Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/xmGWJ4W-2bEHY8yAGOMzHdpsABI.roa
File:                     xmGWJ4W-2bEHY8yAGOMzHdpsABI.roa (raw, json)
Hash identifier:          QSx1euMpWnTzQGvrB0fe6T5ibss7Mgca3qHmVRr6PBE=
Subject key identifier:   C6:61:96:27:85:BE:D9:B1:07:63:CC:80:18:E3:33:1D:DA:6C:00:12
Certificate issuer:       /CN=d23f047b06c8b7271ee10c9af5d1443f0139c127
Certificate serial:       018E4175D59523A9024906D790E641F31922
Authority key identifier: D2:3F:04:7B:06:C8:B7:27:1E:E1:0C:9A:F5:D1:44:3F:01:39:C1:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0j8EewbItyce4Qya9dFEPwE5wSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/xmGWJ4W-2bEHY8yAGOMzHdpsABI.roa
Signing time:             Fri 15 Mar 2024 09:33:45 +0000
ROA not before:           Fri 15 Mar 2024 09:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56683
IP address blocks:        45.133.132.0/24 maxlen: 24
                          45.133.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/0j8EewbItyce4Qya9dFEPwE5wSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/0j8EewbItyce4Qya9dFEPwE5wSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0j8EewbItyce4Qya9dFEPwE5wSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:41:75:d5:95:23:a9:02:49:06:d7:90:e6:41:f3:19:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d23f047b06c8b7271ee10c9af5d1443f0139c127
        Validity
            Not Before: Mar 15 09:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c661962785bed9b10763cc8018e3331dda6c0012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:dc:59:3d:09:8c:41:66:75:75:8d:d7:12:7b:
                    e8:e6:94:af:3e:ce:e7:27:c5:2c:ee:47:31:e4:94:
                    f7:4d:de:54:08:88:b9:77:4d:e7:48:1f:ca:b8:40:
                    8e:55:db:4f:66:c5:8f:a9:96:cb:2a:e7:7c:a4:3b:
                    d7:77:c0:2e:17:84:30:4a:dd:52:8d:84:da:83:0d:
                    2b:27:e5:90:bd:38:21:c1:fd:1d:27:1b:0a:56:44:
                    62:45:ea:31:d0:e3:90:e1:d3:bc:55:aa:4e:36:8d:
                    d5:c5:04:7a:07:be:92:5d:c6:e3:6c:89:2b:42:54:
                    a4:75:d8:ae:fd:c2:17:a5:78:5b:d6:9e:77:a1:f3:
                    47:ed:89:ad:fc:54:aa:37:07:b5:0a:08:f6:93:ee:
                    33:e8:0f:68:2e:4d:c4:c9:44:12:b8:0c:58:36:af:
                    d8:34:32:4a:7d:f9:fd:f3:73:a0:9e:da:f4:7f:68:
                    c9:8c:ec:10:c7:2d:e5:e4:be:ce:fa:37:08:d4:1c:
                    f2:12:21:95:98:ce:95:ca:66:c1:4c:2b:44:94:71:
                    68:e7:d2:e7:c5:ed:a7:a6:cf:b5:ec:4e:c8:16:a2:
                    41:f2:02:d4:e6:05:99:88:06:a6:7a:40:a9:99:f8:
                    de:f6:8f:cb:71:eb:4b:84:e7:6f:b7:79:a3:c7:9c:
                    85:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:61:96:27:85:BE:D9:B1:07:63:CC:80:18:E3:33:1D:DA:6C:00:12
            X509v3 Authority Key Identifier:
                keyid:D2:3F:04:7B:06:C8:B7:27:1E:E1:0C:9A:F5:D1:44:3F:01:39:C1:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0j8EewbItyce4Qya9dFEPwE5wSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/xmGWJ4W-2bEHY8yAGOMzHdpsABI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/0j8EewbItyce4Qya9dFEPwE5wSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:2a:19:35:a6:06:39:9e:81:a3:e9:c5:a4:4d:07:01:6e:d5:
         e1:40:e5:ba:8b:fd:cd:30:93:38:62:61:11:d7:b3:da:8a:0a:
         45:5b:07:92:c2:bc:00:08:cc:de:23:e5:31:bb:86:34:63:38:
         3e:a2:62:b9:be:80:15:12:85:72:90:77:0f:be:05:7d:da:a4:
         68:5a:45:99:c4:68:43:b1:ed:f5:46:34:a2:bd:d0:54:fb:da:
         87:15:49:c4:b3:1c:56:0a:56:2c:bc:7e:26:0b:dc:7e:ba:74:
         be:20:6d:da:8d:7d:49:4d:c1:5e:c5:12:be:ad:29:a4:f2:df:
         d8:9c:03:43:ef:53:3a:0a:35:18:0c:76:1a:42:e3:a4:a7:d7:
         2e:2a:cf:e8:21:7a:77:82:59:c5:cb:79:f1:a1:41:b4:76:d0:
         b0:6e:f2:14:be:27:3b:41:7f:95:0f:10:ed:f0:56:d9:cc:61:
         5f:ea:db:71:1a:2e:94:95:45:42:90:26:25:34:c5:1c:3e:19:
         9d:e8:81:50:f4:9b:fb:60:53:12:98:99:74:82:36:46:c8:f9:
         64:08:88:cc:54:9b:7a:15:6a:0a:a1:e1:c6:84:3e:9d:7c:9b:
         06:83:c3:24:5b:84:cf:34:40:77:0d:bc:11:b3:0a:cc:b9:28:
         ec:5f:23:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5BddWVI6kCSQbXkOZB8xkiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyM2YwNDdiMDZjOGI3MjcxZWUxMGM5YWY1ZDE0NDNmMDEz
OWMxMjcwHhcNMjQwMzE1MDkzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjYxOTYyNzg1YmVkOWIxMDc2M2NjODAxOGUzMzMxZGRhNmMwMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtxZPQmMQWZ1dY3XEnvo5pSvPs7n
J8Us7kcx5JT3Td5UCIi5d03nSB/KuECOVdtPZsWPqZbLKud8pDvXd8AuF4QwSt1S
jYTagw0rJ+WQvTghwf0dJxsKVkRiReox0OOQ4dO8VapONo3VxQR6B76SXcbjbIkr
QlSkddiu/cIXpXhb1p53ofNH7Ymt/FSqNwe1Cgj2k+4z6A9oLk3EyUQSuAxYNq/Y
NDJKffn983Ogntr0f2jJjOwQxy3l5L7O+jcI1BzyEiGVmM6VymbBTCtElHFo59Ln
xe2nps+17E7IFqJB8gLU5gWZiAamekCpmfje9o/LcetLhOdvt3mjx5yFyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZhlieFvtmxB2PMgBjjMx3abAASMB8GA1UdIwQY
MBaAFNI/BHsGyLcnHuEMmvXRRD8BOcEnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGo4RWV3Ykl0eWNlNFF5YTlkRkVQd0U1d1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81MThmMTEtZDhmOS00N2EwLTk2MDAt
NWIwMGZiZjRhNTI5LzEveG1HV0o0Vy0yYkVIWTh5QUdPTXpIZHBzQUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81MThmMTEtZDhmOS00N2EwLTk2MDAtNWIwMGZiZjRhNTI5
LzEvMGo4RWV3Ykl0eWNlNFF5YTlkRkVQd0U1d1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYWEMA0G
CSqGSIb3DQEBCwUAA4IBAQBTKhk1pgY5noGj6cWkTQcBbtXhQOW6i/3NMJM4YmER
17PaigpFWweSwrwACMzeI+Uxu4Y0Yzg+omK5voAVEoVykHcPvgV92qRoWkWZxGhD
se31RjSivdBU+9qHFUnEsxxWClYsvH4mC9x+unS+IG3ajX1JTcFexRK+rSmk8t/Y
nAND71M6CjUYDHYaQuOkp9cuKs/oIXp3glnFy3nxoUG0dtCwbvIUvic7QX+VDxDt
8FbZzGFf6ttxGi6UlUVCkCYlNMUcPhmd6IFQ9Jv7YFMSmJl0gjZGyPlkCIjMVJt6
FWoKoeHGhD6dfJsGg8MkW4TPNEB3DbwRswrMuSjsXyNc
-----END CERTIFICATE-----