Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/sy536VbLnxX87GfzBtEo2g0KGNg.roa
File:                     sy536VbLnxX87GfzBtEo2g0KGNg.roa (raw, json)
Hash identifier:          1PoxSu3EuBfUIU80w4yp7RHQ/di6QHTRjIEbBwADraA=
Subject key identifier:   B3:2E:77:E9:56:CB:9F:15:FC:EC:67:F3:06:D1:28:DA:0D:0A:18:D8
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       018CD945A10A35D9814009D7C73B2793A586
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/sy536VbLnxX87GfzBtEo2g0KGNg.roa
Signing time:             Fri 05 Jan 2024 10:57:48 +0000
ROA not before:           Fri 05 Jan 2024 10:57:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.158.127.0/24 maxlen: 24
                          45.158.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:45:a1:0a:35:d9:81:40:09:d7:c7:3b:27:93:a5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Jan  5 10:57:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b32e77e956cb9f15fcec67f306d128da0d0a18d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b9:c2:37:46:f3:ef:7f:d7:db:96:60:d9:e1:
                    b1:58:49:5f:dd:2a:ca:0d:80:b8:04:9d:16:1a:b3:
                    ae:84:b5:71:39:30:6a:4f:cb:b7:f0:ef:04:2d:33:
                    92:a8:ed:06:5e:19:71:ac:05:22:b2:0e:69:03:80:
                    9d:05:1b:61:fd:8b:a0:3f:18:3e:38:02:60:f6:e5:
                    fd:aa:17:81:f5:ad:06:e3:5e:d0:f8:2b:dd:b4:32:
                    f4:a0:84:62:c1:70:73:31:22:64:28:39:83:73:a0:
                    1c:6b:bb:4f:fc:c0:f8:72:a7:31:53:ab:4d:aa:9c:
                    01:8d:47:2a:ed:a9:42:c2:5b:6c:43:e7:40:b7:06:
                    c9:29:90:f5:3c:6b:d2:f2:71:57:64:4d:26:c4:d9:
                    c5:a5:c1:7a:65:61:8e:e8:b1:94:4a:64:c9:84:73:
                    72:be:64:87:04:a0:97:61:f0:81:f0:44:02:7f:87:
                    f8:11:f0:15:62:d3:5f:3e:06:46:93:d5:69:1b:95:
                    c5:84:35:40:ea:1a:3c:52:21:b0:2a:cf:54:9e:c7:
                    3a:76:2d:94:74:23:9f:1a:67:36:a9:ff:6b:db:4e:
                    c5:e0:2f:2a:cd:08:8b:6f:5c:ab:71:11:3b:38:d7:
                    82:87:af:e2:61:4a:67:4c:ad:b6:20:88:ad:85:d0:
                    31:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:2E:77:E9:56:CB:9F:15:FC:EC:67:F3:06:D1:28:DA:0D:0A:18:D8
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/sy536VbLnxX87GfzBtEo2g0KGNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:40:ad:d0:0c:19:08:76:a4:a6:ba:ca:84:f2:91:20:a1:2b:
         63:53:8f:c1:7d:7b:23:9c:e5:c2:b3:07:34:2f:24:3d:d7:b0:
         f3:8e:51:50:6b:54:f6:7d:a3:81:c6:33:f2:72:23:8a:59:99:
         ae:4f:ab:75:e9:6e:31:2d:9b:70:5e:1e:64:d9:d1:b8:de:91:
         b3:ff:1b:44:51:1f:e2:d1:92:6b:96:13:96:32:ed:42:1a:cd:
         ce:4d:26:64:bf:fe:7a:c3:cf:1a:c3:ff:5e:9c:26:0f:22:1d:
         50:35:93:ec:fd:46:bd:29:62:3c:c5:82:85:c5:bd:d8:8d:22:
         5b:a1:25:4a:7e:fd:fd:24:60:65:29:8a:2b:96:dc:01:97:9b:
         3d:4c:f0:10:ca:c8:ac:ef:3a:e5:c5:25:9e:90:50:bf:a1:76:
         49:ce:f3:b4:f2:05:38:1f:5d:29:82:75:16:d1:70:62:be:c8:
         27:e1:9c:fc:d0:bb:e6:18:89:36:df:b6:10:04:be:f6:e2:12:
         bd:fb:d0:7c:e2:0f:e4:41:fc:56:db:66:ae:ce:43:1d:77:02:
         8b:7d:fa:26:87:17:9e:e6:39:23:4c:6c:a9:61:41:fd:5c:42:
         cc:34:d2:ca:04:c9:28:bf:da:82:2a:5a:0f:a9:29:23:c5:ee:
         af:7f:37:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzZRaEKNdmBQAnXxzsnk6WGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjQwMTA1MTA1NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzJlNzdlOTU2Y2I5ZjE1ZmNlYzY3ZjMwNmQxMjhkYTBkMGExOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLnCN0bz73/X25Zg2eGxWElf3SrK
DYC4BJ0WGrOuhLVxOTBqT8u38O8ELTOSqO0GXhlxrAUisg5pA4CdBRth/YugPxg+
OAJg9uX9qheB9a0G417Q+CvdtDL0oIRiwXBzMSJkKDmDc6Aca7tP/MD4cqcxU6tN
qpwBjUcq7alCwltsQ+dAtwbJKZD1PGvS8nFXZE0mxNnFpcF6ZWGO6LGUSmTJhHNy
vmSHBKCXYfCB8EQCf4f4EfAVYtNfPgZGk9VpG5XFhDVA6ho8UiGwKs9Unsc6di2U
dCOfGmc2qf9r207F4C8qzQiLb1yrcRE7ONeCh6/iYUpnTK22IIithdAxGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMud+lWy58V/Oxn8wbRKNoNChjYMB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvc3k1MzZWYkxueFg4N0dmekJ0RW8yZzBLR05nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ5+MA0G
CSqGSIb3DQEBCwUAA4IBAQCEQK3QDBkIdqSmusqE8pEgoStjU4/BfXsjnOXCswc0
LyQ917DzjlFQa1T2faOBxjPyciOKWZmuT6t16W4xLZtwXh5k2dG43pGz/xtEUR/i
0ZJrlhOWMu1CGs3OTSZkv/56w88aw/9enCYPIh1QNZPs/Ua9KWI8xYKFxb3YjSJb
oSVKfv39JGBlKYorltwBl5s9TPAQysis7zrlxSWekFC/oXZJzvO08gU4H10pgnUW
0XBivsgn4Zz80LvmGIk237YQBL724hK9+9B84g/kQfxW22auzkMddwKLffomhxee
5jkjTGypYUH9XELMNNLKBMkov9qCKloPqSkjxe6vfzcR
-----END CERTIFICATE-----