Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/wXgCWNsdt3X6qDiXUhqDrLTeeGY.roa
File:                     wXgCWNsdt3X6qDiXUhqDrLTeeGY.roa (raw, json)
Hash identifier:          PFwW+u5c1T8MOvlXecF10OIC2HTBFiiwRtz9DOAcb2U=
Subject key identifier:   C1:78:02:58:DB:1D:B7:75:FA:A8:38:97:52:1A:83:AC:B4:DE:78:66
Certificate issuer:       /CN=a4c7bfe415604f6136ceaa216356495bf6d5cc41
Certificate serial:       018CC26D5304CDC4B37269C9E0451654B375
Authority key identifier: A4:C7:BF:E4:15:60:4F:61:36:CE:AA:21:63:56:49:5B:F6:D5:CC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMe_5BVgT2E2zqohY1ZJW_bVzEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/wXgCWNsdt3X6qDiXUhqDrLTeeGY.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208230
IP address blocks:        45.152.111.0/24 maxlen: 24
                          45.152.110.0/24 maxlen: 24
                          45.152.109.0/24 maxlen: 24
                          45.152.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/pMe_5BVgT2E2zqohY1ZJW_bVzEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/pMe_5BVgT2E2zqohY1ZJW_bVzEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMe_5BVgT2E2zqohY1ZJW_bVzEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:53:04:cd:c4:b3:72:69:c9:e0:45:16:54:b3:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4c7bfe415604f6136ceaa216356495bf6d5cc41
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1780258db1db775faa83897521a83acb4de7866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bc:53:ff:8a:29:af:d6:b2:27:75:2e:4a:94:
                    19:22:3e:8c:b7:dc:7b:59:72:88:93:4b:83:14:72:
                    85:86:83:f3:d5:55:66:ca:85:8b:4d:0e:cc:a3:1d:
                    2e:63:cf:cc:56:8e:7a:bf:ed:e3:b2:da:34:d3:5e:
                    d7:0f:b9:23:bd:fe:11:cb:93:20:e3:05:f3:99:81:
                    d0:46:f9:28:f4:a2:9b:68:41:d3:b4:71:04:bb:7a:
                    11:60:e7:f0:a0:e1:27:01:62:60:91:4c:cf:f6:c1:
                    97:be:57:2a:07:df:c6:49:4d:1e:ff:78:d4:12:0d:
                    fc:57:50:5e:e1:b9:aa:e9:1e:10:0e:f9:49:b1:ca:
                    59:3b:74:d3:79:c7:6e:4b:18:f4:e0:19:fc:c2:93:
                    6f:44:66:37:b5:0e:79:1c:49:31:de:c3:38:f5:12:
                    08:61:ca:13:39:36:68:e9:ee:bf:57:bf:99:e7:5b:
                    06:d3:ef:3e:9d:28:4b:f1:36:b4:72:f8:88:af:04:
                    6f:0f:6e:c4:6d:74:3e:90:b5:0d:30:e4:e0:3f:28:
                    b9:f0:ff:37:fd:bc:d0:45:c9:88:21:e9:61:ec:46:
                    24:8e:92:a5:0b:1e:0a:cb:d3:9d:8f:d6:e4:6d:e6:
                    2d:4d:98:58:a1:46:72:40:e2:c9:11:69:f9:46:98:
                    c0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:78:02:58:DB:1D:B7:75:FA:A8:38:97:52:1A:83:AC:B4:DE:78:66
            X509v3 Authority Key Identifier:
