Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/ce001b-a4d8-4f0e-831d-35c66d7c5260/1/MIDXNSWjIhULQb8E4WP1UboAY9U.roa
File:                     MIDXNSWjIhULQb8E4WP1UboAY9U.roa (raw, json)
Hash identifier:          C7qbLjUtcbapVvbxb1un9lYjbiieubM8Ywh3jGsbkDM=
Subject key identifier:   30:80:D7:35:25:A3:22:15:0B:41:BF:04:E1:63:F5:51:BA:00:63:D5
Certificate issuer:       /CN=b5f19eb0dd48e1b24924908bb5b6848cc1678546
Certificate serial:       018CC56E1E3A076A6518A26B0B33C99AD1EB
Authority key identifier: B5:F1:9E:B0:DD:48:E1:B2:49:24:90:8B:B5:B6:84:8C:C1:67:85:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tfGesN1I4bJJJJCLtbaEjMFnhUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/ce001b-a4d8-4f0e-831d-35c66d7c5260/1/MIDXNSWjIhULQb8E4WP1UboAY9U.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.136.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/ce001b-a4d8-4f0e-831d-35c66d7c5260/1/tfGesN1I4bJJJJCLtbaEjMFnhUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/ce001b-a4d8-4f0e-831d-35c66d7c5260/1/tfGesN1I4bJJJJCLtbaEjMFnhUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tfGesN1I4bJJJJCLtbaEjMFnhUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1e:3a:07:6a:65:18:a2:6b:0b:33:c9:9a:d1:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5f19eb0dd48e1b24924908bb5b6848cc1678546
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3080d73525a322150b41bf04e163f551ba0063d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:20:47:0d:de:aa:08:c5:88:fe:97:6d:1f:ce:
                    79:4b:26:a4:15:df:6a:a4:ac:40:e3:e3:aa:f3:01:
                    52:72:71:f1:29:5c:5b:7b:8c:6f:a9:cb:d4:d3:d7:
                    67:81:d2:4b:ce:d6:bd:c9:ad:b3:26:24:f9:92:61:
                    a3:ec:80:ca:1f:6f:ed:2b:c1:de:3e:82:26:39:a1:
                    c7:c5:16:32:4f:f1:63:71:67:0a:14:2c:09:9f:6f:
                    58:b9:10:44:d5:a7:33:72:23:96:3b:d4:1e:e8:05:
                    e9:2d:6a:51:72:dd:a2:1a:b7:a1:3c:d8:7c:71:be:
                    b2:e3:93:8d:5e:21:1f:93:bb:06:eb:80:21:99:b6:
                    95:e7:d7:9d:44:22:6e:21:93:16:fe:7a:92:24:52:
                    17:d0:64:54:b1:c2:da:56:40:1c:e6:d0:c0:f9:c7:
                    6f:77:1b:fe:25:65:07:da:5b:8a:45:96:d7:00:21:
                    ee:35:50:81:ed:fd:1a:3e:09:70:6b:d1:dd:d8:e2:
                    f8:8f:9a:82:55:17:b0:3d:57:7c:fd:96:89:33:e9:
                    7c:6e:83:3a:26:49:a7:8a:8e:4b:c3:0e:a1:2d:ca:
                    d0:a6:ac:19:57:86:c3:c1:9a:39:55:bf:3f:66:5a:
                    60:4d:6c:f3:c3:4f:fe:52:5e:eb:85:0b:a7:39:fd:
                    08:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:80:D7:35:25:A3:22:15:0B:41:BF:04:E1:63:F5:51:BA:00:63:D5
            X509v3 Authority Key Identifier:
                keyid:B5:F1:9E:B0:DD:48:E1:B2:49:24:90:8B:B5:B6:84:8C:C1:67:85:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tfGesN1I4bJJJJCLtbaEjMFnhUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/ce001b-a4d8-4f0e-831d-35c66d7c5260/1/MIDXNSWjIhULQb8E4WP1UboAY9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/ce001b-a4d8-4f0e-831d-35c66d7c5260/1/tfGesN1I4bJJJJCLtbaEjMFnhUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:16:21:85:3e:a3:71:70:2f:1c:db:b8:30:37:93:30:da:1a:
         1c:51:4e:56:22:35:06:47:df:0f:fc:f6:8a:74:0a:2a:ac:2c:
         00:ea:1f:e7:6b:8e:fd:82:d5:3e:cf:97:81:13:de:55:fa:b7:
         9f:7d:28:93:02:01:60:a0:05:ad:1d:1b:a5:98:44:d4:6b:9d:
         55:1d:fc:36:fc:3e:f8:ca:44:41:41:b2:de:43:ab:31:35:dd:
         5b:fd:31:c8:29:b8:5d:c7:87:e1:2f:4a:83:30:85:72:27:63:
         fe:fd:2f:71:07:bb:97:b4:d7:8f:0d:88:13:23:06:48:d1:8a:
         01:80:32:32:57:51:1a:d9:8c:88:43:2c:a0:a2:3c:76:e3:c2:
         03:44:cf:cc:a1:b9:52:1e:db:06:99:7e:b5:26:82:34:0a:e4:
         04:7f:09:50:50:87:64:72:79:03:1e:37:7f:78:e5:b9:b8:14:
         c1:7c:14:ea:ea:be:96:28:7a:1a:ac:78:a2:96:71:9a:f8:30:
         fe:f1:83:4f:36:27:e4:d9:bf:3a:05:ec:e8:f8:f4:1c:b5:de:
         f7:8b:2b:c9:b1:c7:4c:4f:ac:0c:be:32:8f:f1:a5:69:8f:e4:
         4e:14:8d:86:35:01:29:63:6c:18:67:ef:67:fa:24:43:44:fb:
         b6:88:bb:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh46B2plGKJrCzPJmtHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZjE5ZWIwZGQ0OGUxYjI0OTI0OTA4YmI1YjY4NDhjYzE2
Nzg1NDYwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDgwZDczNTI1YTMyMjE1MGI0MWJmMDRlMTYzZjU1MWJhMDA2M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyBHDd6qCMWI/pdtH855SyakFd9q
pKxA4+Oq8wFScnHxKVxbe4xvqcvU09dngdJLzta9ya2zJiT5kmGj7IDKH2/tK8He
PoImOaHHxRYyT/FjcWcKFCwJn29YuRBE1aczciOWO9Qe6AXpLWpRct2iGrehPNh8
cb6y45ONXiEfk7sG64AhmbaV59edRCJuIZMW/nqSJFIX0GRUscLaVkAc5tDA+cdv
dxv+JWUH2luKRZbXACHuNVCB7f0aPglwa9Hd2OL4j5qCVRewPVd8/ZaJM+l8boM6
Jkmnio5Lww6hLcrQpqwZV4bDwZo5Vb8/ZlpgTWzzw0/+Ul7rhQunOf0IPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCA1zUloyIVC0G/BOFj9VG6AGPVMB8GA1UdIwQY
MBaAFLXxnrDdSOGySSSQi7W2hIzBZ4VGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGZHZXNOMUk0YkpKSkpDTHRiYUVqTUZuaFVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9jZTAwMWItYTRkOC00ZjBlLTgzMWQt
MzVjNjZkN2M1MjYwLzEvTUlEWE5TV2pJaFVMUWI4RTRXUDFVYm9BWTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9jZTAwMWItYTRkOC00ZjBlLTgzMWQtMzVjNjZkN2M1MjYw
LzEvdGZHZXNOMUk0YkpKSkpDTHRiYUVqTUZuaFVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYjwMA0G
CSqGSIb3DQEBCwUAA4IBAQBJFiGFPqNxcC8c27gwN5Mw2hocUU5WIjUGR98P/PaK
dAoqrCwA6h/na479gtU+z5eBE95V+reffSiTAgFgoAWtHRulmETUa51VHfw2/D74
ykRBQbLeQ6sxNd1b/THIKbhdx4fhL0qDMIVyJ2P+/S9xB7uXtNePDYgTIwZI0YoB
gDIyV1Ea2YyIQyygojx248IDRM/MoblSHtsGmX61JoI0CuQEfwlQUIdkcnkDHjd/
eOW5uBTBfBTq6r6WKHoarHiilnGa+DD+8YNPNifk2b86Bezo+PQctd73iyvJscdM
T6wMvjKP8aVpj+ROFI2GNQEpY2wYZ+9n+iRDRPu2iLvD
-----END CERTIFICATE-----