Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/uYLw1s_5bunekNapxkMV3FwWLuo.roa
File:                     uYLw1s_5bunekNapxkMV3FwWLuo.roa (raw, json)
Hash identifier:          0FNj2M4tI3Jv0qKuXyW/A+eWlmhbommi1ZY/ZVhq0Tc=
Subject key identifier:   B9:82:F0:D6:CF:F9:6E:E9:DE:90:D6:A9:C6:43:15:DC:5C:16:2E:EA
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018CC56E107BDFA023E79B89C29CE793FED6
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/uYLw1s_5bunekNapxkMV3FwWLuo.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211407
IP address blocks:        45.149.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:10:7b:df:a0:23:e7:9b:89:c2:9c:e7:93:fe:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b982f0d6cff96ee9de90d6a9c64315dc5c162eea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a2:95:98:03:d9:0f:47:87:7c:59:a5:7d:ec:
                    4e:c5:10:ee:25:98:89:b9:1d:17:eb:b6:6e:06:fc:
                    39:de:16:07:57:b7:75:d5:dd:16:55:25:df:dd:e1:
                    02:7c:ba:bb:5e:bc:82:97:5c:2a:21:46:78:c8:93:
                    57:22:34:b1:db:c4:cb:d1:80:05:67:94:fa:34:9b:
                    55:66:fd:83:20:e8:b6:0e:47:59:32:18:bd:84:97:
                    0e:f7:c2:04:88:bf:23:cc:b8:f9:3a:a1:b7:b1:b1:
                    e5:73:fb:05:ea:ac:1c:4f:6c:8e:39:d4:58:51:86:
                    be:6c:5d:4c:00:37:8d:fb:97:c5:fb:fe:04:30:ce:
                    b0:e4:ac:92:ce:7c:a6:a7:45:d3:a9:b4:c4:2c:7f:
                    ca:ba:03:22:71:03:46:f4:ce:f9:54:23:ba:20:e6:
                    c4:da:d2:61:f4:90:a5:73:9f:a8:cf:4b:5e:f9:66:
                    9e:96:c7:b1:a1:c4:45:dc:fe:6d:bc:5d:16:9a:85:
                    6d:ed:02:61:6c:c3:91:6b:aa:2c:6a:4b:95:26:52:
                    09:57:de:f7:e5:9c:bb:c5:78:8c:8d:b8:64:34:4a:
                    53:22:1f:ea:b7:19:80:f2:61:19:43:43:e6:04:72:
                    af:65:1b:16:d5:98:94:5e:40:3a:b7:57:09:b3:2f:
                    c0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:82:F0:D6:CF:F9:6E:E9:DE:90:D6:A9:C6:43:15:DC:5C:16:2E:EA
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/uYLw1s_5bunekNapxkMV3FwWLuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:df:bf:32:19:6e:36:38:88:bc:de:28:7c:93:86:30:40:fe:
         0e:50:b3:0d:58:80:09:72:9b:50:b1:ef:db:9b:5b:b4:5c:4f:
         df:4e:a3:3e:5d:a0:47:42:a4:56:4a:d0:13:e2:1c:7f:1a:08:
         18:f0:53:20:05:20:94:cd:38:37:ff:34:9e:d1:72:c7:98:ad:
         ea:ef:ef:5a:e4:0a:d8:f2:80:7a:93:c3:5c:41:4e:28:92:d1:
         b9:55:82:e5:7e:ee:f9:97:c6:e1:9a:0e:96:bd:e3:9a:e3:d4:
         57:b9:f9:56:f2:b0:a2:2b:26:d9:8b:d4:c1:4a:41:53:48:5f:
         7c:7d:65:86:d4:c3:57:d8:eb:66:39:03:20:ab:e9:18:65:5f:
         75:13:99:f3:fe:5a:ce:4b:62:84:8e:f9:1c:69:48:e2:2c:12:
         ed:5d:c7:ce:e7:da:5f:4e:0f:a3:d1:88:20:18:a8:fd:54:e2:
         74:77:fd:d1:b5:4f:e2:f4:3e:85:ee:42:8a:b2:b2:f5:70:00:
         14:1d:9a:37:8f:48:5e:56:fc:01:8e:91:94:9c:f3:1a:c9:3b:
         0e:ca:f0:0d:c0:fc:35:1e:94:a5:c9:11:2e:d4:ba:e2:d9:37:
         57:b4:e1:9f:db:db:01:a8:4e:5c:1c:f8:aa:36:6a:d9:b9:b3:
         a4:d1:f3:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhB736Aj55uJwpznk/7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTgyZjBkNmNmZjk2ZWU5ZGU5MGQ2YTljNjQzMTVkYzVjMTYyZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6KVmAPZD0eHfFmlfexOxRDuJZiJ
uR0X67ZuBvw53hYHV7d11d0WVSXf3eECfLq7XryCl1wqIUZ4yJNXIjSx28TL0YAF
Z5T6NJtVZv2DIOi2DkdZMhi9hJcO98IEiL8jzLj5OqG3sbHlc/sF6qwcT2yOOdRY
UYa+bF1MADeN+5fF+/4EMM6w5KySznymp0XTqbTELH/KugMicQNG9M75VCO6IObE
2tJh9JClc5+oz0te+WaelsexocRF3P5tvF0WmoVt7QJhbMORa6osakuVJlIJV973
5Zy7xXiMjbhkNEpTIh/qtxmA8mEZQ0PmBHKvZRsW1ZiUXkA6t1cJsy/ASQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmC8NbP+W7p3pDWqcZDFdxcFi7qMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvdVlMdzFzXzVidW5la05hcHhrTVYzRndXTHVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZVdMA0G
CSqGSIb3DQEBCwUAA4IBAQAv378yGW42OIi83ih8k4YwQP4OULMNWIAJcptQse/b
m1u0XE/fTqM+XaBHQqRWStAT4hx/GggY8FMgBSCUzTg3/zSe0XLHmK3q7+9a5ArY
8oB6k8NcQU4oktG5VYLlfu75l8bhmg6WveOa49RXuflW8rCiKybZi9TBSkFTSF98
fWWG1MNX2OtmOQMgq+kYZV91E5nz/lrOS2KEjvkcaUjiLBLtXcfO59pfTg+j0Ygg
GKj9VOJ0d/3RtU/i9D6F7kKKsrL1cAAUHZo3j0heVvwBjpGUnPMayTsOyvANwPw1
HpSlyREu1Lri2TdXtOGf29sBqE5cHPiqNmrZubOk0fMM
-----END CERTIFICATE-----