Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/FumMNyw1gstotfvd-i7eDdJb4Lw.roa
File:                     FumMNyw1gstotfvd-i7eDdJb4Lw.roa (raw, json)
Hash identifier:          YBMEcarKvySnA6efZ8EaPLTNRHAnYvo0pJRdw1YMY/Y=
Subject key identifier:   16:E9:8C:37:2C:35:82:CB:68:B5:FB:DD:FA:2E:DE:0D:D2:5B:E0:BC
Certificate issuer:       /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial:       018CC6B912F33AF551B9FAEAF45A10958B91
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/FumMNyw1gstotfvd-i7eDdJb4Lw.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     328543
IP address blocks:        45.149.148.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:12:f3:3a:f5:51:b9:fa:ea:f4:5a:10:95:8b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16e98c372c3582cb68b5fbddfa2ede0dd25be0bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fd:41:a6:84:43:aa:d9:62:54:6f:39:93:5e:
                    3c:25:d0:28:bf:b2:21:04:8e:d9:8e:5f:f9:8a:fb:
                    20:3e:9e:0b:2c:5e:59:29:b0:e8:64:30:59:6e:36:
                    43:5c:09:0f:20:f3:04:9c:84:d1:31:2d:47:02:94:
                    b0:99:28:55:14:8b:a2:6e:c1:8f:ac:81:2c:75:92:
                    e2:13:8b:0e:3a:24:1a:ce:ea:fc:dc:ca:a2:e0:06:
                    99:5f:e1:12:63:e7:b7:3d:cc:02:9f:10:48:03:03:
                    6b:96:f1:88:1c:a6:1a:3d:59:2c:7e:77:90:80:d1:
                    94:74:73:0a:7b:be:a6:16:f2:46:4f:9d:db:b9:40:
                    2d:01:5d:69:fd:98:f0:c4:70:2f:6f:bc:f2:65:74:
                    4b:b2:37:14:69:95:79:dc:d0:1a:13:1b:92:9f:f6:
                    30:2a:10:1c:78:e8:60:10:b6:6e:90:f3:c5:96:7f:
                    8d:6c:aa:4e:8d:79:a8:64:9b:af:73:53:61:36:89:
                    dc:fa:0c:c6:91:8c:b6:c7:00:d8:23:aa:62:89:9c:
                    58:b5:86:b3:ac:fe:a2:40:79:c5:4f:c0:a3:75:02:
                    b3:4c:3d:5f:66:fc:1c:1b:5e:e4:59:96:7a:52:4f:
                    2b:46:48:2a:45:6a:e9:b8:bc:fa:a3:5e:d6:91:aa:
                    13:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:E9:8C:37:2C:35:82:CB:68:B5:FB:DD:FA:2E:DE:0D:D2:5B:E0:BC
            X509v3 Authority Key Identifier:
                keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/FumMNyw1gstotfvd-i7eDdJb4Lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:2c:7f:34:58:ad:4f:f5:1c:46:1b:56:52:ca:96:54:61:1b:
         ea:05:89:05:19:5f:14:a8:c0:72:62:bc:1b:79:8f:49:69:ea:
         92:08:a6:14:17:d2:25:17:b8:ce:5c:1d:af:d3:dd:c1:1e:e0:
         0b:f5:07:4a:c6:b1:34:53:58:7d:cc:4b:c6:28:a0:07:1a:c3:
         f4:fa:51:df:51:44:66:f1:c7:06:bf:9e:32:3c:72:2b:0e:bd:
         8f:93:8f:56:05:71:59:6e:d1:69:48:98:3a:2f:e2:35:84:d2:
         5d:07:42:02:59:d4:52:b5:4e:32:6b:2a:b9:15:c2:d8:f6:3c:
         b8:7a:24:e0:f4:4f:d8:76:98:10:59:a9:77:be:7f:33:19:e1:
         fd:4a:ea:59:77:1a:c7:e5:89:64:21:5f:47:20:f5:3a:c1:fb:
         0a:a8:ac:84:32:85:c9:d9:c0:67:b3:c3:1c:e3:2f:e5:7f:f0:
         2f:06:6b:1e:a5:54:e9:b3:f1:18:fa:cc:9f:cd:7f:24:c3:55:
         1f:98:21:b2:46:0b:53:21:17:3b:31:b3:36:21:da:ed:c5:95:
         d1:bf:02:34:85:72:4d:3d:e0:fe:1f:bb:3c:88:b2:3a:d1:50:
         43:5a:9d:04:06:4d:86:b8:d2:9f:ea:48:33:e0:ed:f4:fe:db:
         cf:f6:1d:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRLzOvVRufrq9FoQlYuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmU5OGMzNzJjMzU4MmNiNjhiNWZiZGRmYTJlZGUwZGQyNWJlMGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/1BpoRDqtliVG85k148JdAov7Ih
BI7Zjl/5ivsgPp4LLF5ZKbDoZDBZbjZDXAkPIPMEnITRMS1HApSwmShVFIuibsGP
rIEsdZLiE4sOOiQazur83Mqi4AaZX+ESY+e3PcwCnxBIAwNrlvGIHKYaPVksfneQ
gNGUdHMKe76mFvJGT53buUAtAV1p/ZjwxHAvb7zyZXRLsjcUaZV53NAaExuSn/Yw
KhAceOhgELZukPPFln+NbKpOjXmoZJuvc1NhNonc+gzGkYy2xwDYI6piiZxYtYaz
rP6iQHnFT8CjdQKzTD1fZvwcG17kWZZ6Uk8rRkgqRWrpuLz6o17WkaoThwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbpjDcsNYLLaLX73fou3g3SW+C8MB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvRnVtTU55dzFnc3RvdGZ2ZC1pN2VEZEpiNEx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWUMA0G
CSqGSIb3DQEBCwUAA4IBAQAGLH80WK1P9RxGG1ZSypZUYRvqBYkFGV8UqMByYrwb
eY9JaeqSCKYUF9IlF7jOXB2v093BHuAL9QdKxrE0U1h9zEvGKKAHGsP0+lHfUURm
8ccGv54yPHIrDr2Pk49WBXFZbtFpSJg6L+I1hNJdB0ICWdRStU4yayq5FcLY9jy4
eiTg9E/YdpgQWal3vn8zGeH9SupZdxrH5YlkIV9HIPU6wfsKqKyEMoXJ2cBns8Mc
4y/lf/AvBmsepVTps/EY+syfzX8kw1UfmCGyRgtTIRc7MbM2IdrtxZXRvwI0hXJN
PeD+H7s8iLI60VBDWp0EBk2GuNKf6kgz4O30/tvP9h39
-----END CERTIFICATE-----