Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/r0AhI5zgtVZi10eHLUCFOda4hME.roa
File:                     r0AhI5zgtVZi10eHLUCFOda4hME.roa (raw, json)
Hash identifier:          z9LbHAV9lvRNOf8eZJsj+XszcGqkjwym+iA57I0gUSY=
Subject key identifier:   AF:40:21:23:9C:E0:B5:56:62:D7:47:87:2D:40:85:39:D6:B8:84:C1
Certificate issuer:       /CN=bf107e07952c069358cd3f82aaeceb4c69483ca9
Certificate serial:       018F37F5A5D94F3D28FAD1D0DE8C805C14DE
Authority key identifier: BF:10:7E:07:95:2C:06:93:58:CD:3F:82:AA:EC:EB:4C:69:48:3C:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vxB-B5UsBpNYzT-CquzrTGlIPKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/r0AhI5zgtVZi10eHLUCFOda4hME.roa
Signing time:             Thu 02 May 2024 06:19:56 +0000
ROA not before:           Thu 02 May 2024 06:19:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209835
IP address blocks:        45.149.182.0/23 maxlen: 24
                          151.248.20.0/22 maxlen: 24
                          185.185.94.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/vxB-B5UsBpNYzT-CquzrTGlIPKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/vxB-B5UsBpNYzT-CquzrTGlIPKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vxB-B5UsBpNYzT-CquzrTGlIPKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:37:f5:a5:d9:4f:3d:28:fa:d1:d0:de:8c:80:5c:14:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf107e07952c069358cd3f82aaeceb4c69483ca9
        Validity
            Not Before: May  2 06:19:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af4021239ce0b55662d747872d408539d6b884c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:01:ae:01:c7:6a:f6:53:47:bd:75:00:48:0a:
                    61:2b:a2:c2:60:af:bc:af:9c:25:a9:a4:98:0b:be:
                    e9:ce:97:9f:b1:e6:c5:a0:10:d0:a4:56:80:93:d7:
                    0d:10:3d:3a:c9:e4:14:3d:fa:e3:57:c3:bf:ca:59:
                    d5:b4:17:77:d5:22:49:ae:8d:ca:04:39:f7:3b:96:
                    54:be:d3:54:32:c5:35:42:d9:ce:bf:b0:43:d2:97:
                    16:7f:0b:b8:b2:27:e9:96:f5:22:29:70:21:8c:79:
                    5a:97:dc:d1:40:75:f9:fd:f5:f1:29:e0:1c:6f:d7:
                    9b:85:80:73:3a:2e:4c:6a:d9:9f:1b:c4:cf:db:af:
                    6c:f1:af:10:13:bb:ba:15:65:7e:38:3e:78:70:06:
                    1b:d6:d9:fa:80:3a:f0:46:bf:24:41:c9:a7:df:1a:
                    4d:a8:8b:0f:5c:5d:fe:3d:b6:cb:bd:cb:62:44:af:
                    e4:d9:13:71:6a:dc:7b:85:7e:8e:1c:fc:de:97:f8:
                    e9:53:7d:c9:40:17:83:0d:76:3f:ee:3f:41:db:3d:
                    36:5e:c4:78:ca:86:66:6f:b8:68:5b:c6:78:a1:2b:
                    c5:66:72:d6:52:30:6a:44:14:47:58:43:75:d8:fd:
                    56:08:1f:2a:8b:88:25:67:a5:11:0f:0d:22:ba:a2:
                    6d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:40:21:23:9C:E0:B5:56:62:D7:47:87:2D:40:85:39:D6:B8:84:C1
            X509v3 Authority Key Identifier:
                keyid:BF:10:7E:07:95:2C:06:93:58:CD:3F:82:AA:EC:EB:4C:69:48:3C:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vxB-B5UsBpNYzT-CquzrTGlIPKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/r0AhI5zgtVZi10eHLUCFOda4hME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/vxB-B5UsBpNYzT-CquzrTGlIPKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.182.0/23
                  151.248.20.0/22
                  185.185.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:9d:4a:d2:d9:84:5f:48:7f:68:ec:75:ca:2d:74:32:91:88:
         34:0e:4b:e3:09:1a:88:24:a9:8c:72:d2:d5:92:66:0a:92:72:
         17:ad:25:48:e3:e6:24:83:44:7b:69:69:9b:a3:d7:55:f0:31:
         78:e8:19:b1:15:40:38:e9:29:be:46:26:4e:82:1f:ca:3e:ea:
         ce:27:12:ed:d4:58:f3:79:29:76:8c:33:6a:b6:fa:7e:bf:58:
         7a:31:db:87:ad:82:68:f5:4d:72:9c:83:10:d8:df:7a:2f:4a:
         92:66:7a:9d:5c:9a:26:52:d7:05:63:e2:df:35:fe:d6:7a:dd:
         46:ed:89:3b:6b:5d:66:05:95:57:28:93:45:4e:6b:1a:1a:c0:
         ab:0a:5f:2d:2c:9b:f9:2e:66:a7:a9:9c:d7:e1:1c:9b:bc:f6:
         7b:0a:6d:b1:a8:54:89:8c:54:2b:08:9e:4c:6c:01:b9:ee:0b:
         3e:26:d4:8e:41:6a:46:f4:07:14:d1:b1:d5:b2:a3:e5:d4:a4:
         3b:6d:15:9e:2e:4f:85:ce:04:0e:ba:a5:5c:01:a8:37:54:3d:
         98:c9:b8:6c:80:78:7c:e1:eb:36:08:78:6e:6c:14:cd:9b:5e:
         7f:99:cd:bf:81:e2:3e:ad:bf:16:2d:cc:f7:a5:f5:be:34:6a:
         3e:82:c7:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY839aXZTz0o+tHQ3oyAXBTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMTA3ZTA3OTUyYzA2OTM1OGNkM2Y4MmFhZWNlYjRjNjk0
ODNjYTkwHhcNMjQwNTAyMDYxOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQwMjEyMzljZTBiNTU2NjJkNzQ3ODcyZDQwODUzOWQ2Yjg4NGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAGuAcdq9lNHvXUASAphK6LCYK+8
r5wlqaSYC77pzpefsebFoBDQpFaAk9cNED06yeQUPfrjV8O/ylnVtBd31SJJro3K
BDn3O5ZUvtNUMsU1QtnOv7BD0pcWfwu4sifplvUiKXAhjHlal9zRQHX5/fXxKeAc
b9ebhYBzOi5MatmfG8TP269s8a8QE7u6FWV+OD54cAYb1tn6gDrwRr8kQcmn3xpN
qIsPXF3+PbbLvctiRK/k2RNxatx7hX6OHPzel/jpU33JQBeDDXY/7j9B2z02XsR4
yoZmb7hoW8Z4oSvFZnLWUjBqRBRHWEN12P1WCB8qi4glZ6URDw0iuqJthwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK9AISOc4LVWYtdHhy1AhTnWuITBMB8GA1UdIwQY
MBaAFL8QfgeVLAaTWM0/gqrs60xpSDypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnhCLUI1VXNCcE5ZelQtQ3F1enJUR2xJUEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi83ZTI4ZWUtYzY1ZC00NTI5LWE0N2It
NDg2MzNkNzE4NTkwLzEvcjBBaEk1emd0VlppMTBlSExVQ0ZPZGE0aE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi83ZTI4ZWUtYzY1ZC00NTI5LWE0N2ItNDg2MzNkNzE4NTkw
LzEvdnhCLUI1VXNCcE5ZelQtQ3F1enJUR2xJUEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZW2AwQC
l/gUAwQBubleMA0GCSqGSIb3DQEBCwUAA4IBAQBEnUrS2YRfSH9o7HXKLXQykYg0
DkvjCRqIJKmMctLVkmYKknIXrSVI4+Ykg0R7aWmbo9dV8DF46BmxFUA46Sm+RiZO
gh/KPurOJxLt1FjzeSl2jDNqtvp+v1h6MduHrYJo9U1ynIMQ2N96L0qSZnqdXJom
UtcFY+LfNf7Wet1G7Yk7a11mBZVXKJNFTmsaGsCrCl8tLJv5LmanqZzX4RybvPZ7
Cm2xqFSJjFQrCJ5MbAG57gs+JtSOQWpG9AcU0bHVsqPl1KQ7bRWeLk+FzgQOuqVc
Aag3VD2YybhsgHh84es2CHhubBTNm15/mc2/geI+rb8WLcz3pfW+NGo+gsdl
-----END CERTIFICATE-----