Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/0fXAfiDiimY4sxxoLNAc8hoKGQ0.roa
File:                     0fXAfiDiimY4sxxoLNAc8hoKGQ0.roa (raw, json)
Hash identifier:          K63qJHPsG3/UbhEX9+BEWEQmi+gemIWIVmWRP2FR7sk=
Subject key identifier:   D1:F5:C0:7E:20:E2:8A:66:38:B3:1C:68:2C:D0:1C:F2:1A:0A:19:0D
Certificate issuer:       /CN=a1d0315373b09b061aa59f129d592eabf7b3aaef
Certificate serial:       018CC94AC754CEEA3CBF16A47076C9881BE5
Authority key identifier: A1:D0:31:53:73:B0:9B:06:1A:A5:9F:12:9D:59:2E:AB:F7:B3:AA:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/0fXAfiDiimY4sxxoLNAc8hoKGQ0.roa
Signing time:             Tue 02 Jan 2024 08:29:30 +0000
ROA not before:           Tue 02 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136778
IP address blocks:        45.157.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c7:54:ce:ea:3c:bf:16:a4:70:76:c9:88:1b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d0315373b09b061aa59f129d592eabf7b3aaef
        Validity
            Not Before: Jan  2 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1f5c07e20e28a6638b31c682cd01cf21a0a190d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ce:83:65:99:81:08:5f:4e:60:bd:a4:89:d2:
                    c1:90:69:f9:fb:d1:2e:2b:00:01:43:2a:3d:c7:e3:
                    b1:a5:fe:f7:be:79:72:41:16:67:6f:d8:b8:59:c2:
                    07:77:4a:51:22:67:c4:7d:39:dd:34:4e:6d:39:45:
                    2d:d3:d4:f4:88:4e:97:18:d3:da:2d:bd:20:d8:13:
                    ad:c5:f6:87:6c:da:77:2d:bd:1b:d4:e9:b5:3a:9d:
                    61:cb:38:4c:3b:8f:98:67:31:94:3e:66:be:86:9f:
                    5a:98:3f:43:00:00:ae:04:ef:5c:79:af:7d:50:67:
                    dd:b6:b3:83:16:3c:83:c4:4c:91:d7:f9:13:80:e0:
                    8a:28:67:e8:1f:ac:16:44:c7:ed:15:c8:33:0c:a0:
                    ba:ea:f3:f3:f7:9e:9a:8e:06:58:de:c7:00:11:91:
                    c6:11:71:9b:11:74:57:8e:81:1d:04:96:09:70:d4:
                    07:39:2e:e6:d7:3d:9c:d4:45:cd:59:50:07:58:61:
                    5f:05:ad:ad:62:e2:42:8b:f9:45:f2:1e:b9:1e:1b:
                    74:a0:0b:ad:47:7c:f5:f5:80:bf:e8:98:35:b2:7b:
                    9d:e2:ed:1b:0c:93:99:98:80:d8:ea:fe:0f:25:dc:
                    b6:50:65:f4:17:5e:05:ac:ad:19:19:13:0f:66:b5:
                    7a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F5:C0:7E:20:E2:8A:66:38:B3:1C:68:2C:D0:1C:F2:1A:0A:19:0D
            X509v3 Authority Key Identifier:
                keyid:A1:D0:31:53:73:B0:9B:06:1A:A5:9F:12:9D:59:2E:AB:F7:B3:AA:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/0fXAfiDiimY4sxxoLNAc8hoKGQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:59:63:30:a6:89:8e:e4:fa:33:2b:6e:0f:03:16:e0:58:58:
