Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/eyscAc5Wy6iLIHTRZtv21y3soo8.roa
File:                     eyscAc5Wy6iLIHTRZtv21y3soo8.roa (raw, json)
Hash identifier:          3H5it5/OK1kof6vD4SjmVamBRI8pJlG3b8HsqfE4yxc=
Subject key identifier:   7B:2B:1C:01:CE:56:CB:A8:8B:20:74:D1:66:DB:F6:D7:2D:EC:A2:8F
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018CC348F2BEFD756743BC120EAB8B447C35
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/eyscAc5Wy6iLIHTRZtv21y3soo8.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147293
IP address blocks:        45.146.232.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f2:be:fd:75:67:43:bc:12:0e:ab:8b:44:7c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b2b1c01ce56cba88b2074d166dbf6d72deca28f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e7:b8:89:dc:30:71:1a:83:49:6a:2f:18:a7:
                    b0:92:c9:70:ea:28:fa:81:f7:60:5f:ac:8b:87:69:
                    1e:fe:f5:4d:0f:e8:ab:2c:bd:52:0e:9b:91:fe:ec:
                    29:6c:85:8e:3e:3d:75:39:0c:5c:a7:e1:c5:f5:93:
                    53:ff:a2:8e:95:5c:2b:68:98:ed:5d:3c:ee:69:03:
                    1d:fa:de:6a:61:e9:9f:10:80:c2:5d:58:52:f2:70:
                    30:7d:03:81:ad:65:20:f3:fb:53:cb:1f:ab:72:1d:
                    05:4b:cb:2a:e9:d7:9c:f4:41:73:90:78:5e:b2:70:
                    e8:de:bf:98:51:12:65:a4:1e:51:e7:66:40:88:f7:
                    8e:bb:12:32:2a:5c:ae:a9:d8:24:ea:fe:aa:c5:0d:
                    f8:14:da:57:35:e7:a2:d4:82:57:a9:b6:70:f8:2d:
                    2d:13:de:e5:1e:17:ca:6c:35:41:7a:29:db:41:7a:
                    f0:80:90:75:d1:5b:45:44:e1:43:3e:8e:63:27:da:
                    b4:9c:7d:64:55:32:5e:8d:d1:9b:a5:96:01:b4:b7:
                    d6:ba:41:f5:95:00:8b:ef:a7:d6:a8:1c:11:5b:85:
                    14:d9:84:03:7d:36:db:00:f7:07:82:d3:76:78:ff:
                    d1:50:b3:81:be:13:ff:2d:8f:3b:17:bf:8c:d6:db:
                    da:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:2B:1C:01:CE:56:CB:A8:8B:20:74:D1:66:DB:F6:D7:2D:EC:A2:8F
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/eyscAc5Wy6iLIHTRZtv21y3soo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:0c:97:41:07:f3:a3:a1:1b:ef:0b:dd:c6:f1:6a:4a:2f:9b:
         11:4d:5e:10:a3:17:8f:df:a8:dc:97:d8:79:2f:b0:1d:31:89:
         9c:9d:90:2d:d6:ea:86:c8:2a:ae:b3:0f:70:3e:c8:e9:46:71:
         54:ea:ac:c5:0e:e4:0a:53:4b:03:c7:9c:40:30:fd:79:43:d2:
         9e:13:f8:21:01:f8:35:f7:02:e1:be:14:4d:83:d1:b6:10:71:
         01:8b:88:ff:07:00:98:45:6b:b4:a0:75:9a:01:de:a4:dd:ca:
         76:46:85:4d:09:c5:ac:7a:4d:1c:0f:a1:9c:0e:3c:eb:07:84:
         93:85:f1:a8:8a:37:a6:b1:a0:bb:29:b9:66:89:21:e0:6e:85:
         85:41:d6:95:f2:be:b5:df:47:90:72:61:b8:cd:91:65:df:54:
         db:40:20:23:cb:da:03:f7:79:90:f9:ea:4f:3f:37:8b:20:2e:
         d8:6d:33:59:2a:f7:d7:bd:14:19:26:e3:37:24:6f:73:5d:e4:
         87:41:f8:26:f2:85:22:71:00:7a:5c:c0:a4:c8:08:72:26:f6:
         4f:8c:73:cb:0e:39:42:c2:f8:db:41:a3:c4:0d:2c:5d:27:24:
         04:d7:14:cf:1f:0d:72:7c:51:be:ac:c8:19:5d:b0:39:4f:fe:
         47:68:45:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPK+/XVnQ7wSDquLRHw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjJiMWMwMWNlNTZjYmE4OGIyMDc0ZDE2NmRiZjZkNzJkZWNhMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+e4idwwcRqDSWovGKewkslw6ij6
gfdgX6yLh2ke/vVND+irLL1SDpuR/uwpbIWOPj11OQxcp+HF9ZNT/6KOlVwraJjt
XTzuaQMd+t5qYemfEIDCXVhS8nAwfQOBrWUg8/tTyx+rch0FS8sq6dec9EFzkHhe
snDo3r+YURJlpB5R52ZAiPeOuxIyKlyuqdgk6v6qxQ34FNpXNeei1IJXqbZw+C0t
E97lHhfKbDVBeinbQXrwgJB10VtFROFDPo5jJ9q0nH1kVTJejdGbpZYBtLfWukH1
lQCL76fWqBwRW4UU2YQDfTbbAPcHgtN2eP/RULOBvhP/LY87F7+M1tvajQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsrHAHOVsuoiyB00Wbb9tct7KKPMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvZXlzY0FjNVd5NmlMSUhUUlp0djIxeTNzb284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLoMA0G
CSqGSIb3DQEBCwUAA4IBAQCSDJdBB/OjoRvvC93G8WpKL5sRTV4QoxeP36jcl9h5
L7AdMYmcnZAt1uqGyCqusw9wPsjpRnFU6qzFDuQKU0sDx5xAMP15Q9KeE/ghAfg1
9wLhvhRNg9G2EHEBi4j/BwCYRWu0oHWaAd6k3cp2RoVNCcWsek0cD6GcDjzrB4ST
hfGoijemsaC7KblmiSHgboWFQdaV8r6130eQcmG4zZFl31TbQCAjy9oD93mQ+epP
PzeLIC7YbTNZKvfXvRQZJuM3JG9zXeSHQfgm8oUicQB6XMCkyAhyJvZPjHPLDjlC
wvjbQaPEDSxdJyQE1xTPHw1yfFG+rMgZXbA5T/5HaEXS
-----END CERTIFICATE-----