Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/Olshw3Vzn2gGc7qtkq9-W3AN0QE.roa
File:                     Olshw3Vzn2gGc7qtkq9-W3AN0QE.roa (raw, json)
Hash identifier:          udwO1hSK+9vBo2Q4G+ImGz7YyfCEnc+Ijuq4m0cmAKo=
Subject key identifier:   3A:5B:21:C3:75:73:9F:68:06:73:BA:AD:92:AF:7E:5B:70:0D:D1:01
Certificate issuer:       /CN=a1d0315373b09b061aa59f129d592eabf7b3aaef
Certificate serial:       0191B0DF7E74CDE8D4A1CA2644FC10E717A1
Authority key identifier: A1:D0:31:53:73:B0:9B:06:1A:A5:9F:12:9D:59:2E:AB:F7:B3:AA:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/Olshw3Vzn2gGc7qtkq9-W3AN0QE.roa
Signing time:             Mon 02 Sep 2024 03:55:22 +0000
ROA not before:           Mon 02 Sep 2024 03:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54467
IP address blocks:        45.157.70.0/24 maxlen: 24
                          45.157.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b0:df:7e:74:cd:e8:d4:a1:ca:26:44:fc:10:e7:17:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d0315373b09b061aa59f129d592eabf7b3aaef
        Validity
            Not Before: Sep  2 03:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a5b21c375739f680673baad92af7e5b700dd101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:6c:7d:80:f7:c7:22:32:e5:b6:84:7b:78:4e:
                    08:fc:a4:ac:1b:a7:e9:63:b5:41:0d:d9:11:ab:ba:
                    68:df:01:79:82:3b:6f:93:6d:cf:eb:7a:95:84:8f:
                    cd:91:ec:b4:63:bb:b7:f7:96:35:9c:cc:39:87:26:
                    e8:a5:b6:77:6a:3a:09:42:91:09:b6:54:92:93:ed:
                    e5:df:3d:15:94:17:22:e0:c5:eb:8e:00:13:25:90:
                    e8:ac:09:82:26:f9:b4:8c:5e:42:aa:23:97:5a:09:
                    87:5f:35:00:24:63:fd:f0:b6:14:25:20:c5:a3:9a:
                    eb:0f:a3:93:c7:70:60:68:f1:cb:d9:fb:06:af:d7:
                    6d:db:60:b7:4f:36:9d:65:64:80:dc:8d:43:5c:91:
                    01:54:04:a5:fd:2f:25:99:fd:cb:26:8b:5c:f9:fb:
                    4f:2e:80:6e:a8:cd:af:58:e0:63:98:64:ee:7c:f3:
                    7b:92:01:33:a4:aa:dd:64:8e:bf:fd:68:d8:e0:b8:
                    c5:59:74:17:f0:78:bd:7c:fc:4c:94:9b:58:d8:95:
                    6d:8f:ee:5d:fe:53:95:54:c5:4f:90:9b:25:4d:3b:
                    24:1c:e1:eb:b0:e0:4a:ff:bb:db:26:5d:13:7f:14:
                    49:ab:dd:08:35:55:8b:b5:50:59:4c:82:ef:fc:59:
                    de:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:5B:21:C3:75:73:9F:68:06:73:BA:AD:92:AF:7E:5B:70:0D:D1:01
            X509v3 Authority Key Identifier:
