Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/rb1-8VqK6WW7GnPi3dVuiMtkbjg.roa
File:                     rb1-8VqK6WW7GnPi3dVuiMtkbjg.roa (raw, json)
Hash identifier:          3hK9LoK0Oj0D/HqKNm5Q37ietlXuNTYSIk9zecXjQ1U=
Subject key identifier:   AD:BD:7E:F1:5A:8A:E9:65:BB:1A:73:E2:DD:D5:6E:88:CB:64:6E:38
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       018E14A3C631BABFB8C519BE7639DD7C5D47
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/rb1-8VqK6WW7GnPi3dVuiMtkbjg.roa
Signing time:             Wed 06 Mar 2024 16:41:01 +0000
ROA not before:           Wed 06 Mar 2024 16:41:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        45.11.155.0/24 maxlen: 24
                          45.138.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:a3:c6:31:ba:bf:b8:c5:19:be:76:39:dd:7c:5d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Mar  6 16:41:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adbd7ef15a8ae965bb1a73e2ddd56e88cb646e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2a:cb:95:75:d1:db:cd:9f:95:bb:91:e9:fc:
                    6b:26:43:f1:56:09:0d:8b:61:58:cc:23:0c:d1:e7:
                    4e:8d:d7:d6:69:28:dd:3d:85:f4:0d:71:9e:85:7b:
                    8d:78:70:ef:5d:e4:b5:9b:0a:66:81:1c:6a:e8:2e:
                    96:85:8d:d1:04:dd:8a:ee:71:c9:4c:39:44:cc:c2:
                    5e:a0:57:16:a4:20:5a:70:0b:e1:56:42:44:83:15:
                    67:1e:4c:0e:80:76:2b:24:2e:2b:93:9c:d6:9d:b5:
                    6e:44:b4:7c:0c:4f:dd:ba:e5:39:74:c6:4f:55:af:
                    a7:3d:e3:49:4e:ff:67:d4:36:67:70:fc:d7:60:30:
                    ee:95:91:71:3d:3c:89:43:ba:19:c5:89:11:4d:12:
                    3a:28:b6:3a:83:54:22:d9:03:3b:51:54:1e:cd:fd:
                    d8:c0:99:0d:61:e6:bf:0c:a0:09:d8:15:36:7d:12:
                    01:4b:84:5b:94:3b:f5:b0:4e:f5:23:2d:08:fa:dd:
                    f1:22:9d:9f:67:3e:47:fd:a0:fa:ca:53:d8:bd:77:
                    3b:53:15:ed:9c:9e:fe:85:bc:e5:ad:a4:50:96:5b:
                    f8:ab:26:0f:ba:17:18:0a:39:a5:3a:35:f1:e1:ce:
                    9e:dd:0a:dd:e6:2b:a4:f0:fd:c0:e5:ae:16:13:7c:
                    9b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:BD:7E:F1:5A:8A:E9:65:BB:1A:73:E2:DD:D5:6E:88:CB:64:6E:38
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/rb1-8VqK6WW7GnPi3dVuiMtkbjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.155.0/24
                  45.138.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:50:a6:ff:dd:c8:b0:91:3d:f8:3d:3e:a5:f8:a5:0f:82:ed:
         92:bb:b4:f5:bb:62:84:04:0d:51:1e:92:81:80:49:23:0b:cb:
         a1:d7:c8:72:f3:82:d3:d0:e9:65:0e:43:8e:f6:36:4f:40:e6:
         6a:c3:c6:ac:d3:ed:1e:c1:65:6e:f4:e3:1e:37:2b:82:e6:46:
         bf:ba:71:2a:91:ad:64:b2:81:c0:88:32:2e:76:78:a8:34:2f:
         8a:6c:48:9f:dd:cd:39:0e:20:cf:a8:d0:85:da:fe:0c:3c:36:
         93:95:bb:ab:cd:e9:a5:ce:5f:d4:9a:ce:52:ee:ec:85:30:12:
         72:3e:23:e1:fa:de:fa:d9:d9:1f:6c:17:3e:ba:ae:3b:60:79:
         f2:6d:59:ef:ae:46:47:19:7c:1a:af:7f:cc:5e:9a:3b:43:9b:
         be:c6:61:8a:6c:b2:df:3c:a5:1d:3d:97:9a:e8:f2:4a:7a:1a:
         c3:5b:d3:43:5c:75:c2:9c:5f:ca:e1:66:0c:2b:8d:dc:04:a0:
         cb:65:ea:f9:f0:a9:94:7e:be:f1:7d:12:80:bd:0e:cc:68:1d:
         75:a8:e7:3e:cd:50:8e:d8:57:7f:b5:71:32:13:44:b4:82:68:
         c0:9b:96:93:bf:a1:31:c5:9b:25:24:55:10:23:a9:ab:98:b3:
         28:f5:9d:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4Uo8Yxur+4xRm+djndfF1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjQwMzA2MTY0MTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGJkN2VmMTVhOGFlOTY1YmIxYTczZTJkZGQ1NmU4OGNiNjQ2ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSrLlXXR282flbuR6fxrJkPxVgkN
i2FYzCMM0edOjdfWaSjdPYX0DXGehXuNeHDvXeS1mwpmgRxq6C6WhY3RBN2K7nHJ
TDlEzMJeoFcWpCBacAvhVkJEgxVnHkwOgHYrJC4rk5zWnbVuRLR8DE/duuU5dMZP
Va+nPeNJTv9n1DZncPzXYDDulZFxPTyJQ7oZxYkRTRI6KLY6g1Qi2QM7UVQezf3Y
wJkNYea/DKAJ2BU2fRIBS4RblDv1sE71Iy0I+t3xIp2fZz5H/aD6ylPYvXc7UxXt
nJ7+hbzlraRQllv4qyYPuhcYCjmlOjXx4c6e3Qrd5iuk8P3A5a4WE3yblwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK29fvFaiulluxpz4t3VbojLZG44MB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvcmIxLThWcUs2V1c3R25QaTNkVnVpTXRrYmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQubAwQC
LYocMA0GCSqGSIb3DQEBCwUAA4IBAQBeUKb/3ciwkT34PT6l+KUPgu2Su7T1u2KE
BA1RHpKBgEkjC8uh18hy84LT0OllDkOO9jZPQOZqw8as0+0ewWVu9OMeNyuC5ka/
unEqka1ksoHAiDIudnioNC+KbEif3c05DiDPqNCF2v4MPDaTlburzemlzl/Ums5S
7uyFMBJyPiPh+t762dkfbBc+uq47YHnybVnvrkZHGXwar3/MXpo7Q5u+xmGKbLLf
PKUdPZea6PJKehrDW9NDXHXCnF/K4WYMK43cBKDLZer58KmUfr7xfRKAvQ7MaB11
qOc+zVCO2Fd/tXEyE0S0gmjAm5aTv6ExxZslJFUQI6mrmLMo9Z1H
-----END CERTIFICATE-----