Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/mDZSGswva_DXidUdZ4fet0FT4io.roa
File:                     mDZSGswva_DXidUdZ4fet0FT4io.roa (raw, json)
Hash identifier:          uIM3YQj+OOsCc9T9yfF/Q5aHW9wL9gvz/cvJ0/BnM2c=
Subject key identifier:   98:36:52:1A:CC:2F:6B:F0:D7:89:D5:1D:67:87:DE:B7:41:53:E2:2A
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0190104C4E71DA0826AA9215F5AA735F396D
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/mDZSGswva_DXidUdZ4fet0FT4io.roa
Signing time:             Thu 13 Jun 2024 06:32:34 +0000
ROA not before:           Thu 13 Jun 2024 06:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152700
IP address blocks:        45.157.137.0/24 maxlen: 24
                          185.217.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:4c:4e:71:da:08:26:aa:92:15:f5:aa:73:5f:39:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jun 13 06:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9836521acc2f6bf0d789d51d6787deb74153e22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:99:b7:d2:bf:e9:f7:90:cb:4d:81:4e:04:da:
                    a1:fe:e9:da:13:17:4e:fc:0e:7d:0f:4a:e2:54:04:
                    ac:9b:8b:7f:47:d6:74:e2:dd:ce:95:77:b8:cd:a9:
                    89:1b:70:39:53:fb:6c:26:85:a6:7e:79:3e:d6:df:
                    4d:94:0b:68:0e:e1:ea:de:b3:64:08:78:95:6c:80:
                    32:bf:04:da:20:58:9b:9c:88:5c:14:be:e0:33:5f:
                    ce:67:48:ae:43:50:f1:0e:3d:c6:e0:4b:6d:9f:48:
                    17:c3:dc:91:f2:52:91:3e:9c:4c:ce:df:84:24:3c:
                    ac:0f:bb:e3:18:c5:85:ba:24:e6:0f:27:a7:c8:c9:
                    70:96:14:78:b6:e9:7e:3f:e6:f7:95:e9:25:3f:59:
                    2a:17:ab:a7:02:01:c1:14:57:1a:5a:71:26:1d:f1:
                    67:44:b0:a4:ab:91:99:ac:44:97:f0:39:73:c7:57:
                    b7:36:48:0b:cb:b4:b3:57:f6:e0:6f:4a:09:c5:56:
                    db:92:6d:9b:b8:6f:2f:1c:c8:51:e0:5e:47:c6:1c:
                    d4:df:9b:06:9b:59:e6:c8:2c:0c:7e:0c:ab:f7:82:
                    01:46:b8:81:46:83:f1:04:f2:29:31:e3:e7:08:b2:
                    18:58:57:24:01:c8:42:89:2b:ec:86:b5:cc:65:c7:
                    20:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:36:52:1A:CC:2F:6B:F0:D7:89:D5:1D:67:87:DE:B7:41:53:E2:2A
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/mDZSGswva_DXidUdZ4fet0FT4io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.137.0/24
                  185.217.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:30:9a:c1:c3:46:1d:57:37:be:b3:40:c7:98:cb:c2:c1:b9:
         67:96:45:33:cf:91:e7:79:a4:0d:d7:58:61:a5:21:5c:d1:f7:
         d2:7b:b0:06:cc:fa:85:07:7b:03:78:18:68:9a:f7:28:c0:43:
         fa:bd:d1:18:9d:9f:fa:25:41:13:21:0b:95:63:aa:4d:85:ce:
         3c:20:50:57:f4:7e:85:cb:0f:89:29:90:15:6e:a3:49:e5:81:
         97:3a:ab:e0:4e:f7:c0:37:a8:b0:3a:b6:ae:ad:cf:a9:db:63:
         5b:91:4d:73:f7:76:20:c4:4a:a1:aa:fb:07:be:89:01:26:a9:
         87:7e:4d:09:e6:aa:19:56:e7:46:84:81:02:49:4e:5f:8e:3e:
         ea:2f:cb:c1:0a:07:9f:d6:80:59:cb:33:5a:bd:86:07:42:0d:
         09:45:17:1a:58:e2:db:5c:59:63:cd:8b:fe:0c:0b:ea:dc:fe:
         56:b5:2b:a5:4e:83:21:27:7b:95:af:37:66:b4:88:7b:31:d3:
         07:70:1c:29:85:c9:f3:0d:af:96:c7:e3:81:85:6c:1c:0d:3c:
         93:af:b3:c1:9c:03:dc:1f:74:a9:11:af:04:9e:20:7d:42:85:
         b1:3c:ec:78:57:36:75:0f:4f:2c:bd:82:74:62:71:26:e5:fb:
         89:5d:c0:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAQTE5x2ggmqpIV9apzXzltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNjEzMDYzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODM2NTIxYWNjMmY2YmYwZDc4OWQ1MWQ2Nzg3ZGViNzQxNTNlMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpm30r/p95DLTYFOBNqh/unaExdO
/A59D0riVASsm4t/R9Z04t3OlXe4zamJG3A5U/tsJoWmfnk+1t9NlAtoDuHq3rNk
CHiVbIAyvwTaIFibnIhcFL7gM1/OZ0iuQ1DxDj3G4Ettn0gXw9yR8lKRPpxMzt+E
JDysD7vjGMWFuiTmDyenyMlwlhR4tul+P+b3leklP1kqF6unAgHBFFcaWnEmHfFn
RLCkq5GZrESX8Dlzx1e3NkgLy7SzV/bgb0oJxVbbkm2buG8vHMhR4F5HxhzU35sG
m1nmyCwMfgyr94IBRriBRoPxBPIpMePnCLIYWFckAchCiSvshrXMZccgawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJg2UhrML2vw14nVHWeH3rdBU+IqMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvbURaU0dzd3ZhX0RYaWRVZFo0ZmV0MEZUNGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ2JAwQA
udnCMA0GCSqGSIb3DQEBCwUAA4IBAQCbMJrBw0YdVze+s0DHmMvCwblnlkUzz5Hn
eaQN11hhpSFc0ffSe7AGzPqFB3sDeBhomvcowEP6vdEYnZ/6JUETIQuVY6pNhc48
IFBX9H6Fyw+JKZAVbqNJ5YGXOqvgTvfAN6iwOraurc+p22NbkU1z93YgxEqhqvsH
vokBJqmHfk0J5qoZVudGhIECSU5fjj7qL8vBCgef1oBZyzNavYYHQg0JRRcaWOLb
XFljzYv+DAvq3P5WtSulToMhJ3uVrzdmtIh7MdMHcBwphcnzDa+Wx+OBhWwcDTyT
r7PBnAPcH3SpEa8EniB9QoWxPOx4VzZ1D08svYJ0YnEm5fuJXcDe
-----END CERTIFICATE-----