Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/acdf4f-f10a-4323-893a-ba102cdb2397/1/mbHJoB2H4sXOdibtPq7QNGEo8Wg.roa
File:                     mbHJoB2H4sXOdibtPq7QNGEo8Wg.roa (raw, json)
Hash identifier:          JEi6BLbzZ+JxiTGdZsw+6ctDHylQaQ9Ts7H3KV8vkfQ=
Subject key identifier:   99:B1:C9:A0:1D:87:E2:C5:CE:76:26:ED:3E:AE:D0:34:61:28:F1:68
Certificate issuer:       /CN=0f516df64b3941b046743411ed86ea6030d72fba
Certificate serial:       018CC6B77A8E7BAB4214D6E9981D61ACA30E
Authority key identifier: 0F:51:6D:F6:4B:39:41:B0:46:74:34:11:ED:86:EA:60:30:D7:2F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D1Ft9ks5QbBGdDQR7YbqYDDXL7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/acdf4f-f10a-4323-893a-ba102cdb2397/1/mbHJoB2H4sXOdibtPq7QNGEo8Wg.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208123
IP address blocks:        45.159.40.0/22 maxlen: 22
                          2a0f:6e80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/acdf4f-f10a-4323-893a-ba102cdb2397/1/D1Ft9ks5QbBGdDQR7YbqYDDXL7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/acdf4f-f10a-4323-893a-ba102cdb2397/1/D1Ft9ks5QbBGdDQR7YbqYDDXL7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D1Ft9ks5QbBGdDQR7YbqYDDXL7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7a:8e:7b:ab:42:14:d6:e9:98:1d:61:ac:a3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f516df64b3941b046743411ed86ea6030d72fba
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99b1c9a01d87e2c5ce7626ed3eaed0346128f168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a8:7e:1e:20:5d:48:a8:da:0d:d4:a3:e5:8a:
                    06:19:11:6c:97:a0:06:6e:4c:ab:c1:ac:30:d9:c2:
                    96:d2:4d:81:d9:5d:b6:14:50:c5:7a:bd:7f:ab:22:
                    7e:3d:c1:55:4d:ae:26:04:36:5f:1e:c8:e4:7b:8d:
                    4b:68:1b:74:1e:9f:08:41:51:74:8e:7f:9e:77:27:
                    72:d0:fd:0b:cd:04:9d:06:68:9e:59:8b:3f:9e:bf:
                    dd:f1:09:93:37:82:22:6e:75:be:29:2b:29:9e:b7:
                    c1:bb:92:f3:57:a3:e8:d6:e3:30:e7:8e:47:22:69:
                    f7:cc:f9:93:1c:24:81:65:71:31:67:9e:e0:3e:1d:
                    e5:97:94:ae:28:77:e4:42:2d:70:24:2c:c4:f6:59:
                    a1:94:13:b6:aa:24:80:53:67:39:5a:ca:7f:bd:92:
                    8f:05:cd:f5:83:e7:4a:8c:50:23:a1:a7:87:fa:f4:
                    42:66:1e:36:ef:8e:df:e2:d3:ad:c1:e0:14:36:e1:
                    89:7c:68:42:3f:7f:57:36:1d:16:ed:f1:d4:58:57:
                    57:78:c5:2b:14:e4:99:66:0f:14:e4:ca:c2:dc:a4:
                    fd:52:84:fe:44:73:8c:28:ed:6e:77:fc:33:3d:b2:
                    ff:10:0a:ea:9e:ba:17:49:79:93:3d:90:c5:8d:13:
                    2f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:B1:C9:A0:1D:87:E2:C5:CE:76:26:ED:3E:AE:D0:34:61:28:F1:68
            X509v3 Authority Key Identifier:
                keyid:0F:51:6D:F6:4B:39:41:B0:46:74:34:11:ED:86:EA:60:30:D7:2F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D1Ft9ks5QbBGdDQR7YbqYDDXL7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/acdf4f-f10a-4323-893a-ba102cdb2397/1/mbHJoB2H4sXOdibtPq7QNGEo8Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/acdf4f-f10a-4323-893a-ba102cdb2397/1/D1Ft9ks5QbBGdDQR7YbqYDDXL7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.40.0/22
                IPv6:
                  2a0f:6e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:b2:f9:b5:90:84:12:45:ca:81:d0:82:0a:cc:6c:ad:a2:f5:
         ab:10:6e:9c:82:29:ff:12:c1:df:01:52:0a:62:66:87:a2:8d:
         db:18:4e:be:b6:b3:85:cc:8c:43:b7:5f:e3:a7:27:29:79:7d:
         ca:ab:e2:e0:79:23:d3:a6:3f:82:e7:d9:0f:e9:86:11:a4:2d:
         d2:ea:77:55:d5:35:be:11:82:70:54:0d:df:65:9c:cc:e8:ca:
         cb:d7:53:3c:fc:31:53:e2:38:52:83:42:3c:a9:f5:d6:c1:35:
         5f:6f:17:3e:21:f3:dc:f6:37:88:80:6d:a7:15:b8:b4:51:44:
         87:b6:4b:88:5e:43:32:ce:3f:9f:07:69:08:5b:ab:26:54:9d:
         6f:bf:83:91:c7:cf:a0:31:04:8a:a6:c9:a1:52:3f:bb:14:09:
         9a:f6:2d:e7:c1:8a:3b:95:eb:39:a6:1f:39:e0:9b:1a:b0:29:
         18:fb:5d:5c:24:0f:39:43:de:0a:45:f3:70:ad:ee:9f:7a:1c:
         d0:48:19:b8:4d:e2:9d:c6:ef:d4:1e:b6:f6:5d:a6:93:11:48:
         20:19:19:84:9f:df:ba:20:e7:67:f8:c2:90:81:c1:8e:2d:d5:
         4f:26:22:52:ff:44:ec:1a:ea:ff:69:36:28:2f:b9:7d:bd:f1:
         62:18:d3:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt3qOe6tCFNbpmB1hrKMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNTE2ZGY2NGIzOTQxYjA0Njc0MzQxMWVkODZlYTYwMzBk
NzJmYmEwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWIxYzlhMDFkODdlMmM1Y2U3NjI2ZWQzZWFlZDAzNDYxMjhmMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6h+HiBdSKjaDdSj5YoGGRFsl6AG
bkyrwaww2cKW0k2B2V22FFDFer1/qyJ+PcFVTa4mBDZfHsjke41LaBt0Hp8IQVF0
jn+edydy0P0LzQSdBmieWYs/nr/d8QmTN4IibnW+KSspnrfBu5LzV6Po1uMw545H
Imn3zPmTHCSBZXExZ57gPh3ll5SuKHfkQi1wJCzE9lmhlBO2qiSAU2c5Wsp/vZKP
Bc31g+dKjFAjoaeH+vRCZh42747f4tOtweAUNuGJfGhCP39XNh0W7fHUWFdXeMUr
FOSZZg8U5MrC3KT9UoT+RHOMKO1ud/wzPbL/EArqnroXSXmTPZDFjRMvlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJmxyaAdh+LFznYm7T6u0DRhKPFoMB8GA1UdIwQY
MBaAFA9RbfZLOUGwRnQ0Ee2G6mAw1y+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDFGdDlrczVRYkJHZERRUjdZYnFZRERYTDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9hY2RmNGYtZjEwYS00MzIzLTg5M2Et
YmExMDJjZGIyMzk3LzEvbWJISm9CMkg0c1hPZGlidFBxN1FOR0VvOFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9hY2RmNGYtZjEwYS00MzIzLTg5M2EtYmExMDJjZGIyMzk3
LzEvRDFGdDlrczVRYkJHZERRUjdZYnFZRERYTDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ8oMA0E
AgACMAcDBQAqD26AMA0GCSqGSIb3DQEBCwUAA4IBAQAJsvm1kIQSRcqB0IIKzGyt
ovWrEG6cgin/EsHfAVIKYmaHoo3bGE6+trOFzIxDt1/jpycpeX3Kq+LgeSPTpj+C
59kP6YYRpC3S6ndV1TW+EYJwVA3fZZzM6MrL11M8/DFT4jhSg0I8qfXWwTVfbxc+
IfPc9jeIgG2nFbi0UUSHtkuIXkMyzj+fB2kIW6smVJ1vv4ORx8+gMQSKpsmhUj+7
FAma9i3nwYo7les5ph854JsasCkY+11cJA85Q94KRfNwre6fehzQSBm4TeKdxu/U
Hrb2XaaTEUggGRmEn9+6IOdn+MKQgcGOLdVPJiJS/0TsGur/aTYoL7l9vfFiGNPq
-----END CERTIFICATE-----