Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/0XIZ0KBzLbBni7dyrMmiE5z4S5g.roa
File:                     0XIZ0KBzLbBni7dyrMmiE5z4S5g.roa (raw, json)
Hash identifier:          JkYjhzHKhvn+4gP1SNZap+SKL/gV6y6NDUkSSmLHGfU=
Subject key identifier:   D1:72:19:D0:A0:73:2D:B0:67:8B:B7:72:AC:C9:A2:13:9C:F8:4B:98
Certificate issuer:       /CN=b9032bdb128c86e00b21c77959a8011c40d0650c
Certificate serial:       018CC94E2E00939F356CEA7CE513821C1FB8
Authority key identifier: B9:03:2B:DB:12:8C:86:E0:0B:21:C7:79:59:A8:01:1C:40:D0:65:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/0XIZ0KBzLbBni7dyrMmiE5z4S5g.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.152.91.0/24 maxlen: 24
                          2a0f:5100:a01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2e:00:93:9f:35:6c:ea:7c:e5:13:82:1c:1f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9032bdb128c86e00b21c77959a8011c40d0650c
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d17219d0a0732db0678bb772acc9a2139cf84b98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:22:d8:ae:fb:92:26:3c:77:47:42:6a:0e:c6:
                    ea:4c:09:b3:7e:e1:f9:8f:a7:90:13:3c:d1:70:f3:
                    f7:48:1f:95:a9:f1:fa:e7:57:45:1f:ed:2a:81:52:
                    bc:b1:c2:0e:5b:7e:72:ad:a0:16:53:7e:c9:a3:0a:
                    1a:98:8b:33:97:b7:32:f1:0d:ba:be:11:1c:5b:3d:
                    61:1e:07:af:64:0c:8f:3f:a8:1e:cc:87:4c:7b:14:
                    e1:76:58:4d:9f:2b:95:64:1d:0d:0b:50:86:74:5c:
                    1e:84:ee:a9:ca:b6:9c:fc:50:33:1a:7b:7f:c4:f1:
                    19:99:2e:b8:33:dc:18:ef:ed:06:b8:f9:f1:1f:e7:
                    c9:64:12:b9:0d:99:69:f8:7c:69:b4:1d:a8:a9:55:
                    34:80:c2:7c:e4:7b:e7:1c:54:f0:da:25:c0:0e:e6:
                    ef:b7:f7:45:22:f6:d7:39:b0:a3:f0:a1:88:7c:b2:
                    ab:af:ac:fb:c9:bd:f1:fa:3f:6e:cb:91:d8:5e:1c:
                    b9:5f:6b:2c:83:5a:0c:8b:24:2c:34:90:47:67:68:
                    ee:f2:ec:39:d1:44:b8:47:96:7a:6c:be:ab:b6:42:
                    b6:fc:84:7c:49:8d:09:b8:60:bf:c5:41:49:f3:3f:
                    5f:4e:24:f8:00:43:96:d8:3e:3b:1b:84:56:69:a6:
                    73:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:72:19:D0:A0:73:2D:B0:67:8B:B7:72:AC:C9:A2:13:9C:F8:4B:98
            X509v3 Authority Key Identifier:
                keyid:B9:03:2B:DB:12:8C:86:E0:0B:21:C7:79:59:A8:01:1C:40:D0:65:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/0XIZ0KBzLbBni7dyrMmiE5z4S5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.91.0/24
                IPv6:
