Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/VC8SzUTlVGdkZb7eBtipVK73hb8.roa
File:                     VC8SzUTlVGdkZb7eBtipVK73hb8.roa (raw, json)
Hash identifier:          VP04w0kV7s7qbOUkGhj3lIUU1V+Zuc7Fgp/tvdoQciE=
Subject key identifier:   54:2F:12:CD:44:E5:54:67:64:65:BE:DE:06:D8:A9:54:AE:F7:85:BF
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       018CC64AAE92D52261E118382BDBA8D01C30
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/VC8SzUTlVGdkZb7eBtipVK73hb8.roa
Signing time:             Mon 01 Jan 2024 18:30:32 +0000
ROA not before:           Mon 01 Jan 2024 18:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197740
IP address blocks:        45.151.74.0/23 maxlen: 23
                          45.151.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ae:92:d5:22:61:e1:18:38:2b:db:a8:d0:1c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Jan  1 18:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=542f12cd44e554676465bede06d8a954aef785bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:bb:1a:64:f2:39:65:70:65:30:23:4e:b2:9c:
                    6a:02:64:47:8b:08:16:26:e3:29:d3:61:90:87:db:
                    45:ca:31:42:22:18:bd:8a:d9:9c:9a:34:cc:18:8a:
                    e9:61:aa:4d:cf:3d:ff:5d:2c:c2:91:6e:0a:9c:f4:
                    c0:0d:2e:72:3d:56:65:b8:90:e8:70:f6:8e:a9:ed:
                    ff:59:d6:ec:e3:e3:4d:f4:1a:f9:74:3c:8c:b0:99:
                    4f:f2:f5:c8:35:01:39:23:b1:b9:50:74:7b:e5:ee:
                    98:bc:22:df:36:98:4a:e5:71:ef:83:96:6d:90:32:
                    bf:09:45:60:30:64:11:0a:37:73:27:7a:ed:c9:59:
                    2e:52:a8:dc:9c:4b:92:80:dc:3f:8a:c1:39:ca:7a:
                    44:e0:61:15:2c:b3:61:93:33:d5:d0:37:8d:b9:a4:
                    b6:dd:c9:af:47:08:d2:db:33:3c:c9:1c:ce:df:7b:
                    49:0c:a6:36:5e:39:40:4b:04:08:77:81:0f:7e:46:
                    c0:88:4e:fc:a4:bc:f8:9a:b7:42:3f:c9:24:25:7b:
                    35:94:a0:3e:ec:8b:e5:b2:f8:f5:5f:53:92:87:dd:
                    3e:49:4e:b8:97:49:9a:5c:97:64:4f:b0:da:3d:f3:
                    d1:39:df:c7:ba:5e:b1:8b:fd:d0:92:15:39:e4:69:
                    12:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:2F:12:CD:44:E5:54:67:64:65:BE:DE:06:D8:A9:54:AE:F7:85:BF
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/VC8SzUTlVGdkZb7eBtipVK73hb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:59:73:73:86:9b:f6:7f:88:e6:30:5c:d9:4f:19:30:4c:e0:
         24:fa:db:4f:d6:6f:27:bb:b1:34:1e:1e:1e:e5:b2:bc:4b:4a:
         39:8f:94:0c:7b:90:48:b5:92:7c:c1:05:a7:ce:00:3d:68:5c:
         a9:ec:28:a0:6f:9a:08:d8:ab:27:86:49:45:8f:b1:60:78:37:
         74:7a:88:42:0c:37:f5:4e:a4:fd:f2:b0:f9:9c:31:39:ce:1d:
         0b:2c:42:ac:14:1b:76:53:ea:65:3e:e8:17:8e:16:b4:48:bd:
         4c:7e:ed:b6:a6:8a:50:3c:5c:02:1c:c9:a0:6e:30:f7:84:2d:
         3c:ac:8b:c7:ba:8e:b0:3a:42:9a:ca:4c:20:02:4d:3c:bd:66:
         5c:56:a2:16:e9:7b:f7:06:e4:6e:d4:61:69:33:51:0d:74:5c:
         4e:cc:18:34:72:9f:11:03:04:58:89:5a:85:14:d4:43:3c:a2:
         fd:7b:fb:4b:06:1e:70:9f:23:5b:d5:4f:60:70:a2:6e:5b:73:
         59:1f:d7:ea:5b:d6:b6:67:5a:2b:ba:1c:95:f3:60:f5:27:a1:
         76:f7:a4:60:1c:50:b2:2b:08:98:8c:61:b1:68:8c:36:28:6b:
         e9:2f:dc:07:1f:3c:08:b0:5a:d0:c2:39:79:16:2a:3e:5c:64:
         73:0f:31:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSq6S1SJh4Rg4K9uo0BwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwMTAxMTgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDJmMTJjZDQ0ZTU1NDY3NjQ2NWJlZGUwNmQ4YTk1NGFlZjc4NWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLsaZPI5ZXBlMCNOspxqAmRHiwgW
JuMp02GQh9tFyjFCIhi9itmcmjTMGIrpYapNzz3/XSzCkW4KnPTADS5yPVZluJDo
cPaOqe3/Wdbs4+NN9Br5dDyMsJlP8vXINQE5I7G5UHR75e6YvCLfNphK5XHvg5Zt
kDK/CUVgMGQRCjdzJ3rtyVkuUqjcnEuSgNw/isE5ynpE4GEVLLNhkzPV0DeNuaS2
3cmvRwjS2zM8yRzO33tJDKY2XjlASwQId4EPfkbAiE78pLz4mrdCP8kkJXs1lKA+
7Ivlsvj1X1OSh90+SU64l0maXJdkT7DaPfPROd/Hul6xi/3QkhU55GkS2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQvEs1E5VRnZGW+3gbYqVSu94W/MB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvVkM4U3pVVGxWR2RrWmI3ZUJ0aXBWSzczaGI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZdIMA0G
CSqGSIb3DQEBCwUAA4IBAQCOWXNzhpv2f4jmMFzZTxkwTOAk+ttP1m8nu7E0Hh4e
5bK8S0o5j5QMe5BItZJ8wQWnzgA9aFyp7Cigb5oI2KsnhklFj7FgeDd0eohCDDf1
TqT98rD5nDE5zh0LLEKsFBt2U+plPugXjha0SL1Mfu22popQPFwCHMmgbjD3hC08
rIvHuo6wOkKaykwgAk08vWZcVqIW6Xv3BuRu1GFpM1ENdFxOzBg0cp8RAwRYiVqF
FNRDPKL9e/tLBh5wnyNb1U9gcKJuW3NZH9fqW9a2Z1oruhyV82D1J6F296RgHFCy
KwiYjGGxaIw2KGvpL9wHHzwIsFrQwjl5Fio+XGRzDzFL
-----END CERTIFICATE-----