Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/j5SRqvG9WpVu6vV3ga10hT0bqtU.roa
File:                     j5SRqvG9WpVu6vV3ga10hT0bqtU.roa (raw, json)
Hash identifier:          c9XUXyIHqd9Crsw3T+NKSuLPs+z7D1klADF2VW2gEgM=
Subject key identifier:   8F:94:91:AA:F1:BD:5A:95:6E:EA:F5:77:81:AD:74:85:3D:1B:AA:D5
Certificate issuer:       /CN=df78ec6b0b969aa2228f125edaa419bacdbbf25b
Certificate serial:       018CC4253B8F64C3CA5DEC3BC4796D2A5575
Authority key identifier: DF:78:EC:6B:0B:96:9A:A2:22:8F:12:5E:DA:A4:19:BA:CD:BB:F2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/33jsawuWmqIijxJe2qQZus278ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/j5SRqvG9WpVu6vV3ga10hT0bqtU.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.154.19.0/24 maxlen: 24
                          45.154.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/33jsawuWmqIijxJe2qQZus278ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/33jsawuWmqIijxJe2qQZus278ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/33jsawuWmqIijxJe2qQZus278ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3b:8f:64:c3:ca:5d:ec:3b:c4:79:6d:2a:55:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df78ec6b0b969aa2228f125edaa419bacdbbf25b
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f9491aaf1bd5a956eeaf57781ad74853d1baad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:cf:d8:b0:a3:f7:75:05:8f:52:12:79:ff:08:
                    37:74:3c:d2:63:0a:31:a7:7d:44:3b:dc:24:ea:a7:
                    1e:d9:02:10:dc:bd:05:df:35:bb:63:b7:a0:fb:cd:
                    c5:c6:c6:1e:82:55:31:46:81:4d:85:4b:c4:54:44:
                    5f:a9:2f:c9:1d:a6:bd:0e:b5:ef:86:6b:43:4a:9a:
                    26:99:d6:c1:10:c4:91:69:88:e6:d9:43:45:10:be:
                    c3:b0:d3:5c:5a:58:d4:84:0e:ca:ed:09:a6:4b:4a:
                    52:22:4d:7c:50:da:c4:2d:14:5e:b3:17:a6:30:f5:
                    10:7c:9c:63:e2:96:ff:ad:9a:cb:91:d1:4b:31:1c:
                    ee:93:d1:5c:2b:5a:2d:38:eb:10:75:77:9f:97:93:
                    ac:af:58:d9:df:a6:3d:07:88:71:3f:91:78:04:ac:
                    2a:1e:8c:29:a9:a2:a3:8b:d4:2e:6e:17:f5:36:3d:
                    b5:43:3d:fe:19:af:9b:cf:eb:78:21:e9:22:97:be:
                    49:cd:b1:df:7b:22:a9:13:97:f7:d6:2e:1b:c1:18:
                    36:5f:98:17:01:a0:31:4e:a3:d6:e3:e0:e4:15:2a:
                    60:4e:61:3e:5c:fc:e9:35:a8:21:fb:97:2e:17:8a:
                    72:6f:94:68:05:fc:8f:76:57:2b:a9:4f:16:cd:f8:
                    3e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:94:91:AA:F1:BD:5A:95:6E:EA:F5:77:81:AD:74:85:3D:1B:AA:D5
            X509v3 Authority Key Identifier:
