Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/T0UVWbdYIrv2Glp_7UXvfOTbTDE.roa
File:                     T0UVWbdYIrv2Glp_7UXvfOTbTDE.roa (raw, json)
Hash identifier:          Xx7iACcyu7JmusXCDqkUYxLwfoOcHJio0M/ou03hYZc=
Subject key identifier:   4F:45:15:59:B7:58:22:BB:F6:1A:5A:7F:ED:45:EF:7C:E4:DB:4C:31
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B79E4CD6C1FDB12F2ACFF85B7C19
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/T0UVWbdYIrv2Glp_7UXvfOTbTDE.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        45.150.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b7:9e:4c:d6:c1:fd:b1:2f:2a:cf:f8:5b:7c:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f451559b75822bbf61a5a7fed45ef7ce4db4c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:34:4c:13:04:0d:49:78:23:ef:b7:f2:69:1f:
                    35:9b:91:be:74:4b:8b:11:db:04:e4:58:5e:cc:78:
                    e6:a2:c9:7b:b2:b8:0f:5d:f3:f9:b1:bf:4b:bf:4c:
                    36:58:30:06:8e:d5:a5:7c:47:62:a3:8b:29:22:c1:
                    37:4b:b5:66:b7:18:f3:a3:85:cc:39:ab:82:b4:17:
                    f1:ba:06:1b:09:8c:3e:4e:b8:7d:6c:f5:28:c0:ed:
                    0a:b8:0e:90:0b:56:57:f9:5e:c7:36:a5:15:97:f2:
                    7f:93:fa:e3:ee:7e:5b:a4:44:45:b1:98:46:94:d6:
                    2c:43:9b:94:77:6e:d7:40:d7:02:26:41:9b:32:07:
                    5f:c4:11:19:e8:0d:7e:47:e7:e1:c1:7b:73:10:dc:
                    66:01:bb:c0:b8:31:c9:56:83:1e:41:d1:54:e5:cf:
                    ff:72:73:80:c1:0f:47:77:d2:15:8a:bf:91:71:65:
                    9f:2e:fc:21:6a:ae:79:18:f9:b5:ac:d5:30:27:0e:
                    cc:5c:ff:e3:91:c3:ec:da:4e:8a:28:ff:ac:ba:00:
                    25:d0:e4:d9:69:aa:f9:14:b9:0d:35:48:6a:d0:ab:
                    af:08:91:44:f8:d4:c3:4c:d0:cf:ec:f2:77:6a:8f:
                    d4:c4:2c:8f:1c:df:b5:6c:10:fa:92:39:d5:f8:3d:
                    1b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:45:15:59:B7:58:22:BB:F6:1A:5A:7F:ED:45:EF:7C:E4:DB:4C:31
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/T0UVWbdYIrv2Glp_7UXvfOTbTDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:1b:75:2f:52:16:4d:cb:7b:a5:c8:e3:3d:22:e5:e3:9e:a8:
         53:c4:04:25:64:b3:51:14:14:2e:64:27:7d:63:f6:bc:37:63:
         aa:cf:95:04:dc:53:8a:1a:6d:99:95:54:86:2e:8b:d7:39:1e:
         60:ea:dd:75:32:08:d5:94:ae:31:55:9f:1e:73:6b:f2:83:e7:
         61:7d:ee:0e:37:69:ab:b1:9f:66:60:ee:22:77:84:5f:fa:d0:
         03:52:28:04:49:cc:71:f5:e2:00:15:0b:90:2c:bf:1a:48:f8:
         e6:22:0e:e2:8d:43:22:97:ec:06:c0:5a:d7:07:4a:00:3a:47:
         bb:65:ab:2c:6c:ad:a3:ee:63:a8:2f:5a:bc:e7:86:6b:45:7c:
         85:a6:d0:3a:f1:a3:e5:a0:37:ca:a0:50:02:12:ac:a7:90:08:
         9d:3e:40:f6:b9:9e:af:22:25:b8:a9:28:c8:50:71:eb:7c:d8:
         8e:50:f8:6d:6f:eb:9e:50:0a:57:8f:ff:6f:93:ac:03:a3:15:
         26:3b:88:90:8d:fa:a4:e3:91:85:7f:b0:b0:7f:09:93:84:2f:
         77:40:5c:e8:97:fd:be:46:04:15:12:4c:48:58:5e:3d:17:2f:
         4a:5f:77:46:23:e3:43:6d:3e:04:72:95:bc:cc:e4:13:6c:8b:
         9e:b6:c1:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALeeTNbB/bEvKs/4W3wZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjQ1MTU1OWI3NTgyMmJiZjYxYTVhN2ZlZDQ1ZWY3Y2U0ZGI0YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTRMEwQNSXgj77fyaR81m5G+dEuL
EdsE5FhezHjmosl7srgPXfP5sb9Lv0w2WDAGjtWlfEdio4spIsE3S7Vmtxjzo4XM
OauCtBfxugYbCYw+Trh9bPUowO0KuA6QC1ZX+V7HNqUVl/J/k/rj7n5bpERFsZhG
lNYsQ5uUd27XQNcCJkGbMgdfxBEZ6A1+R+fhwXtzENxmAbvAuDHJVoMeQdFU5c//
cnOAwQ9Hd9IVir+RcWWfLvwhaq55GPm1rNUwJw7MXP/jkcPs2k6KKP+sugAl0OTZ
aar5FLkNNUhq0KuvCJFE+NTDTNDP7PJ3ao/UxCyPHN+1bBD6kjnV+D0bDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9FFVm3WCK79hpaf+1F73zk20wxMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvVDBVVldiZFlJcnYyR2xwXzdVWHZmT1RiVERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZY0MA0G
CSqGSIb3DQEBCwUAA4IBAQCuG3UvUhZNy3ulyOM9IuXjnqhTxAQlZLNRFBQuZCd9
Y/a8N2Oqz5UE3FOKGm2ZlVSGLovXOR5g6t11MgjVlK4xVZ8ec2vyg+dhfe4ON2mr
sZ9mYO4id4Rf+tADUigEScxx9eIAFQuQLL8aSPjmIg7ijUMil+wGwFrXB0oAOke7
ZassbK2j7mOoL1q854ZrRXyFptA68aPloDfKoFACEqynkAidPkD2uZ6vIiW4qSjI
UHHrfNiOUPhtb+ueUApXj/9vk6wDoxUmO4iQjfqk45GFf7CwfwmThC93QFzol/2+
RgQVEkxIWF49Fy9KX3dGI+NDbT4EcpW8zOQTbIuetsEL
-----END CERTIFICATE-----