                keyid:A4:C7:BF:E4:15:60:4F:61:36:CE:AA:21:63:56:49:5B:F6:D5:CC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMe_5BVgT2E2zqohY1ZJW_bVzEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/wXgCWNsdt3X6qDiXUhqDrLTeeGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/pMe_5BVgT2E2zqohY1ZJW_bVzEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:1c:25:07:ba:36:45:2c:99:06:5b:56:36:55:04:14:1a:b1:
         df:f2:25:f3:71:7e:6b:ad:57:20:b8:17:e6:35:d2:4f:5c:a4:
         14:63:12:a0:98:dd:da:ce:1b:66:64:50:d0:03:8b:a7:4a:d7:
         fb:7e:b6:b1:45:31:e7:67:95:18:61:13:bd:70:e6:e6:a2:8a:
         d4:fd:2d:1e:90:e3:11:f3:bb:b8:f8:0b:0d:fa:28:4a:08:09:
         a1:e8:cd:2c:36:6d:92:41:81:25:7e:f5:05:90:71:85:51:83:
         fb:d9:7b:2d:c7:a8:1a:39:32:8a:1b:96:31:9c:dd:5e:f7:24:
         62:cf:77:c3:e7:aa:6a:b4:15:4c:3a:78:6e:be:b4:4a:37:4d:
         8a:29:2d:cc:34:18:e5:14:3e:76:f6:5e:e4:18:34:9f:80:14:
         e2:e2:ef:db:f3:17:bf:ad:72:4c:42:cb:1f:3e:99:32:4f:3d:
         2a:d2:94:9e:c0:e8:95:85:4d:3b:ea:37:76:61:35:e5:48:0e:
         b7:a0:48:3e:b4:2a:b1:8a:f0:0c:07:18:0d:06:c5:27:0c:7e:
         2b:0e:8d:e4:c0:6b:55:47:08:99:d9:fb:24:82:5d:67:f6:af:
         2f:59:b3:29:a0:c3:a6:7c:16:5d:26:0e:a9:5b:78:4b:66:87:
         d6:6d:c2:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVMEzcSzcmnJ4EUWVLN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YzdiZmU0MTU2MDRmNjEzNmNlYWEyMTYzNTY0OTViZjZk
NWNjNDEwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTc4MDI1OGRiMWRiNzc1ZmFhODM4OTc1MjFhODNhY2I0ZGU3ODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrxT/4opr9ayJ3UuSpQZIj6Mt9x7
WXKIk0uDFHKFhoPz1VVmyoWLTQ7Mox0uY8/MVo56v+3jsto0017XD7kjvf4Ry5Mg
4wXzmYHQRvko9KKbaEHTtHEEu3oRYOfwoOEnAWJgkUzP9sGXvlcqB9/GSU0e/3jU
Eg38V1Be4bmq6R4QDvlJscpZO3TTecduSxj04Bn8wpNvRGY3tQ55HEkx3sM49RII
YcoTOTZo6e6/V7+Z51sG0+8+nShL8Ta0cviIrwRvD27EbXQ+kLUNMOTgPyi58P83
/bzQRcmIIelh7EYkjpKlCx4Ky9Odj9bkbeYtTZhYoUZyQOLJEWn5RpjAHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMF4AljbHbd1+qg4l1Iag6y03nhmMB8GA1UdIwQY
MBaAFKTHv+QVYE9hNs6qIWNWSVv21cxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE1lXzVCVmdUMkUyenFvaFkxWkpXX2JWekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8wN2NkNGQtN2QzNS00NGUxLWFiYTMt
YzliMjIwYTRkNmYwLzEvd1hnQ1dOc2R0M1g2cURpWFVocURyTFRlZUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8wN2NkNGQtN2QzNS00NGUxLWFiYTMtYzliMjIwYTRkNmYw
LzEvcE1lXzVCVmdUMkUyenFvaFkxWkpXX2JWekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZhsMA0G
CSqGSIb3DQEBCwUAA4IBAQAoHCUHujZFLJkGW1Y2VQQUGrHf8iXzcX5rrVcguBfm
NdJPXKQUYxKgmN3azhtmZFDQA4unStf7fraxRTHnZ5UYYRO9cObmoorU/S0ekOMR
87u4+AsN+ihKCAmh6M0sNm2SQYElfvUFkHGFUYP72Xstx6gaOTKKG5YxnN1e9yRi
z3fD56pqtBVMOnhuvrRKN02KKS3MNBjlFD529l7kGDSfgBTi4u/b8xe/rXJMQssf
PpkyTz0q0pSewOiVhU076jd2YTXlSA63oEg+tCqxivAMBxgNBsUnDH4rDo3kwGtV
RwiZ2fskgl1n9q8vWbMpoMOmfBZdJg6pW3hLZofWbcJB
-----END CERTIFICATE-----