                keyid:DF:78:EC:6B:0B:96:9A:A2:22:8F:12:5E:DA:A4:19:BA:CD:BB:F2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33jsawuWmqIijxJe2qQZus278ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/j5SRqvG9WpVu6vV3ga10hT0bqtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/33jsawuWmqIijxJe2qQZus278ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:ab:a9:50:03:8d:b1:4c:56:f6:ad:48:24:28:53:2a:90:a3:
         1d:37:23:d5:ba:84:f8:c4:06:48:1e:3c:77:1d:d3:4e:26:d7:
         db:1a:d1:66:11:67:40:43:6c:68:1e:8d:9a:d2:2c:a4:ce:ad:
         f0:00:7b:04:8e:c4:c5:c4:04:6a:61:39:5a:7e:d5:8e:69:9d:
         19:97:5b:34:45:d4:78:bf:56:21:88:53:3f:10:5c:cd:60:ff:
         d0:2f:40:f7:68:50:1a:61:97:f2:ce:7f:f5:4b:0d:a3:d7:84:
         64:d4:ae:f2:d9:b4:44:40:17:18:61:87:6a:d0:c9:6e:37:38:
         a8:d3:99:ef:34:62:ab:c7:6b:65:7d:76:5d:77:d3:5f:00:10:
         3d:08:0b:92:26:59:07:53:3a:f0:e1:28:ba:64:9b:00:76:e9:
         2c:ee:68:f5:af:b9:ca:1c:e9:fb:0e:7e:dd:26:0b:97:08:b8:
         d1:14:7c:36:63:94:39:32:da:88:00:cc:70:da:fa:dc:c2:3c:
         ed:ea:3e:78:48:0b:f4:6d:45:05:c4:05:80:8e:2b:e0:ee:11:
         a2:74:52:f0:79:43:9e:3a:39:c3:09:b4:95:20:83:91:e4:2f:
         47:56:e0:ce:65:8d:dc:23:4f:c6:66:01:cc:79:6c:dc:bf:45:
         ce:5e:39:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTuPZMPKXew7xHltKlV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNzhlYzZiMGI5NjlhYTIyMjhmMTI1ZWRhYTQxOWJhY2Ri
YmYyNWIwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk0OTFhYWYxYmQ1YTk1NmVlYWY1Nzc4MWFkNzQ4NTNkMWJhYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM/YsKP3dQWPUhJ5/wg3dDzSYwox
p31EO9wk6qce2QIQ3L0F3zW7Y7eg+83FxsYeglUxRoFNhUvEVERfqS/JHaa9DrXv
hmtDSpommdbBEMSRaYjm2UNFEL7DsNNcWljUhA7K7QmmS0pSIk18UNrELRResxem
MPUQfJxj4pb/rZrLkdFLMRzuk9FcK1otOOsQdXefl5Osr1jZ36Y9B4hxP5F4BKwq
HowpqaKji9Qubhf1Nj21Qz3+Ga+bz+t4Iekil75JzbHfeyKpE5f31i4bwRg2X5gX
AaAxTqPW4+DkFSpgTmE+XPzpNagh+5cuF4pyb5RoBfyPdlcrqU8Wzfg+4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+UkarxvVqVbur1d4GtdIU9G6rVMB8GA1UdIwQY
MBaAFN947GsLlpqiIo8SXtqkGbrNu/JbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzNqc2F3dVdtcUlpanhKZTJxUVp1czI3OGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9kYmIwNDMtMzc3Yi00YzRiLWEwYTIt
N2U4YzU1MjZkZTdlLzEvajVTUnF2RzlXcFZ1NnZWM2dhMTBoVDBicXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9kYmIwNDMtMzc3Yi00YzRiLWEwYTItN2U4YzU1MjZkZTdl
LzEvMzNqc2F3dVdtcUlpanhKZTJxUVp1czI3OGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZoSMA0G
CSqGSIb3DQEBCwUAA4IBAQAVq6lQA42xTFb2rUgkKFMqkKMdNyPVuoT4xAZIHjx3
HdNOJtfbGtFmEWdAQ2xoHo2a0iykzq3wAHsEjsTFxARqYTlaftWOaZ0Zl1s0RdR4
v1YhiFM/EFzNYP/QL0D3aFAaYZfyzn/1Sw2j14Rk1K7y2bREQBcYYYdq0MluNzio
05nvNGKrx2tlfXZdd9NfABA9CAuSJlkHUzrw4Si6ZJsAduks7mj1r7nKHOn7Dn7d
JguXCLjRFHw2Y5Q5MtqIAMxw2vrcwjzt6j54SAv0bUUFxAWAjivg7hGidFLweUOe
OjnDCbSVIIOR5C9HVuDOZY3cI0/GZgHMeWzcv0XOXjnQ
-----END CERTIFICATE-----