuer:       /CN=736d724e239efb7f2f7bea526a9e0c5e7fc89bbe
Certificate serial:       018CC7942909FA45102052FD6DBA04D9EDF5
Authority key identifier: 73:6D:72:4E:23:9E:FB:7F:2F:7B:EA:52:6A:9E:0C:5E:7F:C8:9B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c21yTiOe-38ve-pSap4MXn_Im74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/14OLg-o774Kap0x9DGGlYzuFtSQ.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42072
IP address blocks:        45.154.74.0/23 maxlen: 24
                          2a0f:b300:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/c21yTiOe-38ve-pSap4MXn_Im74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/c21yTiOe-38ve-pSap4MXn_Im74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c21yTiOe-38ve-pSap4MXn_Im74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:29:09:fa:45:10:20:52:fd:6d:ba:04:d9:ed:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=736d724e239efb7f2f7bea526a9e0c5e7fc89bbe
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7838b83ea3bef829aa74c7d0c61a5633b85b524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ba:74:24:08:51:8a:65:0e:ad:6a:be:cd:da:
                    fc:b7:c4:9b:6a:a4:17:17:4c:6e:12:8d:4d:bc:82:
                    84:b9:3f:3d:96:55:ac:c3:8c:cc:54:04:9a:63:d9:
                    60:38:b8:b3:25:e3:cd:6f:2c:be:52:61:6d:eb:64:
                    86:ef:a1:43:18:23:ad:2c:83:83:f8:d5:95:78:71:
                    84:ef:d7:c4:23:88:34:ca:eb:be:05:54:b1:bf:fa:
                    55:14:76:c1:59:0c:cf:a0:e8:16:8c:4b:5e:a3:4e:
                    9f:dd:8d:79:0b:a1:83:f1:52:d7:64:0d:a6:36:c6:
                    cd:a3:a0:f4:63:ff:e6:28:5a:69:4a:46:bc:bb:9b:
                    5d:3d:9b:52:d2:6e:7d:9f:24:a1:91:fe:cb:57:c8:
                    73:c7:1f:91:e8:06:f0:06:1b:77:01:88:77:56:16:
                    c6:cc:36:fa:dc:81:c0:31:1f:5a:eb:65:56:d2:87:
                    2a:55:53:d1:35:f3:db:61:31:7a:99:d1:48:9a:bf:
                    79:39:df:7f:6d:6b:1b:88:73:80:c3:19:54:0b:8d:
                    07:bb:15:19:7a:07:50:fd:94:5f:9a:1b:26:c5:30:
                    8a:c7:16:78:95:3b:46:2a:ae:0d:d7:fb:d3:9e:c8:
                    04:68:dc:b4:73:d1:2b:99:af:bd:0a:73:b5:b1:48:
                    f6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:83:8B:83:EA:3B:EF:82:9A:A7:4C:7D:0C:61:A5:63:3B:85:B5:24
            X509v3 Authority Key Identifier:
                keyid:73:6D:72:4E:23:9E:FB:7F:2F:7B:EA:52:6A:9E:0C:5E:7F:C8:9B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c21yTiOe-38ve-pSap4MXn_Im74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/14OLg-o774Kap0x9DGGlYzuFtSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/c21yTiOe-38ve-pSap4MXn_Im74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.74.0/23
