Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/kzL4SzL3rVJcvPuSufEVxarNApM.roa
File:                     kzL4SzL3rVJcvPuSufEVxarNApM.roa (raw, json)
Hash identifier:          Z+fY6MC5egAa8kYuv5ydbSQUOO1MuSGEjDT4LaVYunY=
Subject key identifier:   93:32:F8:4B:32:F7:AD:52:5C:BC:FB:92:B9:F1:15:C5:AA:CD:02:93
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5CCE91EBF48EC30509BA606109C5
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/kzL4SzL3rVJcvPuSufEVxarNApM.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133295
IP address blocks:        45.132.15.0/24 maxlen: 24
                          2a06:7a02::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5c:ce:91:eb:f4:8e:c3:05:09:ba:60:61:09:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9332f84b32f7ad525cbcfb92b9f115c5aacd0293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4b:2b:b4:0e:bc:bf:52:e3:df:68:c8:8c:4d:
                    82:3c:41:2f:57:46:f7:78:07:85:73:23:a2:2b:d3:
                    a5:bb:de:15:52:83:b4:4b:3a:c4:ab:08:6c:33:b8:
                    64:11:6d:1e:11:e8:d6:e7:04:3a:2f:3e:bc:27:1c:
                    a9:85:c3:87:e3:e5:ec:ec:53:5f:54:1e:78:df:80:
                    18:da:24:b5:f0:d7:6e:8b:ae:d1:ae:17:7e:a6:52:
                    a2:e0:61:68:ba:df:df:69:e9:5c:1b:d9:c8:ea:2c:
                    3e:1d:5d:c6:f3:17:57:38:cb:54:bc:86:bd:46:55:
                    5c:d1:5d:44:92:8b:7c:ad:2c:12:ff:60:a8:7f:13:
                    37:db:3d:ea:5b:a2:da:cd:01:5b:9f:cd:a7:36:dc:
                    3a:66:36:1c:d8:39:39:fd:9d:06:f0:7f:12:ca:bf:
                    c5:b8:9d:92:67:82:0a:4e:08:8b:f1:87:7b:72:d0:
                    2d:3c:2d:9e:bc:50:ba:e2:a4:22:d0:40:d5:f3:75:
                    88:89:4b:bc:ce:06:27:52:63:1e:11:18:c3:c2:dc:
                    c4:f8:53:36:44:fe:67:f6:66:c2:e5:a6:48:e6:f4:
                    57:73:df:ca:ec:2d:c2:d2:d7:5c:af:39:dd:77:90:
                    1f:cb:fa:9b:f3:2e:13:cf:93:a1:f0:d7:a5:5f:30:
                    b2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:32:F8:4B:32:F7:AD:52:5C:BC:FB:92:B9:F1:15:C5:AA:CD:02:93
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/kzL4SzL3rVJcvPuSufEVxarNApM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.15.0/24
                IPv6:
                  2a06:7a02::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:bb:3d:51:8a:e1:b1:98:09:f4:d6:f3:32:93:1e:af:24:85:
         c7:e2:22:f0:7a:04:99:60:d8:d1:d5:1f:d1:04:b9:c2:7b:dd:
         08:8e:48:eb:8e:85:06:61:b9:e9:6d:a9:a1:4f:e8:68:fc:e2:
         a5:64:a4:6d:e3:a8:4a:bc:7f:a8:61:26:a7:87:21:d1:5f:d8:
         06:7c:9a:be:dc:d9:74:a9:06:65:ef:68:7d:1c:3d:af:52:12:
         3d:09:d0:46:2b:6c:8c:80:7d:d4:77:9a:2a:99:88:01:ab:bf:
         6a:cc:2c:1c:cb:9f:b4:ec:92:ee:f3:44:62:5e:5c:5c:61:e2:
         c1:00:85:9f:1e:b8:92:27:37:01:7a:90:62:2c:13:47:42:ec:
         9f:a5:44:cd:3e:61:b9:20:4a:33:2b:1c:73:27:ad:92:1f:a9:
         e5:4b:5a:6b:26:b6:ce:85:cc:cf:81:e2:69:bf:c0:d4:d5:ca:
         c9:e6:57:52:8b:9f:fe:54:eb:1d:6c:8d:2a:4a:52:ff:5c:c1:
         d3:b1:1e:30:87:67:21:5e:0b:46:75:8d:fc:df:9d:04:35:6d:
         2c:71:ed:4e:46:8e:af:3a:3d:7b:c5:e4:b1:5b:a4:84:99:d3:
         3f:68:c0:ad:6f:1a:db:ea:48:be:1f:a7:c9:da:5d:b5:7b:3e:
         88:d3:fe:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK1zOkev0jsMFCbpgYQnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzMyZjg0YjMyZjdhZDUyNWNiY2ZiOTJiOWYxMTVjNWFhY2QwMjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqksrtA68v1Lj32jIjE2CPEEvV0b3
eAeFcyOiK9Olu94VUoO0SzrEqwhsM7hkEW0eEejW5wQ6Lz68JxyphcOH4+Xs7FNf
VB5434AY2iS18Ndui67Rrhd+plKi4GFout/faelcG9nI6iw+HV3G8xdXOMtUvIa9
RlVc0V1Ekot8rSwS/2CofxM32z3qW6LazQFbn82nNtw6ZjYc2Dk5/Z0G8H8Syr/F
uJ2SZ4IKTgiL8Yd7ctAtPC2evFC64qQi0EDV83WIiUu8zgYnUmMeERjDwtzE+FM2
RP5n9mbC5aZI5vRXc9/K7C3C0tdcrzndd5Afy/qb8y4Tz5Oh8NelXzCyuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJMy+Esy961SXLz7krnxFcWqzQKTMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEva3pMNFN6TDNyVkpjdlB1U3VmRVZ4YXJOQXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALYQPMA8E
AgACMAkDBwAqBnoCAAAwDQYJKoZIhvcNAQELBQADggEBAI27PVGK4bGYCfTW8zKT
Hq8khcfiIvB6BJlg2NHVH9EEucJ73QiOSOuOhQZhueltqaFP6Gj84qVkpG3jqEq8
f6hhJqeHIdFf2AZ8mr7c2XSpBmXvaH0cPa9SEj0J0EYrbIyAfdR3miqZiAGrv2rM
LBzLn7Tsku7zRGJeXFxh4sEAhZ8euJInNwF6kGIsE0dC7J+lRM0+YbkgSjMrHHMn
rZIfqeVLWmsmts6FzM+B4mm/wNTVysnmV1KLn/5U6x1sjSpKUv9cwdOxHjCHZyFe
C0Z1jfzfnQQ1bSxx7U5Gjq86PXvF5LFbpISZ0z9owK1vGtvqSL4fp8naXbV7PojT
/qk=
-----END CERTIFICATE-----