Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/M_0EWQ-S6oRhYKpDKPlGFevPi3E.roa
File:                     M_0EWQ-S6oRhYKpDKPlGFevPi3E.roa (raw, json)
Hash identifier:          qQnPDOAo1JdAJrkyRa3xK6LV+dYljF63JzCx1Bo/bUk=
Subject key identifier:   33:FD:04:59:0F:92:EA:84:61:60:AA:43:28:F9:46:15:EB:CF:8B:71
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018F5717502241FD84D329E27DE1714A675E
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/M_0EWQ-S6oRhYKpDKPlGFevPi3E.roa
Signing time:             Wed 08 May 2024 07:24:56 +0000
ROA not before:           Wed 08 May 2024 07:24:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51847
IP address blocks:        45.146.232.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:17:50:22:41:fd:84:d3:29:e2:7d:e1:71:4a:67:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: May  8 07:24:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33fd04590f92ea846160aa4328f94615ebcf8b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:89:62:a0:88:00:ee:0c:46:e2:5a:6e:41:d4:
                    34:04:e9:d3:17:a8:b1:b4:56:90:71:cc:f1:dc:f1:
                    74:d9:44:a5:b0:1e:1a:51:5e:0e:5f:ed:62:a4:08:
                    53:4e:37:8c:7f:c2:a9:91:03:6c:52:e9:97:0c:50:
                    b5:8b:27:fa:99:d7:aa:e1:c4:02:65:ee:f1:77:4d:
                    8e:45:ab:9f:0d:b3:78:aa:36:7d:68:33:63:17:ae:
                    71:34:d3:f4:14:09:e6:84:3f:6e:7b:0c:e5:d1:c4:
                    52:0f:59:ca:46:cf:51:f5:77:c7:55:33:3c:3c:ec:
                    72:38:ab:60:4f:60:15:35:3a:9e:21:06:ae:33:a9:
                    e5:bf:c7:c1:5a:c3:3b:e1:d0:f6:2d:2d:23:b0:66:
                    b9:25:04:ce:fa:7e:ab:9f:7a:59:b1:fa:c6:35:39:
                    93:68:99:96:df:70:17:9c:27:01:b3:53:d1:18:94:
                    4d:c0:5e:e7:8c:a5:0b:68:12:0c:8a:f7:0a:b6:7a:
                    bc:62:2d:c9:93:70:75:9a:bc:a1:69:ae:99:1c:1b:
                    1d:ad:3b:37:e3:7c:f7:f0:b5:58:cd:47:0b:15:24:
                    86:a5:2d:7e:35:de:0a:58:f1:79:65:0b:b2:02:3c:
                    2b:82:4d:fb:ed:d2:76:30:27:83:5d:e4:a7:75:5d:
                    25:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:FD:04:59:0F:92:EA:84:61:60:AA:43:28:F9:46:15:EB:CF:8B:71
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/M_0EWQ-S6oRhYKpDKPlGFevPi3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:61:42:42:18:41:a1:79:40:55:7e:aa:90:4a:93:4a:dc:17:
         18:89:6a:21:71:c5:88:fc:f8:a9:c5:25:9e:cf:07:58:f5:79:
         4a:38:14:e1:3c:be:8f:f3:ce:ad:46:7e:de:47:3c:40:de:c4:
         75:27:8d:b4:45:be:74:ca:52:31:97:68:97:f6:f5:99:f9:de:
         99:31:28:b6:48:58:0d:41:28:8d:56:bf:ff:6a:c0:6a:4f:7f:
         1d:ce:b9:55:40:bf:8a:3f:7d:7f:fc:d5:14:65:00:e5:4b:f5:
         b5:00:05:30:98:70:2b:23:52:7a:a5:fe:28:a5:77:8c:03:a8:
         5c:d3:c0:5c:4e:58:4b:da:5a:94:07:82:d3:a9:68:71:9e:75:
         87:92:48:40:86:2a:a2:54:c7:bf:01:ee:23:26:fb:cd:8e:fa:
         ca:b0:fd:10:4b:35:6f:83:04:e0:64:4a:ed:19:dd:9a:69:f7:
         c8:99:2b:20:1f:09:9a:44:7d:71:c9:e0:e1:8e:e0:52:65:10:
         19:72:b4:1a:61:f4:9e:f4:c4:5b:05:7d:47:e9:8c:3c:9f:d2:
         2e:e8:43:f2:01:b2:e5:fb:fb:25:a6:92:79:93:0a:7f:1c:c1:
         01:7b:2a:ba:bb:a1:0c:7e:dc:e6:7b:c5:23:fa:5f:8b:92:c1:
         48:bf:61:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9XF1AiQf2E0ynifeFxSmdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNTA4MDcyNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2ZkMDQ1OTBmOTJlYTg0NjE2MGFhNDMyOGY5NDYxNWViY2Y4YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIlioIgA7gxG4lpuQdQ0BOnTF6ix
tFaQcczx3PF02USlsB4aUV4OX+1ipAhTTjeMf8KpkQNsUumXDFC1iyf6mdeq4cQC
Ze7xd02ORaufDbN4qjZ9aDNjF65xNNP0FAnmhD9uewzl0cRSD1nKRs9R9XfHVTM8
POxyOKtgT2AVNTqeIQauM6nlv8fBWsM74dD2LS0jsGa5JQTO+n6rn3pZsfrGNTmT
aJmW33AXnCcBs1PRGJRNwF7njKULaBIMivcKtnq8Yi3Jk3B1mryhaa6ZHBsdrTs3
43z38LVYzUcLFSSGpS1+Nd4KWPF5ZQuyAjwrgk377dJ2MCeDXeSndV0lEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDP9BFkPkuqEYWCqQyj5RhXrz4txMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvTV8wRVdRLVM2b1JoWUtwREtQbEdGZXZQaTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLoMA0G
CSqGSIb3DQEBCwUAA4IBAQBpYUJCGEGheUBVfqqQSpNK3BcYiWohccWI/PipxSWe
zwdY9XlKOBThPL6P886tRn7eRzxA3sR1J420Rb50ylIxl2iX9vWZ+d6ZMSi2SFgN
QSiNVr//asBqT38dzrlVQL+KP31//NUUZQDlS/W1AAUwmHArI1J6pf4opXeMA6hc
08BcTlhL2lqUB4LTqWhxnnWHkkhAhiqiVMe/Ae4jJvvNjvrKsP0QSzVvgwTgZErt
Gd2aaffImSsgHwmaRH1xyeDhjuBSZRAZcrQaYfSe9MRbBX1H6Yw8n9Iu6EPyAbLl
+/slppJ5kwp/HMEBeyq6u6EMftzme8Uj+l+LksFIv2Gb
-----END CERTIFICATE-----