         c0:ee:45:1f:f7:70:3a:4b:15:8a:85:bb:83:2b:15:8b:84:25:
         d5:4f:a1:69:8d:f4:5c:e1:c1:a5:a7:ad:f1:01:7f:90:64:cc:
         f9:58:96:7d:49:01:33:9e:c1:3b:f2:1b:fe:6b:47:76:80:66:
         8d:0e:0b:f6:73:03:33:37:b4:35:30:b7:29:37:97:6d:08:3e:
         73:db:c2:24:4e:a7:5c:64:b2:be:cf:b4:bb:6d:4a:cd:0a:fa:
         61:41:ea:a0:11:42:3e:75:05:11:df:aa:72:19:3b:26:f1:b7:
         8b:bc:a2:8e:b7:3f:5c:67:a1:a4:04:e0:71:95:4b:ee:01:75:
         77:8a:92:1b:33:cf:a4:73:68:69:fa:55:af:1e:19:90:99:94:
         88:06:da:0f:1f:55:63:5b:10:73:a0:f6:61:6f:d7:6c:99:2d:
         8d:99:23:71:5b:fa:0f:70:da:95:b7:95:fe:53:00:fc:24:31:
         00:74:9c:96:95:4d:c6:be:06:4a:1e:bd:69:25:e9:14:d6:07:
         b3:d8:e0:92:8f:9a:f2:29:84:ce:9d:1f:de:0b:d2:b8:4c:52:
         8a:b9:f4:11:ea:14:57:31:ec:09:84:21:b8:08:83:a5:bc:4d:
         10:0e:3c:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsdUzuo8vxakcHbJiBvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDAzMTUzNzNiMDliMDYxYWE1OWYxMjlkNTkyZWFiZjdi
M2FhZWYwHhcNMjQwMTAyMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY1YzA3ZTIwZTI4YTY2MzhiMzFjNjgyY2QwMWNmMjFhMGExOTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoc6DZZmBCF9OYL2kidLBkGn5+9Eu
KwABQyo9x+Oxpf73vnlyQRZnb9i4WcIHd0pRImfEfTndNE5tOUUt09T0iE6XGNPa
Lb0g2BOtxfaHbNp3Lb0b1Om1Op1hyzhMO4+YZzGUPma+hp9amD9DAACuBO9cea99
UGfdtrODFjyDxEyR1/kTgOCKKGfoH6wWRMftFcgzDKC66vPz956ajgZY3scAEZHG
EXGbEXRXjoEdBJYJcNQHOS7m1z2c1EXNWVAHWGFfBa2tYuJCi/lF8h65Hht0oAut
R3z19YC/6Jg1snud4u0bDJOZmIDY6v4PJdy2UGX0F14FrK0ZGRMPZrV6iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNH1wH4g4opmOLMcaCzQHPIaChkNMB8GA1UdIwQY
MBaAFKHQMVNzsJsGGqWfEp1ZLqv3s6rvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RBeFUzT3dtd1lhcFo4U25Wa3VxX2V6cXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xYmNiMmQtZjU4Yi00ZTQ0LWIxMzMt
ZGZjYmRmM2IxMDU4LzEvMGZYQWZpRGlpbVk0c3h4b0xOQWM4aG9LR1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xYmNiMmQtZjU4Yi00ZTQ0LWIxMzMtZGZjYmRmM2IxMDU4
LzEvb2RBeFUzT3dtd1lhcFo4U25Wa3VxX2V6cXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ1EMA0G
CSqGSIb3DQEBCwUAA4IBAQCJWWMwpomO5PozK24PAxbgWFjA7kUf93A6SxWKhbuD
KxWLhCXVT6FpjfRc4cGlp63xAX+QZMz5WJZ9SQEznsE78hv+a0d2gGaNDgv2cwMz
N7Q1MLcpN5dtCD5z28IkTqdcZLK+z7S7bUrNCvphQeqgEUI+dQUR36pyGTsm8beL
vKKOtz9cZ6GkBOBxlUvuAXV3ipIbM8+kc2hp+lWvHhmQmZSIBtoPH1VjWxBzoPZh
b9dsmS2NmSNxW/oPcNqVt5X+UwD8JDEAdJyWlU3GvgZKHr1pJekU1gez2OCSj5ry
KYTOnR/eC9K4TFKKufQR6hRXMewJhCG4CIOlvE0QDjxt
-----END CERTIFICATE-----