Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WUiBb8vuu8b5LRrTclpyL22ZuOI.roa
File:                     WUiBb8vuu8b5LRrTclpyL22ZuOI.roa (raw, json)
Hash identifier:          4sqPz5rxRwbG0hsKv7Tw6hZ/F9ZmLQgAhORRmceQBsU=
Subject key identifier:   59:48:81:6F:CB:EE:BB:C6:F9:2D:1A:D3:72:5A:72:2F:6D:99:B8:E2
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAC63A02E47A5B07372BFCC9D2821
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WUiBb8vuu8b5LRrTclpyL22ZuOI.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208413
IP address blocks:        45.138.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ac:63:a0:2e:47:a5:b0:73:72:bf:cc:9d:28:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5948816fcbeebbc6f92d1ad3725a722f6d99b8e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:18:44:cd:6d:83:25:52:c3:cc:83:82:37:ef:
                    a8:5f:dc:c7:fb:cd:20:77:f6:08:7d:69:57:5d:d1:
                    28:64:45:d0:5d:43:1a:e1:ce:39:8b:66:99:bc:bd:
                    c8:f3:12:59:e8:dc:25:ab:31:ff:8c:7c:89:c2:8a:
                    d0:d1:04:1f:5d:fb:c9:96:67:f5:80:2e:c8:e1:64:
                    a0:64:6f:73:67:c3:3f:0f:12:b4:9c:67:27:d1:cf:
                    1c:3e:ca:36:cb:4b:5e:9b:4d:0b:dc:18:93:bb:6c:
                    ac:d2:52:13:4f:21:9c:71:b6:26:91:c9:32:7b:2b:
                    67:56:8e:f2:2c:b2:e8:98:d4:7e:17:39:aa:b6:cd:
                    77:00:61:73:e4:70:b1:aa:d8:69:8f:14:c5:16:5f:
                    38:cb:ac:35:10:78:17:d7:de:e3:ed:45:30:46:bc:
                    92:fa:46:ef:dd:8f:ea:a2:a7:fa:03:82:c2:b7:30:
                    21:d6:a9:e1:25:22:0c:65:35:a2:43:25:bb:8b:0c:
                    7e:39:f3:39:dd:e1:f3:a3:b4:62:3a:f7:ca:e1:6b:
                    70:4e:fd:16:39:f8:eb:ae:b8:3d:f8:90:7a:80:70:
                    c7:1a:fc:91:7e:fe:7e:14:03:33:0f:c4:0f:1a:34:
                    0d:aa:f4:cf:27:c8:04:f6:ca:26:16:5b:d1:9c:2b:
                    4e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:48:81:6F:CB:EE:BB:C6:F9:2D:1A:D3:72:5A:72:2F:6D:99:B8:E2
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WUiBb8vuu8b5LRrTclpyL22ZuOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:46:58:00:0f:2c:4a:08:98:60:0f:d9:d0:d8:bc:4c:e1:df:
         38:02:00:b7:a3:dc:4e:ac:00:2f:c8:d7:bf:5a:06:c2:5e:1f:
         04:3c:07:d9:31:fe:cd:56:03:c4:50:42:7f:75:6f:ff:f0:4e:
         3f:c2:05:22:b2:24:9e:78:e3:f3:17:f7:6b:06:d0:bd:05:0e:
         67:33:c2:ae:30:31:d4:79:68:ab:0b:bb:32:0c:40:c2:20:b3:
         dd:e9:4e:74:94:b3:30:c9:e9:96:5b:83:14:2d:9a:0d:53:cb:
         0e:ba:e7:22:24:13:20:a5:7e:a2:f6:62:84:f2:43:37:1e:27:
         7c:f5:c8:fb:7e:bd:05:9c:b1:11:b0:bc:b8:7a:d1:93:f1:62:
         85:4e:60:28:0a:73:59:3c:eb:2d:05:4b:62:df:31:2b:54:05:
         86:cb:da:fb:42:63:58:30:66:60:6e:8b:93:c2:dc:bd:6d:51:
         3d:16:67:a7:fa:e9:7f:70:b3:b4:77:6f:a6:46:78:17:3f:c2:
         56:47:5e:b9:5d:3d:d9:20:48:ce:26:3d:a1:66:61:73:c3:8a:
         03:08:6b:9c:ec:14:23:85:b5:41:56:d5:d6:58:ff:5f:b6:d3:
         a7:db:b2:b9:c4:c2:08:4e:94:f6:2c:3b:19:b0:6f:92:ef:03:
         18:ed:bb:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36xjoC5HpbBzcr/MnSghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTQ4ODE2ZmNiZWViYmM2ZjkyZDFhZDM3MjVhNzIyZjZkOTliOGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxhEzW2DJVLDzIOCN++oX9zH+80g
d/YIfWlXXdEoZEXQXUMa4c45i2aZvL3I8xJZ6NwlqzH/jHyJworQ0QQfXfvJlmf1
gC7I4WSgZG9zZ8M/DxK0nGcn0c8cPso2y0tem00L3BiTu2ys0lITTyGccbYmkcky
eytnVo7yLLLomNR+Fzmqts13AGFz5HCxqthpjxTFFl84y6w1EHgX197j7UUwRryS
+kbv3Y/qoqf6A4LCtzAh1qnhJSIMZTWiQyW7iwx+OfM53eHzo7RiOvfK4WtwTv0W
Ofjrrrg9+JB6gHDHGvyRfv5+FAMzD8QPGjQNqvTPJ8gE9somFlvRnCtOuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlIgW/L7rvG+S0a03Jaci9tmbjiMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvV1VpQmI4dnV1OGI1TFJyVGNscHlMMjJadU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYpLMA0G
CSqGSIb3DQEBCwUAA4IBAQACRlgADyxKCJhgD9nQ2LxM4d84AgC3o9xOrAAvyNe/
WgbCXh8EPAfZMf7NVgPEUEJ/dW//8E4/wgUisiSeeOPzF/drBtC9BQ5nM8KuMDHU
eWirC7syDEDCILPd6U50lLMwyemWW4MULZoNU8sOuuciJBMgpX6i9mKE8kM3Hid8
9cj7fr0FnLERsLy4etGT8WKFTmAoCnNZPOstBUti3zErVAWGy9r7QmNYMGZgbouT
wty9bVE9Fmen+ul/cLO0d2+mRngXP8JWR165XT3ZIEjOJj2hZmFzw4oDCGuc7BQj
hbVBVtXWWP9fttOn27K5xMIITpT2LDsZsG+S7wMY7bv6
-----END CERTIFICATE-----