Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/KLw7GEcHnJw04IejupOmku8Ionw.roa
File:                     KLw7GEcHnJw04IejupOmku8Ionw.roa (raw, json)
Hash identifier:          JeaFutcfFciGcdA5U+OmxEUDfwc5mpQN0nZp5vuHIlY=
Subject key identifier:   28:BC:3B:18:47:07:9C:9C:34:E0:87:A3:BA:93:A6:92:EF:08:A2:7C
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       018CC56E64DA1C37B18391E0756B8F2A2C53
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/KLw7GEcHnJw04IejupOmku8Ionw.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216246
IP address blocks:        45.15.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:64:da:1c:37:b1:83:91:e0:75:6b:8f:2a:2c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28bc3b1847079c9c34e087a3ba93a692ef08a27c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a8:a7:3d:d8:59:11:a7:a1:87:ff:1b:a4:29:
                    a2:83:fd:25:54:1d:02:bc:6e:54:33:11:d2:7b:68:
                    9d:ce:3a:3b:05:32:9e:5b:0f:2a:84:52:62:91:0b:
                    8c:0f:ae:5a:2d:99:82:5d:39:6c:c5:9c:85:84:06:
                    93:a6:83:74:14:09:46:a7:07:c2:3f:d3:7f:73:f4:
                    63:c6:99:57:e7:cc:cf:72:75:a6:a9:c4:c8:45:2d:
                    ff:fc:c9:77:8a:98:9b:da:a6:3c:c1:46:03:be:17:
                    4b:96:c0:27:ae:2e:31:df:0d:1f:db:89:9a:a3:11:
                    a2:7e:20:65:fa:d0:3c:91:a1:62:33:70:78:d6:cb:
                    75:c5:45:ab:97:cb:5e:97:39:18:65:58:60:a3:7f:
                    40:44:b6:a5:54:0b:d0:57:e7:db:df:c3:bc:23:c3:
                    f7:48:33:f2:6b:a7:39:bc:d4:ef:f9:90:0f:81:18:
                    ab:41:e2:17:03:e2:81:e2:4b:4e:c5:93:99:fb:d0:
                    db:8f:62:02:50:a9:ee:e8:83:9c:fc:09:f8:ea:1a:
                    90:62:29:d3:f4:06:09:7f:f3:4e:7a:8e:3b:db:f7:
                    c4:4e:be:02:f3:a7:bf:ee:41:d2:83:25:ce:b2:68:
                    c5:96:26:8e:56:50:7f:3f:c3:26:a8:8b:9e:21:16:
                    0e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BC:3B:18:47:07:9C:9C:34:E0:87:A3:BA:93:A6:92:EF:08:A2:7C
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/KLw7GEcHnJw04IejupOmku8Ionw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:66:75:b9:27:9c:8e:e4:8c:87:39:4e:01:db:4a:40:0f:de:
         24:fc:e3:8a:b3:21:21:a0:57:33:d1:2e:6a:19:a5:58:94:1e:
         8b:c0:c4:dd:7d:ad:2e:21:19:24:12:73:13:28:95:b9:44:35:
         c6:7e:06:59:c9:f4:2d:d4:a7:0b:20:26:63:48:b0:80:30:a3:
         ae:1b:6a:24:39:78:bc:3c:11:22:18:a1:a0:ac:47:81:73:9b:
         6b:38:80:9a:0d:92:c4:85:03:94:83:43:fe:79:ad:cc:71:e7:
         f3:03:72:ab:12:60:8f:f1:b7:0b:d5:02:cb:92:91:b7:56:32:
         34:4c:f0:61:c6:ce:d9:e7:20:21:19:bc:54:ab:ee:f8:8f:0d:
         71:fe:94:ba:4b:8a:bd:6b:33:68:54:92:d7:c2:b9:9f:87:58:
         05:55:04:f0:76:1d:84:e7:bc:56:71:05:3e:3b:64:48:35:29:
         1e:67:d1:b8:ab:5d:31:5e:7c:9e:c2:eb:c9:5a:20:13:40:60:
         81:e7:98:48:e1:89:4d:34:4f:04:be:67:ae:8a:1f:a8:be:68:
         ee:0c:0b:dc:e7:c1:4f:7d:f6:f7:09:77:93:21:83:62:23:d7:
         86:7e:93:51:ce:f8:ba:41:0d:6f:9e:ed:68:ea:f6:60:3f:a3:
         17:e0:61:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmTaHDexg5HgdWuPKixTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJjM2IxODQ3MDc5YzljMzRlMDg3YTNiYTkzYTY5MmVmMDhhMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuainPdhZEaehh/8bpCmig/0lVB0C
vG5UMxHSe2idzjo7BTKeWw8qhFJikQuMD65aLZmCXTlsxZyFhAaTpoN0FAlGpwfC
P9N/c/RjxplX58zPcnWmqcTIRS3//Ml3ipib2qY8wUYDvhdLlsAnri4x3w0f24ma
oxGifiBl+tA8kaFiM3B41st1xUWrl8telzkYZVhgo39ARLalVAvQV+fb38O8I8P3
SDPya6c5vNTv+ZAPgRirQeIXA+KB4ktOxZOZ+9Dbj2ICUKnu6IOc/An46hqQYinT
9AYJf/NOeo472/fETr4C86e/7kHSgyXOsmjFliaOVlB/P8MmqIueIRYO3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCi8OxhHB5ycNOCHo7qTppLvCKJ8MB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvS0x3N0dFY0huSncwNEllanVwT21rdThJb253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ+eMA0G
CSqGSIb3DQEBCwUAA4IBAQBoZnW5J5yO5IyHOU4B20pAD94k/OOKsyEhoFcz0S5q
GaVYlB6LwMTdfa0uIRkkEnMTKJW5RDXGfgZZyfQt1KcLICZjSLCAMKOuG2okOXi8
PBEiGKGgrEeBc5trOICaDZLEhQOUg0P+ea3McefzA3KrEmCP8bcL1QLLkpG3VjI0
TPBhxs7Z5yAhGbxUq+74jw1x/pS6S4q9azNoVJLXwrmfh1gFVQTwdh2E57xWcQU+
O2RINSkeZ9G4q10xXnyewuvJWiATQGCB55hI4YlNNE8Evmeuih+ovmjuDAvc58FP
ffb3CXeTIYNiI9eGfpNRzvi6QQ1vnu1o6vZgP6MX4GHU
-----END CERTIFICATE-----