Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/FLV4Zh20tn7CVUTDOPHkhZPTk70.roa
File:                     FLV4Zh20tn7CVUTDOPHkhZPTk70.roa (raw, json)
Hash identifier:          uaaBAVkA9rsszptKloarAXMzvQ81784ZnKbERI4a/98=
Subject key identifier:   14:B5:78:66:1D:B4:B6:7E:C2:55:44:C3:38:F1:E4:85:93:D3:93:BD
Certificate issuer:       /CN=b9032bdb128c86e00b21c77959a8011c40d0650c
Certificate serial:       018CC94E2E7D25D13C6344AC719645788D4E
Authority key identifier: B9:03:2B:DB:12:8C:86:E0:0B:21:C7:79:59:A8:01:1C:40:D0:65:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/FLV4Zh20tn7CVUTDOPHkhZPTk70.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211878
IP address blocks:        45.152.88.0/22 maxlen: 24
                          2a0f:5100::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2e:7d:25:d1:3c:63:44:ac:71:96:45:78:8d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9032bdb128c86e00b21c77959a8011c40d0650c
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14b578661db4b67ec25544c338f1e48593d393bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7c:72:a2:f6:8a:a0:73:6e:56:4a:56:dc:96:
                    da:0c:2a:04:65:39:fd:49:56:bc:bc:fc:8f:e8:7e:
                    cf:70:b9:52:45:ea:9c:96:7a:18:2e:a1:a8:d0:73:
                    7b:f1:ca:29:23:d7:b7:94:4f:16:31:dc:c0:15:7f:
                    22:a9:fe:74:6e:bc:c5:a2:5c:f8:32:20:ec:88:ee:
                    2d:6a:ce:5b:70:92:44:6b:bb:dd:a4:7d:77:51:ad:
                    6a:d8:30:f8:8b:75:ff:a3:a2:a0:95:fd:c1:25:0b:
                    9f:f1:4e:39:22:2e:5b:b4:0a:e0:68:a7:ed:0c:e3:
                    36:2b:30:4d:db:c5:e5:32:80:da:77:18:d6:44:e8:
                    87:a0:c6:7b:7c:aa:fe:01:a1:2a:d0:89:6d:de:81:
                    e3:dc:41:41:46:59:05:85:2a:47:e9:f4:83:09:03:
                    a6:5b:62:55:d6:73:b2:81:89:91:78:89:e9:48:dd:
                    92:1e:cf:f7:28:2f:38:98:a8:de:38:1e:6a:20:b7:
                    ea:d7:76:c9:01:06:44:1b:35:42:93:e9:a0:a8:70:
                    4b:54:3a:44:c3:7a:a6:3e:e1:42:a2:10:b0:b8:de:
                    74:f6:6b:5a:dc:65:0f:7a:ea:99:07:85:73:e3:b7:
                    21:dd:0e:be:18:5f:52:ee:3c:51:6e:d0:97:dd:b7:
                    50:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B5:78:66:1D:B4:B6:7E:C2:55:44:C3:38:F1:E4:85:93:D3:93:BD
            X509v3 Authority Key Identifier:
                keyid:B9:03:2B:DB:12:8C:86:E0:0B:21:C7:79:59:A8:01:1C:40:D0:65:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/FLV4Zh20tn7CVUTDOPHkhZPTk70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.88.0/22
                IPv6:
                  2a0f:5100::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:a1:99:5e:63:7c:f5:b4:39:0b:66:be:bd:3d:7a:ed:18:2f:
         0b:c0:84:3e:6c:6d:4a:a8:61:77:3f:1b:2b:28:6c:4a:a5:37:
         98:3a:68:0d:e3:0b:d0:8b:85:9b:5f:14:66:d4:c9:df:ec:9e:
         43:82:77:78:de:f0:77:21:c7:32:58:6a:d8:76:0c:3e:77:14:
         ea:84:3c:df:4a:94:d5:08:e2:7e:7f:7b:7c:88:50:5f:26:b2:
         6c:22:01:ff:ef:f9:de:c7:22:ec:44:22:cd:02:9c:fd:44:42:
         5c:12:be:b6:2b:46:e4:7c:3f:d4:45:c1:97:e4:36:c3:01:5b:
         b7:70:37:b4:d2:05:d4:18:02:2a:c1:ef:e1:6e:d5:23:6b:2d:
         23:43:5e:1f:24:e4:76:2b:a3:3a:e5:88:01:81:a8:df:6d:40:
         a4:04:73:81:c1:8d:3c:7c:e3:db:3d:56:ba:09:3f:2b:72:10:
         96:98:f8:76:4f:89:67:7d:c3:68:d6:f7:7f:82:8b:3e:c8:35:
         6a:9a:55:59:e8:71:d9:f6:23:e1:b6:9e:c2:08:6a:60:44:c4:
         fa:ab:23:1c:17:86:2b:0b:b2:71:03:a2:81:04:e2:bf:f2:4b:
         fb:b4:04:9a:50:b0:48:ea:23:18:cf:1a:96:2e:ae:d3:4d:3b:
         5d:7a:08:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTi59JdE8Y0SscZZFeI1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MDMyYmRiMTI4Yzg2ZTAwYjIxYzc3OTU5YTgwMTFjNDBk
MDY1MGMwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGI1Nzg2NjFkYjRiNjdlYzI1NTQ0YzMzOGYxZTQ4NTkzZDM5M2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHxyovaKoHNuVkpW3JbaDCoEZTn9
SVa8vPyP6H7PcLlSReqclnoYLqGo0HN78copI9e3lE8WMdzAFX8iqf50brzFolz4
MiDsiO4tas5bcJJEa7vdpH13Ua1q2DD4i3X/o6Kglf3BJQuf8U45Ii5btArgaKft
DOM2KzBN28XlMoDadxjWROiHoMZ7fKr+AaEq0Ilt3oHj3EFBRlkFhSpH6fSDCQOm
W2JV1nOygYmReInpSN2SHs/3KC84mKjeOB5qILfq13bJAQZEGzVCk+mgqHBLVDpE
w3qmPuFCohCwuN509mta3GUPeuqZB4Vz47ch3Q6+GF9S7jxRbtCX3bdQrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBS1eGYdtLZ+wlVEwzjx5IWT05O9MB8GA1UdIwQY
MBaAFLkDK9sSjIbgCyHHeVmoARxA0GUMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVFNcjJ4S01odUFMSWNkNVdhZ0JIRURRWlF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9iY2IwM2QtMWMxMS00NTE2LWE4OGYt
ZmU4NDZmNzVkMTcwLzEvRkxWNFpoMjB0bjdDVlVURE9QSGtoWlBUazcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9iY2IwM2QtMWMxMS00NTE2LWE4OGYtZmU4NDZmNzVkMTcw
LzEvdVFNcjJ4S01odUFMSWNkNVdhZ0JIRURRWlF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZhYMA0E
AgACMAcDBQMqD1EAMA0GCSqGSIb3DQEBCwUAA4IBAQCgoZleY3z1tDkLZr69PXrt
GC8LwIQ+bG1KqGF3PxsrKGxKpTeYOmgN4wvQi4WbXxRm1Mnf7J5Dgnd43vB3Iccy
WGrYdgw+dxTqhDzfSpTVCOJ+f3t8iFBfJrJsIgH/7/nexyLsRCLNApz9REJcEr62
K0bkfD/URcGX5DbDAVu3cDe00gXUGAIqwe/hbtUjay0jQ14fJOR2K6M65YgBgajf
bUCkBHOBwY08fOPbPVa6CT8rchCWmPh2T4lnfcNo1vd/gos+yDVqmlVZ6HHZ9iPh
tp7CCGpgRMT6qyMcF4YrC7JxA6KBBOK/8kv7tASaULBI6iMYzxqWLq7TTTtdegh9
-----END CERTIFICATE-----