Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/0WB1JLdaCiM3c7O8skz8v8mtxBI.roa
File:                     0WB1JLdaCiM3c7O8skz8v8mtxBI.roa (raw, json)
Hash identifier:          FyViIY+jC8am9XP18hTuoBa0WxajDQzhdxAuIRFKPXw=
Subject key identifier:   D1:60:75:24:B7:5A:0A:23:37:73:B3:BC:B2:4C:FC:BF:C9:AD:C4:12
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018F62587AC944A2DD3DEFFF140DF62F1404
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/0WB1JLdaCiM3c7O8skz8v8mtxBI.roa
Signing time:             Fri 10 May 2024 11:51:56 +0000
ROA not before:           Fri 10 May 2024 11:51:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53107
IP address blocks:        45.148.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:58:7a:c9:44:a2:dd:3d:ef:ff:14:0d:f6:2f:14:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: May 10 11:51:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1607524b75a0a233773b3bcb24cfcbfc9adc412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d7:3d:79:f1:4c:8e:b1:da:8d:fc:85:37:4e:
                    bc:5d:69:60:64:6a:50:2c:8e:be:53:80:92:e5:a8:
                    31:4b:18:d3:85:d8:4b:36:fa:27:d1:b2:59:f4:7e:
                    0e:e4:a5:cd:d6:29:77:58:56:84:01:73:ef:24:85:
                    13:f5:e0:2d:55:36:db:fd:ca:1f:22:94:2a:3d:98:
                    a9:40:fd:89:ac:90:3b:78:11:aa:e4:77:c1:51:08:
                    a6:0b:be:fa:9e:0a:f8:17:4d:3b:f5:73:f0:83:0a:
                    73:d6:6e:3a:4c:68:7e:1f:43:f1:8d:fa:57:28:13:
                    72:1a:7a:ee:18:4d:6b:68:e2:b2:28:7f:90:cd:00:
                    fe:71:f1:9b:47:e8:b8:a9:d3:69:eb:5e:4d:79:e2:
                    80:ae:36:7b:bc:15:4e:43:7c:e5:ef:d1:c4:84:12:
                    b2:3b:35:40:0a:64:43:59:ee:9f:5f:11:b3:af:8f:
                    a7:ee:b5:89:e6:e6:08:19:8f:81:f1:86:a6:46:90:
                    30:f5:93:24:db:72:fe:ac:08:89:a5:57:aa:1c:be:
                    26:83:b2:a4:d0:55:a9:9d:d4:38:a8:f4:9b:6e:14:
                    03:22:19:50:b1:f0:9f:5e:70:5b:c6:2a:b7:e2:41:
                    9d:1d:9d:96:28:0d:8e:9b:61:02:13:eb:e2:67:cc:
                    b2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:60:75:24:B7:5A:0A:23:37:73:B3:BC:B2:4C:FC:BF:C9:AD:C4:12
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/0WB1JLdaCiM3c7O8skz8v8mtxBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:e5:9d:65:c1:94:e9:1c:4d:7a:85:83:a7:a8:55:13:10:50:
         c5:44:ce:91:c0:ae:0d:77:42:19:d5:ac:fc:20:86:f2:b4:ad:
         a5:36:9f:79:e9:7d:00:fa:76:2a:18:ec:d3:8a:43:e7:9c:04:
         69:74:69:fa:73:1d:e6:a0:6f:83:85:cc:1f:a7:77:88:00:ec:
         0d:46:c5:59:29:fc:87:91:b9:a5:73:86:b1:39:7e:4e:b1:f5:
         44:e2:1b:d3:a4:73:f1:8f:31:23:b0:0b:bd:ce:d2:61:f0:03:
         a2:4e:12:67:cb:a2:b8:ce:c6:7d:43:9a:f8:c2:da:8b:38:eb:
         a5:6b:1c:dd:84:b5:a7:55:53:1e:a3:39:ae:66:19:a4:23:d0:
         1c:92:84:b1:e8:55:9b:29:4b:fc:a7:79:4e:41:39:7a:7f:7e:
         72:c4:46:ab:a3:6d:1c:33:c3:fa:ac:2f:14:70:2d:6b:46:f6:
         53:29:49:56:32:93:1a:30:56:08:9e:8e:83:4c:88:cd:ae:91:
         78:4f:26:68:43:14:98:d8:08:00:9b:22:48:31:4c:eb:ee:1a:
         8e:c3:6b:cf:b3:17:34:44:6f:28:77:5c:0f:ad:f3:18:3e:5e:
         d1:7d:9a:ef:a9:b4:4f:f0:ba:83:44:36:60:af:75:82:63:29:
         e2:ed:3b:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9iWHrJRKLdPe//FA32LxQEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwNTEwMTE1MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTYwNzUyNGI3NWEwYTIzMzc3M2IzYmNiMjRjZmNiZmM5YWRjNDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Nc9efFMjrHajfyFN068XWlgZGpQ
LI6+U4CS5agxSxjThdhLNvon0bJZ9H4O5KXN1il3WFaEAXPvJIUT9eAtVTbb/cof
IpQqPZipQP2JrJA7eBGq5HfBUQimC776ngr4F0079XPwgwpz1m46TGh+H0PxjfpX
KBNyGnruGE1raOKyKH+QzQD+cfGbR+i4qdNp615NeeKArjZ7vBVOQ3zl79HEhBKy
OzVACmRDWe6fXxGzr4+n7rWJ5uYIGY+B8YamRpAw9ZMk23L+rAiJpVeqHL4mg7Kk
0FWpndQ4qPSbbhQDIhlQsfCfXnBbxiq34kGdHZ2WKA2Om2ECE+viZ8yyxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFgdSS3WgojN3OzvLJM/L/JrcQSMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvMFdCMUpMZGFDaU0zYzdPOHNrejh2OG10eEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZRgMA0G
CSqGSIb3DQEBCwUAA4IBAQBk5Z1lwZTpHE16hYOnqFUTEFDFRM6RwK4Nd0IZ1az8
IIbytK2lNp956X0A+nYqGOzTikPnnARpdGn6cx3moG+Dhcwfp3eIAOwNRsVZKfyH
kbmlc4axOX5OsfVE4hvTpHPxjzEjsAu9ztJh8AOiThJny6K4zsZ9Q5r4wtqLOOul
axzdhLWnVVMeozmuZhmkI9AckoSx6FWbKUv8p3lOQTl6f35yxEaro20cM8P6rC8U
cC1rRvZTKUlWMpMaMFYIno6DTIjNrpF4TyZoQxSY2AgAmyJIMUzr7hqOw2vPsxc0
RG8od1wPrfMYPl7RfZrvqbRP8LqDRDZgr3WCYyni7Tvd
-----END CERTIFICATE-----