                keyid:A1:D0:31:53:73:B0:9B:06:1A:A5:9F:12:9D:59:2E:AB:F7:B3:AA:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/Olshw3Vzn2gGc7qtkq9-W3AN0QE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         f1:1e:10:6e:26:11:13:71:d9:7c:9c:49:d7:66:f7:e7:b2:e8:
         0d:b4:08:3b:8e:9d:65:b7:d5:dc:f4:dc:f0:2e:7c:b4:bf:7c:
         fb:27:e6:6e:c4:5f:58:20:6e:91:be:01:c4:8e:13:7b:52:6e:
         a4:77:72:be:e3:3d:e8:a6:8f:c2:a5:7f:53:a7:2a:6b:3a:44:
         3e:ae:ad:96:5e:9f:59:bf:25:b0:33:0d:05:e8:6b:3f:37:33:
         62:d2:37:3f:2b:fc:9b:17:ce:f6:b7:34:e5:13:83:c3:f5:45:
         56:e3:f8:f6:8a:bd:72:ca:2d:55:e9:d9:cb:7f:67:dc:cd:67:
         25:42:37:2f:ff:88:2f:6d:6d:3e:2e:eb:7a:f9:71:bf:4e:f1:
         fe:f9:bf:57:7c:0b:34:96:1f:ff:d7:d6:da:8c:41:27:35:8e:
         8b:f3:15:74:3c:21:1a:14:2a:f7:fd:4c:0e:d4:5c:c3:02:2a:
         66:21:02:de:75:8c:e7:ef:f0:fe:96:cf:e4:90:25:28:4a:ca:
         55:f9:52:12:11:09:12:a2:96:16:5d:79:8a:46:ec:d6:e3:bc:
         24:27:6c:1a:d5:60:d1:74:13:53:f2:db:70:8b:13:1d:7c:49:
         a9:b4:1d:1d:ec:10:a2:17:21:04:99:e4:d5:9c:ac:b4:52:43:
         d3:60:b8:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGw3350zejUocomRPwQ5xehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDAzMTUzNzNiMDliMDYxYWE1OWYxMjlkNTkyZWFiZjdi
M2FhZWYwHhcNMjQwOTAyMDM1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTViMjFjMzc1NzM5ZjY4MDY3M2JhYWQ5MmFmN2U1YjcwMGRkMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mx9gPfHIjLltoR7eE4I/KSsG6fp
Y7VBDdkRq7po3wF5gjtvk23P63qVhI/Nkey0Y7u395Y1nMw5hybopbZ3ajoJQpEJ
tlSSk+3l3z0VlBci4MXrjgATJZDorAmCJvm0jF5CqiOXWgmHXzUAJGP98LYUJSDF
o5rrD6OTx3BgaPHL2fsGr9dt22C3TzadZWSA3I1DXJEBVASl/S8lmf3LJotc+ftP
LoBuqM2vWOBjmGTufPN7kgEzpKrdZI6//WjY4LjFWXQX8Hi9fPxMlJtY2JVtj+5d
/lOVVMVPkJslTTskHOHrsOBK/7vbJl0TfxRJq90INVWLtVBZTILv/FnegwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpbIcN1c59oBnO6rZKvfltwDdEBMB8GA1UdIwQY
MBaAFKHQMVNzsJsGGqWfEp1ZLqv3s6rvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RBeFUzT3dtd1lhcFo4U25Wa3VxX2V6cXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xYmNiMmQtZjU4Yi00ZTQ0LWIxMzMt
ZGZjYmRmM2IxMDU4LzEvT2xzaHczVnpuMmdHYzdxdGtxOS1XM0FOMFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xYmNiMmQtZjU4Yi00ZTQ0LWIxMzMtZGZjYmRmM2IxMDU4
LzEvb2RBeFUzT3dtd1lhcFo4U25Wa3VxX2V6cXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ1GMA0G
CSqGSIb3DQEBCwUAA4IBAQDxHhBuJhETcdl8nEnXZvfnsugNtAg7jp1lt9Xc9Nzw
Lny0v3z7J+ZuxF9YIG6RvgHEjhN7Um6kd3K+4z3opo/CpX9TpyprOkQ+rq2WXp9Z
vyWwMw0F6Gs/NzNi0jc/K/ybF872tzTlE4PD9UVW4/j2ir1yyi1V6dnLf2fczWcl
Qjcv/4gvbW0+Lut6+XG/TvH++b9XfAs0lh//19bajEEnNY6L8xV0PCEaFCr3/UwO
1FzDAipmIQLedYzn7/D+ls/kkCUoSspV+VISEQkSopYWXXmKRuzW47wkJ2wa1WDR
dBNT8ttwixMdfEmptB0d7BCiFyEEmeTVnKy0UkPTYLiH
-----END CERTIFICATE-----