                  2a0f:5100:a01::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:91:ce:e4:c5:77:67:0c:8d:cd:6b:f5:5b:64:66:58:23:d0:
         75:d8:cb:a8:b2:5a:e9:d0:93:e9:ea:0c:cf:9d:af:6b:29:2f:
         7b:94:ae:09:07:12:e4:74:c5:8f:07:8b:59:21:78:08:16:ca:
         ef:7e:f5:28:c4:ee:03:16:6d:49:12:3d:f2:3d:b8:12:7c:3c:
         9b:07:c9:47:7e:ac:1e:e0:b2:db:42:92:ec:e2:e0:12:db:00:
         09:2a:9f:da:dc:2b:2d:f9:e6:05:7c:bf:bb:da:96:c1:05:32:
         e0:6d:42:0f:1a:f6:f6:06:8e:55:5f:4d:59:29:74:78:77:bf:
         3c:27:7c:01:8c:21:47:7f:0b:a0:27:cf:dc:22:b8:3a:0f:18:
         c2:6c:87:2f:a7:87:5e:57:0e:d1:12:69:de:ec:38:17:64:26:
         fe:af:ec:01:95:f0:74:0f:41:fd:74:2f:52:b3:9a:09:44:7d:
         27:69:5d:35:4c:55:3d:7b:2c:86:dc:84:98:97:cd:5f:2a:36:
         93:e0:e8:e9:6b:29:37:ba:98:03:90:e7:0c:b3:5a:7f:70:51:
         72:02:1c:b0:18:98:d7:79:76:48:3a:76:f4:1e:1a:e6:df:df:
         a4:bf:30:ea:04:e1:0a:2c:a3:bd:e1:e2:18:5b:7b:87:ae:c6:
         7b:c3:04:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTi4Ak581bOp85ROCHB+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MDMyYmRiMTI4Yzg2ZTAwYjIxYzc3OTU5YTgwMTFjNDBk
MDY1MGMwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTcyMTlkMGEwNzMyZGIwNjc4YmI3NzJhY2M5YTIxMzljZjg0Yjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgiLYrvuSJjx3R0JqDsbqTAmzfuH5
j6eQEzzRcPP3SB+VqfH651dFH+0qgVK8scIOW35yraAWU37JowoamIszl7cy8Q26
vhEcWz1hHgevZAyPP6gezIdMexThdlhNnyuVZB0NC1CGdFwehO6pyrac/FAzGnt/
xPEZmS64M9wY7+0GuPnxH+fJZBK5DZlp+HxptB2oqVU0gMJ85HvnHFTw2iXADubv
t/dFIvbXObCj8KGIfLKrr6z7yb3x+j9uy5HYXhy5X2ssg1oMiyQsNJBHZ2ju8uw5
0US4R5Z6bL6rtkK2/IR8SY0JuGC/xUFJ8z9fTiT4AEOW2D47G4RWaaZzzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNFyGdCgcy2wZ4u3cqzJohOc+EuYMB8GA1UdIwQY
MBaAFLkDK9sSjIbgCyHHeVmoARxA0GUMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVFNcjJ4S01odUFMSWNkNVdhZ0JIRURRWlF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9iY2IwM2QtMWMxMS00NTE2LWE4OGYt
ZmU4NDZmNzVkMTcwLzEvMFhJWjBLQnpMYkJuaTdkeXJNbWlFNXo0UzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9iY2IwM2QtMWMxMS00NTE2LWE4OGYtZmU4NDZmNzVkMTcw
LzEvdVFNcjJ4S01odUFMSWNkNVdhZ0JIRURRWlF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZhbMA8E
AgACMAkDBwAqD1EACgEwDQYJKoZIhvcNAQELBQADggEBAJaRzuTFd2cMjc1r9Vtk
Zlgj0HXYy6iyWunQk+nqDM+dr2spL3uUrgkHEuR0xY8Hi1kheAgWyu9+9SjE7gMW
bUkSPfI9uBJ8PJsHyUd+rB7gsttCkuzi4BLbAAkqn9rcKy355gV8v7valsEFMuBt
Qg8a9vYGjlVfTVkpdHh3vzwnfAGMIUd/C6Anz9wiuDoPGMJshy+nh15XDtESad7s
OBdkJv6v7AGV8HQPQf10L1KzmglEfSdpXTVMVT17LIbchJiXzV8qNpPg6OlrKTe6
mAOQ5wyzWn9wUXICHLAYmNd5dkg6dvQeGubf36S/MOoE4Qoso73h4hhbe4euxnvD
BJs=
-----END CERTIFICATE-----