                IPv6:
                  2a0f:b300:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         47:ba:64:45:73:ad:7a:97:4e:94:39:64:ef:ad:17:69:fe:86:
         69:21:02:2e:f7:9e:f1:ab:d0:10:84:3b:83:9a:62:48:76:14:
         aa:a2:64:a7:08:b7:6b:91:b3:02:c2:6f:a1:98:2c:01:32:52:
         fe:d1:cb:58:b1:77:76:c6:63:5b:67:45:81:45:3c:40:df:ed:
         b0:8a:61:c6:61:9c:ac:90:a1:d4:81:c5:10:3f:4c:64:12:01:
         85:31:8b:7b:5d:a2:ac:15:0b:ff:a1:0c:fd:ff:6a:39:32:92:
         73:ab:42:a6:d6:ad:f8:f3:34:4b:87:9c:be:ed:1b:6c:b0:9d:
         db:89:d9:4c:f3:23:e5:b6:6a:bd:32:b6:9f:63:9c:3f:a0:c8:
         bd:0e:f3:c6:e7:5a:12:a2:1b:59:26:db:6f:ad:3a:32:88:45:
         a2:dc:fe:f4:f6:db:15:20:07:6f:71:9a:1d:97:66:5f:61:9c:
         51:84:c4:93:4c:b8:eb:6a:87:a3:ad:cc:b7:3a:54:b1:31:dd:
         59:17:c4:82:f7:1f:06:4d:40:f0:65:b0:30:a3:51:65:2f:7d:
         35:bc:25:3a:01:58:8f:6e:fd:37:f8:34:f9:b7:09:d1:1e:20:
         d0:7a:a0:be:1c:bc:80:d0:89:ab:6d:b3:da:9e:64:e6:42:79:
         3a:7c:d5:38
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHlCkJ+kUQIFL9bboE2e31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNmQ3MjRlMjM5ZWZiN2YyZjdiZWE1MjZhOWUwYzVlN2Zj
ODliYmUwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzgzOGI4M2VhM2JlZjgyOWFhNzRjN2QwYzYxYTU2MzNiODViNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbp0JAhRimUOrWq+zdr8t8SbaqQX
F0xuEo1NvIKEuT89llWsw4zMVASaY9lgOLizJePNbyy+UmFt62SG76FDGCOtLIOD
+NWVeHGE79fEI4g0yuu+BVSxv/pVFHbBWQzPoOgWjEteo06f3Y15C6GD8VLXZA2m
NsbNo6D0Y//mKFppSka8u5tdPZtS0m59nyShkf7LV8hzxx+R6AbwBht3AYh3VhbG
zDb63IHAMR9a62VW0ocqVVPRNfPbYTF6mdFImr95Od9/bWsbiHOAwxlUC40HuxUZ
egdQ/ZRfmhsmxTCKxxZ4lTtGKq4N1/vTnsgEaNy0c9Erma+9CnO1sUj2bQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNeDi4PqO++CmqdMfQxhpWM7hbUkMB8GA1UdIwQY
MBaAFHNtck4jnvt/L3vqUmqeDF5/yJu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzIxeVRpT2UtMzh2ZS1wU2FwNE1Ybl9JbTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kZmMxMTAtNzkyNC00OWE5LTg1NjQt
MGJlYmZjYmRlMWYzLzEvMTRPTGctbzc3NEthcDB4OURHR2xZenVGdFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kZmMxMTAtNzkyNC00OWE5LTg1NjQtMGJlYmZjYmRlMWYz
LzEvYzIxeVRpT2UtMzh2ZS1wU2FwNE1Ybl9JbTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBLZpKMA4E
AgACMAgDBgQqD7MAIDANBgkqhkiG9w0BAQsFAAOCAQEAR7pkRXOtepdOlDlk760X
af6GaSECLvee8avQEIQ7g5piSHYUqqJkpwi3a5GzAsJvoZgsATJS/tHLWLF3dsZj
W2dFgUU8QN/tsIphxmGcrJCh1IHFED9MZBIBhTGLe12irBUL/6EM/f9qOTKSc6tC
ptat+PM0S4ecvu0bbLCd24nZTPMj5bZqvTK2n2OcP6DIvQ7zxudaEqIbWSbbb606
MohFotz+9PbbFSAHb3GaHZdmX2GcUYTEk0y462qHo63MtzpUsTHdWRfEgvcfBk1A
8GWwMKNRZS99NbwlOgFYj279N/g0+bcJ0R4g0Hqgvhy8gNCJq22z2p5k5kJ5OnzV
OA==
-----END CERTIFICATE-----