Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/64a392-372e-48a6-a0e2-f5ad167d8494/1/N1ZJ3a2BRgc1YXTHPky5Abpnwtk.roa
File:                     N1ZJ3a2BRgc1YXTHPky5Abpnwtk.roa (raw, json)
Hash identifier:          TfUE65tsgha0+DC/hNvWj0YLBiDFPt3JxFs9fDO3sGw=
Subject key identifier:   37:56:49:DD:AD:81:46:07:35:61:74:C7:3E:4C:B9:01:BA:67:C2:D9
Certificate issuer:       /CN=6c0a9614ac4e10e7a2e2a5bc12f8623064c89ef9
Certificate serial:       018CC94E2754D4015927871636EF8164B9F5
Authority key identifier: 6C:0A:96:14:AC:4E:10:E7:A2:E2:A5:BC:12:F8:62:30:64:C8:9E:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAqWFKxOEOei4qW8EvhiMGTInvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/64a392-372e-48a6-a0e2-f5ad167d8494/1/N1ZJ3a2BRgc1YXTHPky5Abpnwtk.roa
Signing time:             Tue 02 Jan 2024 08:33:11 +0000
ROA not before:           Tue 02 Jan 2024 08:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208144
IP address blocks:        45.157.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/64a392-372e-48a6-a0e2-f5ad167d8494/1/bAqWFKxOEOei4qW8EvhiMGTInvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/64a392-372e-48a6-a0e2-f5ad167d8494/1/bAqWFKxOEOei4qW8EvhiMGTInvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAqWFKxOEOei4qW8EvhiMGTInvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:27:54:d4:01:59:27:87:16:36:ef:81:64:b9:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c0a9614ac4e10e7a2e2a5bc12f8623064c89ef9
        Validity
            Not Before: Jan  2 08:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=375649ddad814607356174c73e4cb901ba67c2d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:16:4f:ba:26:1b:93:02:0d:eb:0e:19:2e:d8:
                    90:cf:38:82:21:af:a3:11:38:80:00:47:95:b6:88:
                    99:00:e0:fb:c0:e7:bd:40:7e:bf:23:f2:29:68:78:
                    95:7e:bd:53:92:dd:4c:92:22:b1:46:ac:c3:41:f6:
                    0c:94:88:1f:cd:e8:d3:69:c2:3e:2f:b9:5a:e6:62:
                    f3:a9:dd:32:fe:56:45:51:de:72:4f:70:e0:ff:b8:
                    c3:12:35:f8:13:d7:bc:1b:33:34:a8:ce:d8:93:43:
                    e8:61:81:6f:0f:5f:88:1b:75:b3:80:d2:a1:8f:22:
                    6e:70:96:83:7a:9d:f8:50:9a:3a:58:2f:60:43:fb:
                    1f:12:d8:28:e6:04:8a:e7:b3:ea:d4:92:d4:d5:9d:
                    c0:4a:42:f8:8b:25:e0:a3:c7:88:38:b8:dd:4c:3a:
                    7a:14:d6:fb:06:3b:64:a8:7b:29:3a:20:f7:2e:7c:
                    71:d3:48:59:d1:18:cd:f3:96:b0:83:98:95:f7:bd:
                    e3:33:17:5f:45:9c:85:87:b3:96:c2:ba:0a:7a:53:
                    ba:7b:a3:79:9b:13:1f:b5:a7:e4:dc:1b:60:a2:b8:
                    df:e5:45:80:09:3d:08:fe:11:95:e5:e8:0c:56:e7:
                    f0:c6:4e:18:09:f0:a1:21:25:a8:69:d6:ac:72:f8:
                    b9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:56:49:DD:AD:81:46:07:35:61:74:C7:3E:4C:B9:01:BA:67:C2:D9
            X509v3 Authority Key Identifier:
                keyid:6C:0A:96:14:AC:4E:10:E7:A2:E2:A5:BC:12:F8:62:30:64:C8:9E:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAqWFKxOEOei4qW8EvhiMGTInvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/64a392-372e-48a6-a0e2-f5ad167d8494/1/N1ZJ3a2BRgc1YXTHPky5Abpnwtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/64a392-372e-48a6-a0e2-f5ad167d8494/1/bAqWFKxOEOei4qW8EvhiMGTInvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:e8:6a:b4:4e:79:43:37:48:0f:33:c5:ec:d1:44:54:6f:80:
         db:a6:92:7f:f9:f1:ad:fa:f0:af:e9:c0:b6:f7:be:d1:61:64:
         94:ce:32:66:3a:fc:a6:58:e9:51:0e:73:f2:bb:35:44:4d:21:
         24:25:29:c9:05:49:f6:fb:a3:34:e7:fd:62:2d:9e:32:e0:4e:
         f6:68:e4:60:d1:14:56:53:aa:d9:03:8e:e0:37:76:58:d5:85:
         b8:2a:79:e3:26:05:af:3e:a8:05:67:b0:bc:ee:6a:3a:59:94:
         64:dd:3c:3c:53:8b:e2:ac:93:e3:c0:11:57:6a:a8:e2:5a:e8:
         d6:c9:98:6c:eb:de:4d:8a:46:86:d5:f0:45:c9:36:21:c7:ac:
         02:f9:95:06:ad:f1:6c:ef:e5:bb:09:fe:e4:f6:2a:83:ef:00:
         7f:d4:af:cc:fa:b9:88:f2:2d:d3:e5:14:65:e3:ed:d0:b2:43:
         0d:ff:aa:20:a0:9d:9a:af:9b:ab:9c:6b:12:50:37:8d:aa:49:
         bb:48:4f:2a:88:e4:3c:32:0d:68:0a:1b:b0:9d:96:0d:34:3f:
         a8:79:95:ee:17:ce:54:6b:57:83:cb:6b:1c:01:95:9a:7b:0d:
         70:1f:73:7f:89:de:8d:48:3b:0d:ea:cb:8f:c3:f5:ee:b8:28:
         e6:ed:57:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTidU1AFZJ4cWNu+BZLn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMGE5NjE0YWM0ZTEwZTdhMmUyYTViYzEyZjg2MjMwNjRj
ODllZjkwHhcNMjQwMTAyMDgzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzU2NDlkZGFkODE0NjA3MzU2MTc0YzczZTRjYjkwMWJhNjdjMmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhZPuiYbkwIN6w4ZLtiQzziCIa+j
ETiAAEeVtoiZAOD7wOe9QH6/I/IpaHiVfr1Tkt1MkiKxRqzDQfYMlIgfzejTacI+
L7la5mLzqd0y/lZFUd5yT3Dg/7jDEjX4E9e8GzM0qM7Yk0PoYYFvD1+IG3WzgNKh
jyJucJaDep34UJo6WC9gQ/sfEtgo5gSK57Pq1JLU1Z3ASkL4iyXgo8eIOLjdTDp6
FNb7BjtkqHspOiD3Lnxx00hZ0RjN85awg5iV973jMxdfRZyFh7OWwroKelO6e6N5
mxMftafk3Btgorjf5UWACT0I/hGV5egMVufwxk4YCfChISWoadascvi5iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdWSd2tgUYHNWF0xz5MuQG6Z8LZMB8GA1UdIwQY
MBaAFGwKlhSsThDnouKlvBL4YjBkyJ75MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFxV0ZLeE9FT2VpNHFXOEV2aGlNR1RJbnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi82NGEzOTItMzcyZS00OGE2LWEwZTIt
ZjVhZDE2N2Q4NDk0LzEvTjFaSjNhMkJSZ2MxWVhUSFBreTVBYnBud3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi82NGEzOTItMzcyZS00OGE2LWEwZTItZjVhZDE2N2Q4NDk0
LzEvYkFxV0ZLeE9FT2VpNHFXOEV2aGlNR1RJbnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ2YMA0G
CSqGSIb3DQEBCwUAA4IBAQBc6Gq0TnlDN0gPM8Xs0URUb4DbppJ/+fGt+vCv6cC2
977RYWSUzjJmOvymWOlRDnPyuzVETSEkJSnJBUn2+6M05/1iLZ4y4E72aORg0RRW
U6rZA47gN3ZY1YW4KnnjJgWvPqgFZ7C87mo6WZRk3Tw8U4virJPjwBFXaqjiWujW
yZhs695NikaG1fBFyTYhx6wC+ZUGrfFs7+W7Cf7k9iqD7wB/1K/M+rmI8i3T5RRl
4+3QskMN/6ogoJ2ar5urnGsSUDeNqkm7SE8qiOQ8Mg1oChuwnZYNND+oeZXuF85U
a1eDy2scAZWaew1wH3N/id6NSDsN6suPw/XuuCjm7VeY
-----END CERTIFICATE-----