Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/OZLsOnF4b-1Br2AXgyfuE7fovTw.roa
File:                     OZLsOnF4b-1Br2AXgyfuE7fovTw.roa (raw, json)
Hash identifier:          OpispfEnIIDiKYzwfNfUlgsy7/vfj480Ss0Ag3dfTyI=
Subject key identifier:   39:92:EC:3A:71:78:6F:ED:41:AF:60:17:83:27:EE:13:B7:E8:BD:3C
Certificate issuer:       /CN=250e7df43c82d120a13d3c865f1f06f49644b1e1
Certificate serial:       018CC2DB6436833FCC140B23918F4974C39F
Authority key identifier: 25:0E:7D:F4:3C:82:D1:20:A1:3D:3C:86:5F:1F:06:F4:96:44:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JQ599DyC0SChPTyGXx8G9JZEseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/OZLsOnF4b-1Br2AXgyfuE7fovTw.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.143.132.0/24 maxlen: 24
                          45.143.134.0/24 maxlen: 24
                          45.143.133.0/24 maxlen: 24
                          45.143.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/JQ599DyC0SChPTyGXx8G9JZEseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/JQ599DyC0SChPTyGXx8G9JZEseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JQ599DyC0SChPTyGXx8G9JZEseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:64:36:83:3f:cc:14:0b:23:91:8f:49:74:c3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=250e7df43c82d120a13d3c865f1f06f49644b1e1
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3992ec3a71786fed41af60178327ee13b7e8bd3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ff:b7:85:1d:ab:b3:c2:4a:c6:be:27:b0:99:
                    bb:a8:61:99:6f:33:b6:07:95:2a:8c:99:4f:e5:27:
                    b8:57:58:68:b2:5c:9a:50:35:0c:dc:7a:35:54:5a:
                    8d:35:de:fe:30:de:4e:e3:11:4c:8a:f7:ec:cc:a6:
                    8b:16:43:bc:56:2c:2c:9e:1d:c4:5a:f0:52:25:90:
                    56:37:d3:c6:e2:23:db:8f:a2:d8:01:4d:17:bf:0d:
                    b5:e7:0c:9f:20:84:c3:2f:3a:2b:d2:34:54:07:88:
                    8b:53:0d:da:1d:5b:a2:ca:bd:fa:a3:0b:46:51:31:
                    d8:e1:b4:4f:ae:f5:82:75:e1:29:4e:43:7e:17:d5:
                    72:92:bb:43:72:3c:52:81:35:fb:41:c4:96:61:36:
                    28:c2:95:1e:11:dd:ad:6d:7f:a8:19:56:1b:b5:ac:
                    a1:be:e8:1c:9d:df:2d:9a:62:e1:cb:4c:f0:fc:df:
                    9e:66:57:05:65:26:a4:5b:0a:e6:3a:61:3c:0d:92:
                    54:dd:46:78:e6:bc:c5:85:65:8e:40:de:36:ec:e6:
                    6e:3b:05:15:4b:16:4d:0b:a6:f0:ae:04:33:70:51:
                    14:f9:75:66:61:46:83:38:92:b0:b3:27:9d:76:b2:
                    7e:92:6c:b5:72:b5:6d:c8:d3:08:4b:ee:f1:cf:49:
                    f5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:92:EC:3A:71:78:6F:ED:41:AF:60:17:83:27:EE:13:B7:E8:BD:3C
            X509v3 Authority Key Identifier:
                keyid:25:0E:7D:F4:3C:82:D1:20:A1:3D:3C:86:5F:1F:06:F4:96:44:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JQ599DyC0SChPTyGXx8G9JZEseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/OZLsOnF4b-1Br2AXgyfuE7fovTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/JQ599DyC0SChPTyGXx8G9JZEseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:8c:6a:d1:93:5d:d5:4d:d3:1b:7b:70:b3:4d:c1:2f:42:da:
         83:90:54:3f:5a:41:8c:53:f7:37:37:b7:4f:6b:1e:a5:34:26:
         50:73:bb:b5:e1:a6:33:05:61:28:ff:0e:20:0e:bb:c3:40:35:
         2f:33:b1:e5:a5:5a:c2:75:72:24:f0:15:f8:73:66:71:c1:19:
         5e:71:74:30:f5:a9:e0:f6:e5:22:8b:f3:e6:d2:d8:4c:03:f0:
         b3:44:16:49:20:9a:53:cb:1c:57:7e:80:8e:64:06:78:68:54:
         a0:8c:b0:c0:9c:ea:ab:ca:af:73:dc:0b:51:3e:a1:e0:08:06:
         a0:7c:14:4f:a4:5c:31:68:99:94:a3:81:e3:46:71:d0:4b:11:
         67:b3:53:94:b9:03:d0:6b:ad:89:d8:9a:90:c8:de:61:d8:8e:
         4b:dc:64:15:8f:44:9c:ca:56:b3:16:46:54:79:be:4d:35:23:
         e2:c5:48:40:65:02:5b:e2:15:0d:c4:eb:59:31:f4:ed:f3:5b:
         7f:e7:28:d3:2f:0a:1a:9c:1d:ca:0f:2f:29:34:a5:63:02:7c:
         72:12:65:c7:12:fe:c9:14:0a:3d:2b:2d:c3:da:98:57:cb:99:
         22:ce:f2:c0:9b:d8:64:cb:74:14:2e:e7:c7:2d:e7:10:dc:4a:
         71:f4:5d:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22Q2gz/MFAsjkY9JdMOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MGU3ZGY0M2M4MmQxMjBhMTNkM2M4NjVmMWYwNmY0OTY0
NGIxZTEwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTkyZWMzYTcxNzg2ZmVkNDFhZjYwMTc4MzI3ZWUxM2I3ZThiZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/+3hR2rs8JKxr4nsJm7qGGZbzO2
B5UqjJlP5Se4V1hoslyaUDUM3Ho1VFqNNd7+MN5O4xFMivfszKaLFkO8Viwsnh3E
WvBSJZBWN9PG4iPbj6LYAU0Xvw215wyfIITDLzor0jRUB4iLUw3aHVuiyr36owtG
UTHY4bRPrvWCdeEpTkN+F9VykrtDcjxSgTX7QcSWYTYowpUeEd2tbX+oGVYbtayh
vugcnd8tmmLhy0zw/N+eZlcFZSakWwrmOmE8DZJU3UZ45rzFhWWOQN427OZuOwUV
SxZNC6bwrgQzcFEU+XVmYUaDOJKwsyeddrJ+kmy1crVtyNMIS+7xz0n1xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmS7DpxeG/tQa9gF4Mn7hO36L08MB8GA1UdIwQY
MBaAFCUOffQ8gtEgoT08hl8fBvSWRLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlE1OTlEeUMwU0NoUFR5R1h4OEc5SlpFc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83ZDJlNjQtMTBkOS00YTRlLWE0YzYt
NGE5YmIyZmU3MzMxLzEvT1pMc09uRjRiLTFCcjJBWGd5ZnVFN2ZvdlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83ZDJlNjQtMTBkOS00YTRlLWE0YzYtNGE5YmIyZmU3MzMx
LzEvSlE1OTlEeUMwU0NoUFR5R1h4OEc5SlpFc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY+EMA0G
CSqGSIb3DQEBCwUAA4IBAQApjGrRk13VTdMbe3CzTcEvQtqDkFQ/WkGMU/c3N7dP
ax6lNCZQc7u14aYzBWEo/w4gDrvDQDUvM7HlpVrCdXIk8BX4c2ZxwRlecXQw9ang
9uUii/Pm0thMA/CzRBZJIJpTyxxXfoCOZAZ4aFSgjLDAnOqryq9z3AtRPqHgCAag
fBRPpFwxaJmUo4HjRnHQSxFns1OUuQPQa62J2JqQyN5h2I5L3GQVj0ScylazFkZU
eb5NNSPixUhAZQJb4hUNxOtZMfTt81t/5yjTLwoanB3KDy8pNKVjAnxyEmXHEv7J
FAo9Ky3D2phXy5kizvLAm9hky3QULufHLecQ3Epx9F3F
-----END CERTIFICATE-----