Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/b5UDkGYIAGuakOrhWshV_OE4Bq4.roa
File:                     b5UDkGYIAGuakOrhWshV_OE4Bq4.roa (raw, json)
Hash identifier:          Ti22E3B2WOK5r0SY3aorSul1l8HlFAWP/SN2gY9jAi8=
Subject key identifier:   6F:95:03:90:66:08:00:6B:9A:90:EA:E1:5A:C8:55:FC:E1:38:06:AE
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       018CCA294D227164ADD22C49E18470BF82B6
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/b5UDkGYIAGuakOrhWshV_OE4Bq4.roa
Signing time:             Tue 02 Jan 2024 12:32:33 +0000
ROA not before:           Tue 02 Jan 2024 12:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.132.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 02:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:4d:22:71:64:ad:d2:2c:49:e1:84:70:bf:82:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Jan  2 12:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f9503906608006b9a90eae15ac855fce13806ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:73:85:83:9d:7d:68:8f:58:a3:f2:80:c6:08:
                    1a:60:12:9f:ee:d6:d2:1a:b3:31:94:d4:c9:de:26:
                    20:ac:48:99:2c:05:60:ff:47:04:23:6e:7f:6c:3a:
                    5a:40:ef:bf:ca:a7:e9:4f:e1:6d:33:81:45:fb:3d:
                    58:12:7e:9a:75:12:d4:ee:06:84:ef:48:69:9e:f1:
                    cd:00:6a:1e:73:d6:bd:72:19:d8:b1:42:33:83:ad:
                    8f:c4:28:a2:c5:06:38:6f:e4:18:a7:a0:28:52:30:
                    ae:36:06:d0:4a:15:f1:b3:51:f4:7a:10:f5:0a:45:
                    a3:6b:b6:29:40:57:71:45:d2:81:31:e6:74:e0:b1:
                    eb:a2:ff:e3:ab:0e:c1:44:c7:d7:c4:66:81:ea:08:
                    89:8c:a7:8b:cb:80:2a:8a:d3:a2:4b:85:fe:5b:60:
                    61:a6:e2:59:34:94:35:08:f2:3f:93:4e:a7:2d:c4:
                    c3:c6:8d:60:64:b0:74:af:32:f7:fd:6c:18:b3:d4:
                    85:73:be:24:74:5f:6d:a5:43:7c:50:2e:b9:cd:b3:
                    cd:ee:7f:d6:f9:82:6a:16:e2:ed:bd:31:c4:f1:64:
                    2b:a0:75:a2:1f:2d:8c:b6:07:70:f3:ef:2c:96:64:
                    a5:b7:a7:56:8b:b6:94:b1:50:0d:1c:05:40:03:05:
                    cd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:95:03:90:66:08:00:6B:9A:90:EA:E1:5A:C8:55:FC:E1:38:06:AE
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/b5UDkGYIAGuakOrhWshV_OE4Bq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:3f:6c:00:3a:66:44:3a:af:44:5e:42:e6:48:21:24:43:5b:
         ab:4c:3b:e5:03:b1:19:38:00:e8:99:88:c5:63:6b:97:6c:94:
         7d:4f:8d:10:bb:f0:a5:e7:d7:74:71:6a:53:a3:e3:86:0a:65:
         08:9c:9b:5d:df:b7:76:54:fe:ba:ab:5c:a0:a2:ab:8a:46:62:
         1d:f9:8a:34:a3:6e:6c:04:07:37:dd:e9:9d:02:fe:7b:f0:69:
         09:37:fe:46:40:bd:5f:2a:bc:66:a9:99:8d:fb:55:b9:dc:78:
         ec:48:8f:8b:46:17:34:2d:a9:f2:3e:78:41:60:f5:3a:0e:68:
         27:85:e8:79:ab:39:ed:2e:23:3d:4f:a5:51:a0:28:35:bc:88:
         74:48:30:dc:20:04:37:34:fd:28:63:c1:64:19:20:68:59:4e:
         7a:6f:57:17:57:8c:6b:04:23:89:1e:71:0a:01:cd:34:2f:5d:
         26:61:7e:1c:9d:27:36:1e:52:9f:7a:4c:dd:ee:7f:6a:8d:20:
         a4:72:02:14:b5:62:36:f0:72:5d:1f:90:39:84:0e:be:1a:17:
         02:16:be:fe:2a:64:2a:47:13:ed:89:56:e4:ca:7e:f7:a5:37:
         b1:d8:08:c6:6b:72:4f:8d:55:ca:08:eb:d5:df:c4:df:d2:9b:
         81:5e:97:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKU0icWSt0ixJ4YRwv4K2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjQwMTAyMTIzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjk1MDM5MDY2MDgwMDZiOWE5MGVhZTE1YWM4NTVmY2UxMzgwNmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXOFg519aI9Yo/KAxggaYBKf7tbS
GrMxlNTJ3iYgrEiZLAVg/0cEI25/bDpaQO+/yqfpT+FtM4FF+z1YEn6adRLU7gaE
70hpnvHNAGoec9a9chnYsUIzg62PxCiixQY4b+QYp6AoUjCuNgbQShXxs1H0ehD1
CkWja7YpQFdxRdKBMeZ04LHrov/jqw7BRMfXxGaB6giJjKeLy4AqitOiS4X+W2Bh
puJZNJQ1CPI/k06nLcTDxo1gZLB0rzL3/WwYs9SFc74kdF9tpUN8UC65zbPN7n/W
+YJqFuLtvTHE8WQroHWiHy2Mtgdw8+8slmSlt6dWi7aUsVANHAVAAwXN/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+VA5BmCABrmpDq4VrIVfzhOAauMB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvYjVVRGtHWUlBR3Vha09yaFdzaFZfT0U0QnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQZMA0G
CSqGSIb3DQEBCwUAA4IBAQB5P2wAOmZEOq9EXkLmSCEkQ1urTDvlA7EZOADomYjF
Y2uXbJR9T40Qu/Cl59d0cWpTo+OGCmUInJtd37d2VP66q1ygoquKRmId+Yo0o25s
BAc33emdAv578GkJN/5GQL1fKrxmqZmN+1W53HjsSI+LRhc0LanyPnhBYPU6Dmgn
heh5qzntLiM9T6VRoCg1vIh0SDDcIAQ3NP0oY8FkGSBoWU56b1cXV4xrBCOJHnEK
Ac00L10mYX4cnSc2HlKfekzd7n9qjSCkcgIUtWI28HJdH5A5hA6+GhcCFr7+KmQq
RxPtiVbkyn73pTex2AjGa3JPjVXKCOvV38Tf0puBXpdU
-----END CERTIFICATE-----