Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OW29ZGTiGByiVZGv6YdbiLZAaPw.roa
File:                     OW29ZGTiGByiVZGv6YdbiLZAaPw.roa (raw, json)
Hash identifier:          dpOTColfkXho0Bp6eVw4VyK64slXV13rH9Z7bSNSNE0=
Subject key identifier:   39:6D:BD:64:64:E2:18:1C:A2:55:91:AF:E9:87:5B:88:B6:40:68:FC
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB6A791E6F6687B462AB9C78738537
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OW29ZGTiGByiVZGv6YdbiLZAaPw.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262254
IP address blocks:        45.148.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:6a:79:1e:6f:66:87:b4:62:ab:9c:78:73:85:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396dbd6464e2181ca25591afe9875b88b64068fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1f:3a:5e:58:89:f7:59:ba:41:15:c0:d3:01:
                    59:d8:c7:29:91:a0:1d:39:ff:19:30:aa:80:70:08:
                    f3:0b:27:b7:df:1f:8d:8c:97:e9:cc:78:68:d3:49:
                    1e:ed:28:3d:02:31:36:02:29:4b:8c:65:eb:20:17:
                    de:23:ea:1b:c6:3d:36:e1:10:63:cd:a6:70:1a:b5:
                    d2:5b:f1:8a:e8:8b:df:86:46:b7:13:0b:9a:10:9a:
                    dc:b7:e5:9d:e5:8f:d1:98:ba:4e:54:8b:1e:a1:ab:
                    09:cd:ca:35:a6:ce:33:af:b1:df:2d:4d:73:a8:d9:
                    83:97:95:90:a6:3f:30:e2:a7:12:bf:c3:5d:07:23:
                    c8:da:6d:02:4a:a1:b7:9e:b4:8c:8e:62:7b:58:9d:
                    1a:c3:20:3f:36:49:d7:cb:20:63:af:b5:90:80:11:
                    d2:ce:05:0a:4c:da:96:fb:7c:2a:b7:9d:30:9e:71:
                    3c:f6:4f:1c:5c:10:9f:92:0d:f0:f7:af:f2:4d:51:
                    e1:87:d4:8f:78:04:30:b8:87:3b:3d:15:7a:49:f3:
                    07:1c:24:39:25:7a:b0:ed:34:04:bc:d1:6f:73:36:
                    03:f3:0e:e9:43:4e:ab:b6:a6:68:58:b4:c9:04:df:
                    20:e2:f5:73:33:a5:bd:60:14:83:71:39:de:e7:18:
                    0b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6D:BD:64:64:E2:18:1C:A2:55:91:AF:E9:87:5B:88:B6:40:68:FC
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OW29ZGTiGByiVZGv6YdbiLZAaPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:3c:c0:f5:82:f6:ce:5b:e8:d8:27:12:77:32:85:5f:d0:b7:
         75:e8:c6:ff:ce:00:33:b4:7d:4c:2d:5d:77:d9:76:03:b7:65:
         2f:5b:d2:c8:ab:a3:9e:ac:1e:d4:70:d1:14:0a:a6:0c:52:96:
         33:90:49:8d:99:3d:76:b6:44:c1:47:98:e5:ab:32:c9:f7:fe:
         f6:bb:23:d0:ad:cd:73:d4:05:90:e5:b9:f0:23:ce:73:24:33:
         31:6f:86:50:88:ca:4f:47:73:54:f2:c9:87:a8:c8:51:96:a1:
         f0:3a:31:57:30:5f:c7:c6:09:6a:02:10:0a:12:a8:34:d2:a2:
         7d:69:ee:01:a7:3e:d7:87:5a:e1:58:03:ae:7a:59:fc:ac:cb:
         9e:d2:24:68:d7:0f:72:b3:5e:58:05:18:0b:c1:37:d8:7d:b8:
         dd:48:cf:5b:ac:45:6e:62:2f:28:69:ec:93:c2:da:e9:17:0b:
         0d:d1:b7:4b:f5:f1:fa:91:df:0c:75:4d:a6:ff:ed:40:d2:b2:
         7b:05:11:c0:98:a9:99:93:dd:62:51:a7:a3:39:60:be:25:2e:
         d7:ec:ac:bf:aa:8d:de:eb:4a:d2:29:2b:e4:53:da:65:4d:29:
         d0:eb:43:b7:3e:5f:d7:bd:75:ff:73:db:dd:8f:67:f4:85:14:
         cc:83:67:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22p5Hm9mh7Riq5x4c4U3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZkYmQ2NDY0ZTIxODFjYTI1NTkxYWZlOTg3NWI4OGI2NDA2OGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAih86XliJ91m6QRXA0wFZ2McpkaAd
Of8ZMKqAcAjzCye33x+NjJfpzHho00ke7Sg9AjE2AilLjGXrIBfeI+obxj024RBj
zaZwGrXSW/GK6Ivfhka3EwuaEJrct+Wd5Y/RmLpOVIseoasJzco1ps4zr7HfLU1z
qNmDl5WQpj8w4qcSv8NdByPI2m0CSqG3nrSMjmJ7WJ0awyA/NknXyyBjr7WQgBHS
zgUKTNqW+3wqt50wnnE89k8cXBCfkg3w96/yTVHhh9SPeAQwuIc7PRV6SfMHHCQ5
JXqw7TQEvNFvczYD8w7pQ06rtqZoWLTJBN8g4vVzM6W9YBSDcTne5xgLCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDltvWRk4hgcolWRr+mHW4i2QGj8MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvT1cyOVpHVGlHQnlpVlpHdjZZZGJpTFpBYVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSkMA0G
CSqGSIb3DQEBCwUAA4IBAQA4PMD1gvbOW+jYJxJ3MoVf0Ld16Mb/zgAztH1MLV13
2XYDt2UvW9LIq6OerB7UcNEUCqYMUpYzkEmNmT12tkTBR5jlqzLJ9/72uyPQrc1z
1AWQ5bnwI85zJDMxb4ZQiMpPR3NU8smHqMhRlqHwOjFXMF/HxglqAhAKEqg00qJ9
ae4Bpz7Xh1rhWAOueln8rMue0iRo1w9ys15YBRgLwTfYfbjdSM9brEVuYi8oaeyT
wtrpFwsN0bdL9fH6kd8MdU2m/+1A0rJ7BRHAmKmZk91iUaejOWC+JS7X7Ky/qo3e
60rSKSvkU9plTSnQ60O3Pl/XvXX/c9vdj2f0hRTMg2dH
-----END CERTIFICATE-----