Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/dsviOlbxpeLdefnstk8tLFxxNmQ.roa
File:                     dsviOlbxpeLdefnstk8tLFxxNmQ.roa (raw, json)
Hash identifier:          35z2jXHg83DJB0wWhuxRfV7BNKqT77uKK3usgGp7ZX8=
Subject key identifier:   76:CB:E2:3A:56:F1:A5:E2:DD:79:F9:EC:B6:4F:2D:2C:5C:71:36:64
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019368EB4D4A44B3340B1A5D53BA2C768876
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/dsviOlbxpeLdefnstk8tLFxxNmQ.roa
Signing time:             Tue 26 Nov 2024 14:41:11 +0000
ROA not before:           Tue 26 Nov 2024 14:41:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        45.152.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:eb:4d:4a:44:b3:34:0b:1a:5d:53:ba:2c:76:88:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 14:41:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76cbe23a56f1a5e2dd79f9ecb64f2d2c5c713664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:58:2e:c6:bd:16:e1:9c:7b:a4:eb:d8:47:a2:
                    a6:ff:51:b4:c6:43:68:fc:00:18:03:fa:c4:80:f0:
                    63:11:8e:be:a1:a8:67:52:31:f4:c9:86:b5:e3:a5:
                    0e:e0:a9:17:8f:ab:2f:f2:b6:73:d3:9e:c3:23:e1:
                    7e:86:2c:85:17:81:0d:e0:37:76:ba:8a:e0:46:1e:
                    0e:b3:f4:29:14:b1:f8:f3:ea:5d:ac:60:57:c9:86:
                    69:e6:b5:4d:d8:8a:b4:84:51:3e:90:ca:48:9d:7f:
                    0c:62:f3:7e:76:f6:ac:2d:cf:78:96:d4:f2:ee:7f:
                    5e:94:fb:44:07:ac:d6:26:ac:f3:06:ba:51:b9:4f:
                    ff:77:79:62:a8:75:df:ff:bc:28:40:23:a1:a3:2f:
                    9c:bd:66:b3:c7:00:a4:0d:9b:00:b6:6f:19:67:48:
                    0d:e9:ff:07:53:88:0c:aa:5a:31:f5:61:a6:20:4c:
                    29:13:d0:48:b1:16:a8:8a:1e:ef:db:fd:44:2b:ae:
                    92:07:eb:5f:5b:c9:15:06:c5:18:7f:b6:48:58:6f:
                    a6:4b:1b:7a:a0:0d:aa:4d:c3:76:52:d1:da:22:67:
                    3d:f9:93:31:fd:e5:29:eb:b9:b5:d4:cc:cc:72:a7:
                    66:48:e9:24:64:0c:e9:70:49:63:f2:29:85:9c:48:
                    e2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:CB:E2:3A:56:F1:A5:E2:DD:79:F9:EC:B6:4F:2D:2C:5C:71:36:64
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/dsviOlbxpeLdefnstk8tLFxxNmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:df:fe:21:c0:35:7d:47:dd:d9:14:03:28:e3:58:15:b6:fc:
         2b:af:8f:12:a1:65:67:a6:e8:bf:e1:23:22:8f:d0:0e:29:7e:
         ce:de:61:0f:7b:23:eb:66:48:84:46:77:23:ef:ff:cc:f0:fb:
         ca:4c:af:ec:ff:f6:02:bc:31:d1:db:b7:45:79:ce:2e:4c:4f:
         72:cc:3a:12:a7:e3:77:ce:83:d1:fd:46:0e:c4:f5:4f:15:98:
         d1:61:0a:3f:ec:d1:45:37:f2:b6:7d:4d:a0:83:da:2e:4c:f6:
         70:90:81:07:a7:e8:6d:53:d0:bb:da:79:da:d3:27:b2:69:cf:
         a0:23:d8:93:0d:f3:63:90:e1:7a:dc:6b:2b:d5:96:ae:59:74:
         78:c4:7e:18:ce:b8:a1:b2:6f:29:30:3f:fd:3b:ac:b2:73:e3:
         8a:00:b9:49:0e:a8:06:2c:89:7e:87:f3:c8:a0:f6:fe:e9:e8:
         6d:8c:fb:b6:23:15:3a:41:9a:78:c8:56:43:c9:7d:7e:27:5f:
         8d:7e:2f:eb:e8:99:f4:98:bb:9d:db:ae:bb:11:50:a6:18:14:
         2e:33:8d:09:4b:54:d9:9b:4a:f0:4b:06:f1:25:12:17:73:a0:
         08:30:8e:75:de:0b:5f:39:57:5b:b7:26:a3:dc:d3:0f:88:15:
         47:1e:19:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNo601KRLM0CxpdU7osdoh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTQ0MTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmNiZTIzYTU2ZjFhNWUyZGQ3OWY5ZWNiNjRmMmQyYzVjNzEzNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFguxr0W4Zx7pOvYR6Km/1G0xkNo
/AAYA/rEgPBjEY6+oahnUjH0yYa146UO4KkXj6sv8rZz057DI+F+hiyFF4EN4Dd2
uorgRh4Os/QpFLH48+pdrGBXyYZp5rVN2Iq0hFE+kMpInX8MYvN+dvasLc94ltTy
7n9elPtEB6zWJqzzBrpRuU//d3liqHXf/7woQCOhoy+cvWazxwCkDZsAtm8ZZ0gN
6f8HU4gMqlox9WGmIEwpE9BIsRaoih7v2/1EK66SB+tfW8kVBsUYf7ZIWG+mSxt6
oA2qTcN2UtHaImc9+ZMx/eUp67m11MzMcqdmSOkkZAzpcElj8imFnEjiMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbL4jpW8aXi3Xn57LZPLSxccTZkMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvZHN2aU9sYnhwZUxkZWZuc3RrOHRMRnh4Tm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZiwMA0G
CSqGSIb3DQEBCwUAA4IBAQAj3/4hwDV9R93ZFAMo41gVtvwrr48SoWVnpui/4SMi
j9AOKX7O3mEPeyPrZkiERncj7//M8PvKTK/s//YCvDHR27dFec4uTE9yzDoSp+N3
zoPR/UYOxPVPFZjRYQo/7NFFN/K2fU2gg9ouTPZwkIEHp+htU9C72nna0yeyac+g
I9iTDfNjkOF63Gsr1ZauWXR4xH4Yzrihsm8pMD/9O6yyc+OKALlJDqgGLIl+h/PI
oPb+6ehtjPu2IxU6QZp4yFZDyX1+J1+Nfi/r6Jn0mLud2667EVCmGBQuM40JS1TZ
m0rwSwbxJRIXc6AIMI513gtfOVdbtyaj3NMPiBVHHhnk
-----END CERTIFICATE-----