Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/c76ZhrfiR11TMzK_StBZ7O7YvCE.roa
File:                     c76ZhrfiR11TMzK_StBZ7O7YvCE.roa (raw, json)
Hash identifier:          5JyVXgJU19OnMR/eZcRjXyzBora4HleoAa/2pEITffA=
Subject key identifier:   73:BE:99:86:B7:E2:47:5D:53:33:32:BF:4A:D0:59:EC:EE:D8:BC:21
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       018EF7CBB43A7ACBB9C74700C5C1A483F45F
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/c76ZhrfiR11TMzK_StBZ7O7YvCE.roa
Signing time:             Fri 19 Apr 2024 19:18:26 +0000
ROA not before:           Fri 19 Apr 2024 19:18:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.149.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:cb:b4:3a:7a:cb:b9:c7:47:00:c5:c1:a4:83:f4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Apr 19 19:18:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73be9986b7e2475d533332bf4ad059eceed8bc21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8c:f6:c1:b3:70:84:fe:c8:aa:d8:a5:00:fe:
                    cd:48:f3:6d:d1:fb:7e:ea:76:f7:b1:04:d8:c7:61:
                    0d:aa:b4:9c:d4:e1:6e:54:55:23:46:f5:d5:e1:1c:
                    54:54:3e:e1:79:0f:fb:43:21:c7:ff:43:a8:60:ef:
                    db:2a:ca:57:e0:35:75:24:e6:b7:45:e7:1a:bf:75:
                    ca:f4:87:6f:c6:b4:44:50:17:6c:70:6f:26:c4:07:
                    b7:a7:3d:a5:07:e1:fb:6b:20:6c:09:cd:be:dc:a0:
                    4d:49:d9:a6:b2:dc:90:ec:44:f2:0d:34:95:4d:ba:
                    3d:89:40:f3:14:f4:36:1b:1b:21:0a:16:47:cb:2e:
                    03:0e:8b:72:d7:3b:c8:4b:7b:07:60:da:93:91:03:
                    f4:a6:b5:cd:30:cb:7b:94:e6:69:27:62:64:ef:22:
                    10:b6:23:78:40:75:2a:ca:9a:d7:6c:71:9e:5f:6c:
                    42:fb:5c:84:34:de:1e:59:30:f2:cc:3d:89:71:87:
                    36:aa:1b:36:f0:e6:df:5d:4f:e4:c3:f7:31:a0:da:
                    7a:87:6c:82:a1:1a:cf:ae:cf:32:28:84:6c:a1:c1:
                    84:f2:0d:46:46:57:94:ca:10:e8:72:8f:37:98:98:
                    03:f8:a0:39:f8:8e:2d:11:83:87:ad:88:40:d8:22:
                    f4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BE:99:86:B7:E2:47:5D:53:33:32:BF:4A:D0:59:EC:EE:D8:BC:21
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/c76ZhrfiR11TMzK_StBZ7O7YvCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:2f:ae:e4:d0:c7:a7:fa:66:c5:5c:25:f3:52:7f:3c:98:d7:
         a4:1a:96:58:a7:71:30:e5:7f:ac:5c:23:57:e8:8b:f4:37:7d:
         c6:74:6c:a7:84:60:15:9e:6c:ac:8a:2a:75:36:6c:9d:b5:54:
         de:7f:8e:b2:3b:3e:7b:1e:e6:2b:50:a2:f3:6a:e6:6f:60:85:
         7d:a7:c9:9d:72:28:f3:ab:3e:5a:f8:c9:a7:f7:5d:7c:a8:5e:
         a1:98:f3:52:f4:59:2f:ee:e0:48:b8:a1:fd:ea:db:d5:06:8b:
         7d:57:c5:35:f7:51:8b:a5:93:86:74:96:a0:5a:54:03:08:38:
         c4:da:dd:f3:be:aa:73:4e:fa:b4:71:59:88:05:39:50:00:2a:
         2f:03:d3:dd:b0:14:fd:3d:54:4b:82:ad:e0:68:07:f2:ed:b3:
         cb:c6:65:41:de:8b:9a:1f:39:3d:3a:04:9d:09:c5:70:8f:f5:
         01:83:e9:02:63:b4:60:48:23:c7:87:35:80:df:55:b3:98:64:
         04:94:1a:ab:bc:0e:89:7a:6e:99:0f:ed:ce:fa:c3:22:b6:03:
         ab:1a:76:b4:3a:3c:4f:02:e3:a3:ae:f1:ac:b4:54:7e:3f:ff:
         70:83:8d:d5:c9:c9:c5:bc:87:b5:95:a9:cc:74:67:68:6e:23:
         dc:0c:cb:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY73y7Q6esu5x0cAxcGkg/RfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjQwNDE5MTkxODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JlOTk4NmI3ZTI0NzVkNTMzMzMyYmY0YWQwNTllY2VlZDhiYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Iz2wbNwhP7IqtilAP7NSPNt0ft+
6nb3sQTYx2ENqrSc1OFuVFUjRvXV4RxUVD7heQ/7QyHH/0OoYO/bKspX4DV1JOa3
Recav3XK9IdvxrREUBdscG8mxAe3pz2lB+H7ayBsCc2+3KBNSdmmstyQ7ETyDTSV
Tbo9iUDzFPQ2GxshChZHyy4DDoty1zvIS3sHYNqTkQP0prXNMMt7lOZpJ2Jk7yIQ
tiN4QHUqyprXbHGeX2xC+1yENN4eWTDyzD2JcYc2qhs28ObfXU/kw/cxoNp6h2yC
oRrPrs8yKIRsocGE8g1GRleUyhDoco83mJgD+KA5+I4tEYOHrYhA2CL0WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO+mYa34kddUzMyv0rQWezu2LwhMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvYzc2WmhyZmlSMTFUTXpLX1N0Qlo3TzdZdkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUkMA0G
CSqGSIb3DQEBCwUAA4IBAQBFL67k0Men+mbFXCXzUn88mNekGpZYp3Ew5X+sXCNX
6Iv0N33GdGynhGAVnmysiip1NmydtVTef46yOz57HuYrUKLzauZvYIV9p8mdcijz
qz5a+Mmn9118qF6hmPNS9Fkv7uBIuKH96tvVBot9V8U191GLpZOGdJagWlQDCDjE
2t3zvqpzTvq0cVmIBTlQACovA9PdsBT9PVRLgq3gaAfy7bPLxmVB3ouaHzk9OgSd
CcVwj/UBg+kCY7RgSCPHhzWA31WzmGQElBqrvA6Jem6ZD+3O+sMitgOrGna0OjxP
AuOjrvGstFR+P/9wg43VycnFvIe1lanMdGdobiPcDMsY
-----END CERTIFICATE-----