Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/OAyao57iqiy3VXV0J1SmFslJqeM.roa
File:                     OAyao57iqiy3VXV0J1SmFslJqeM.roa (raw, json)
Hash identifier:          5NhhyvEOJkzvpkcR0fzV3MloCovSBKmmjvTvOe17ZIY=
Subject key identifier:   38:0C:9A:A3:9E:E2:AA:2C:B7:55:75:74:27:54:A6:16:C9:49:A9:E3
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       018CC6B7814F6CF9592B228DAE20365ADF8C
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/OAyao57iqiy3VXV0J1SmFslJqeM.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53007
IP address blocks:        153.112.195.0/24 maxlen: 24
                          192.157.17.0/24 maxlen: 24
                          192.157.16.0/23 maxlen: 23
                          192.157.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:81:4f:6c:f9:59:2b:22:8d:ae:20:36:5a:df:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=380c9aa39ee2aa2cb75575742754a616c949a9e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:da:b8:e8:4c:6d:55:83:37:3c:ee:a4:c3:c0:
                    76:ad:25:f0:cc:57:8c:c4:b2:37:c8:d9:af:40:cb:
                    f7:60:3b:2d:46:db:93:16:bb:c0:a0:b2:d3:49:b7:
                    16:ef:09:26:e9:9d:6b:ff:5d:4b:c9:17:b3:95:07:
                    87:b0:57:1a:59:8b:64:e9:67:70:90:e5:d3:93:3a:
                    a0:6f:57:44:4a:92:02:2b:fb:45:d2:1c:2c:04:b4:
                    a4:d7:14:09:fa:c7:2e:eb:f4:b9:b7:08:10:b3:c7:
                    e9:98:38:4f:06:b7:90:96:fd:f6:c5:48:07:b0:f4:
                    cf:05:0f:17:d5:f2:7f:33:f6:a8:5b:1c:bb:ea:09:
                    64:b6:a3:41:5d:be:2b:2e:85:bb:95:e3:90:6d:30:
                    cb:81:75:fc:69:cb:42:43:7f:dd:49:68:6c:69:61:
                    b6:23:4a:35:ed:5c:b3:70:90:5e:da:ad:3a:f5:a4:
                    0c:4e:d7:3a:7b:6d:33:50:63:c5:1c:05:24:f5:d8:
                    fa:ec:4e:ec:70:47:a6:18:11:0b:98:e6:b5:95:06:
                    df:d9:0d:60:cb:d4:30:11:77:0b:2d:98:82:33:93:
                    a8:2a:56:34:32:32:40:c3:8c:d6:b6:a0:69:64:0d:
                    36:f0:5c:74:5b:c9:61:6c:00:cb:bd:85:24:42:72:
                    70:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0C:9A:A3:9E:E2:AA:2C:B7:55:75:74:27:54:A6:16:C9:49:A9:E3
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/OAyao57iqiy3VXV0J1SmFslJqeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.195.0/24
                  192.157.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:fe:73:ec:c0:ed:32:76:b2:30:f8:19:9d:2c:fc:bb:8a:03:
         55:75:90:02:cb:86:f1:97:b3:b7:03:ba:6e:2e:fa:24:c2:77:
         87:e6:b2:44:b3:d6:04:45:d5:ba:03:7d:2b:00:c7:af:55:71:
         11:9e:1c:c0:75:a1:b6:70:1b:3f:4c:05:7d:68:4d:73:ef:56:
         d1:78:ae:3c:10:aa:1e:aa:22:cc:ee:be:49:7f:f0:1f:e4:e9:
         75:6e:6b:50:da:a8:02:42:35:8d:dd:30:c4:69:54:2f:63:ca:
         83:7e:38:90:49:10:2a:24:06:29:f9:47:33:f3:5f:34:df:5a:
         82:89:88:f6:f5:78:74:88:20:c6:f8:85:55:b2:3e:d3:12:99:
         99:8b:8e:60:9f:c8:a6:cc:8e:2c:8c:93:58:95:8e:11:dd:2b:
         59:f9:f3:ae:5e:44:80:66:14:d9:e5:b5:b4:f5:47:13:f3:85:
         63:f9:4d:9e:f8:0b:8d:eb:78:b0:cb:24:f6:3d:17:de:3a:08:
         d4:24:95:db:7a:e0:f1:a3:d3:15:6a:99:9f:00:e1:18:c5:5b:
         7c:ef:05:bc:a6:1a:df:a9:92:d1:85:76:17:3d:57:b0:f5:b2:
         96:fd:44:e9:90:67:ee:57:50:6b:37:3e:35:45:cf:90:aa:2a:
         86:4c:95:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt4FPbPlZKyKNriA2Wt+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBjOWFhMzllZTJhYTJjYjc1NTc1NzQyNzU0YTYxNmM5NDlhOWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptq46ExtVYM3PO6kw8B2rSXwzFeM
xLI3yNmvQMv3YDstRtuTFrvAoLLTSbcW7wkm6Z1r/11LyRezlQeHsFcaWYtk6Wdw
kOXTkzqgb1dESpICK/tF0hwsBLSk1xQJ+scu6/S5twgQs8fpmDhPBreQlv32xUgH
sPTPBQ8X1fJ/M/aoWxy76glktqNBXb4rLoW7leOQbTDLgXX8actCQ3/dSWhsaWG2
I0o17VyzcJBe2q069aQMTtc6e20zUGPFHAUk9dj67E7scEemGBELmOa1lQbf2Q1g
y9QwEXcLLZiCM5OoKlY0MjJAw4zWtqBpZA028Fx0W8lhbADLvYUkQnJwSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDgMmqOe4qost1V1dCdUphbJSanjMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvT0F5YW81N2lxaXkzVlhWMEoxU21Gc2xKcWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmXDDAwQB
wJ0QMA0GCSqGSIb3DQEBCwUAA4IBAQBI/nPswO0ydrIw+BmdLPy7igNVdZACy4bx
l7O3A7puLvokwneH5rJEs9YERdW6A30rAMevVXERnhzAdaG2cBs/TAV9aE1z71bR
eK48EKoeqiLM7r5Jf/Af5Ol1bmtQ2qgCQjWN3TDEaVQvY8qDfjiQSRAqJAYp+Ucz
818031qCiYj29Xh0iCDG+IVVsj7TEpmZi45gn8imzI4sjJNYlY4R3StZ+fOuXkSA
ZhTZ5bW09UcT84Vj+U2e+AuN63iwyyT2PRfeOgjUJJXbeuDxo9MVapmfAOEYxVt8
7wW8phrfqZLRhXYXPVew9bKW/UTpkGfuV1BrNz41Rc+QqiqGTJUB
-----END CERTIFICATE-----