Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/uHun1Rqi9EBpeNi55aqzexzPJsw.roa
File:                     uHun1Rqi9EBpeNi55aqzexzPJsw.roa (raw, json)
Hash identifier:          Z2PRGb6yQQ9Sn+G1PXeUt6ure18xEDNvUxqZpQRomxk=
Subject key identifier:   B8:7B:A7:D5:1A:A2:F4:40:69:78:D8:B9:E5:AA:B3:7B:1C:CF:26:CC
Certificate issuer:       /CN=df78ec6b0b969aa2228f125edaa419bacdbbf25b
Certificate serial:       018CC4253BF4A3A2D771B679AC6881C3CDB4
Authority key identifier: DF:78:EC:6B:0B:96:9A:A2:22:8F:12:5E:DA:A4:19:BA:CD:BB:F2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/33jsawuWmqIijxJe2qQZus278ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/uHun1Rqi9EBpeNi55aqzexzPJsw.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48412
IP address blocks:        45.154.16.0/24 maxlen: 24
                          45.154.16.0/22 maxlen: 22
                          45.154.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/33jsawuWmqIijxJe2qQZus278ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/33jsawuWmqIijxJe2qQZus278ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/33jsawuWmqIijxJe2qQZus278ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3b:f4:a3:a2:d7:71:b6:79:ac:68:81:c3:cd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df78ec6b0b969aa2228f125edaa419bacdbbf25b
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b87ba7d51aa2f4406978d8b9e5aab37b1ccf26cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:50:e8:23:17:0e:c0:17:fb:15:c4:0a:b8:2e:
                    f9:e7:a6:b0:00:45:0a:19:64:4f:3d:72:f4:a6:0c:
                    44:05:07:66:da:ed:5a:39:3a:99:e0:63:8c:0e:6b:
                    a2:d7:e4:e2:02:b9:ee:10:86:ad:6f:6d:69:2c:be:
                    87:0e:6b:97:d6:19:96:22:85:f7:ff:3d:fa:d3:5b:
                    26:7d:1f:bf:28:5c:d8:ce:b3:88:83:f8:5e:aa:97:
                    82:01:64:a3:83:2e:5b:08:53:b4:2c:2c:92:44:6c:
                    29:2a:7c:4f:bd:a9:2c:c3:3e:b2:be:b3:5c:74:1c:
                    47:69:34:71:0c:78:76:bc:cc:3d:d6:0e:3a:42:2f:
                    85:89:a8:62:55:d3:93:aa:a8:77:29:2e:4f:b0:02:
                    50:7d:09:20:3d:e9:3f:47:f6:19:5d:49:a9:a2:a0:
                    63:1b:2f:d5:94:4e:5b:01:85:c1:08:37:6a:3a:92:
                    02:90:c9:6c:d6:37:55:d8:21:13:4e:de:56:03:0b:
                    21:39:61:e5:53:b5:4f:84:58:d8:a4:66:7f:9d:05:
                    c1:b1:e6:4e:58:20:ec:5c:62:d3:da:26:4b:de:79:
                    51:60:2d:62:9d:dc:a6:8d:3d:26:c6:3c:17:3e:60:
                    2b:19:91:fc:78:25:a8:0a:66:86:cc:01:e7:29:7d:
                    d5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7B:A7:D5:1A:A2:F4:40:69:78:D8:B9:E5:AA:B3:7B:1C:CF:26:CC
            X509v3 Authority Key Identifier:
                keyid:DF:78:EC:6B:0B:96:9A:A2:22:8F:12:5E:DA:A4:19:BA:CD:BB:F2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33jsawuWmqIijxJe2qQZus278ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/uHun1Rqi9EBpeNi55aqzexzPJsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dbb043-377b-4c4b-a0a2-7e8c5526de7e/1/33jsawuWmqIijxJe2qQZus278ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:29:08:a9:51:b2:af:f0:16:90:0d:d4:1e:55:01:bf:1a:a8:
         10:47:b7:eb:c3:11:76:e5:6f:fb:cb:d0:a9:fe:03:3f:1e:04:
         bb:75:a8:99:12:c0:76:92:d1:18:9d:eb:ad:f4:94:4b:f2:75:
         8a:ea:10:a2:d5:21:d3:5d:e5:e7:7a:9c:82:9a:ce:38:c6:7d:
         78:49:27:6d:62:a9:be:00:da:42:59:38:88:c4:2f:79:a2:1d:
         de:fb:c3:c3:13:4b:67:62:01:d2:59:b5:a6:24:f1:64:7b:c3:
         9d:18:e4:a8:0c:31:f0:44:46:f3:95:3e:70:bf:14:2c:e0:e5:
         ed:32:c1:4e:32:81:0b:4c:7b:ec:27:61:9e:a7:9e:9f:9a:63:
         f4:bf:80:4a:ed:e5:0f:55:ca:fb:f7:05:10:ff:b9:be:96:86:
         6a:ad:44:85:3c:b0:ed:87:21:ce:84:5a:a3:77:71:b9:34:09:
         13:56:26:e0:d6:d1:53:10:f8:b5:35:b5:b7:4f:fb:7e:62:9d:
         d6:da:bb:16:df:55:1b:8a:b6:0b:ef:1b:00:25:5d:3b:8e:5d:
         c2:d9:e2:ac:08:27:ea:58:47:61:cf:91:1d:d0:e4:4d:8f:59:
         cf:4d:30:56:24:19:95:ac:17:5f:3b:df:45:c3:15:9a:30:8c:
         32:11:fa:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTv0o6LXcbZ5rGiBw820MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNzhlYzZiMGI5NjlhYTIyMjhmMTI1ZWRhYTQxOWJhY2Ri
YmYyNWIwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdiYTdkNTFhYTJmNDQwNjk3OGQ4YjllNWFhYjM3YjFjY2YyNmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylDoIxcOwBf7FcQKuC7556awAEUK
GWRPPXL0pgxEBQdm2u1aOTqZ4GOMDmui1+TiArnuEIatb21pLL6HDmuX1hmWIoX3
/z3601smfR+/KFzYzrOIg/heqpeCAWSjgy5bCFO0LCySRGwpKnxPvakswz6yvrNc
dBxHaTRxDHh2vMw91g46Qi+FiahiVdOTqqh3KS5PsAJQfQkgPek/R/YZXUmpoqBj
Gy/VlE5bAYXBCDdqOpICkMls1jdV2CETTt5WAwshOWHlU7VPhFjYpGZ/nQXBseZO
WCDsXGLT2iZL3nlRYC1indymjT0mxjwXPmArGZH8eCWoCmaGzAHnKX3VqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh7p9UaovRAaXjYueWqs3sczybMMB8GA1UdIwQY
MBaAFN947GsLlpqiIo8SXtqkGbrNu/JbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzNqc2F3dVdtcUlpanhKZTJxUVp1czI3OGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9kYmIwNDMtMzc3Yi00YzRiLWEwYTIt
N2U4YzU1MjZkZTdlLzEvdUh1bjFScWk5RUJwZU5pNTVhcXpleHpQSnN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9kYmIwNDMtMzc3Yi00YzRiLWEwYTItN2U4YzU1MjZkZTdl
LzEvMzNqc2F3dVdtcUlpanhKZTJxUVp1czI3OGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZoQMA0G
CSqGSIb3DQEBCwUAA4IBAQBPKQipUbKv8BaQDdQeVQG/GqgQR7frwxF25W/7y9Cp
/gM/HgS7daiZEsB2ktEYneut9JRL8nWK6hCi1SHTXeXnepyCms44xn14SSdtYqm+
ANpCWTiIxC95oh3e+8PDE0tnYgHSWbWmJPFke8OdGOSoDDHwREbzlT5wvxQs4OXt
MsFOMoELTHvsJ2Gep56fmmP0v4BK7eUPVcr79wUQ/7m+loZqrUSFPLDthyHOhFqj
d3G5NAkTVibg1tFTEPi1NbW3T/t+Yp3W2rsW31UbirYL7xsAJV07jl3C2eKsCCfq
WEdhz5Ed0ORNj1nPTTBWJBmVrBdfO99FwxWaMIwyEfqK
-----END CERTIFICATE-----