Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e91813-927e-47a5-b702-de5378461fee/1/ztU_x7uZ38opmt-sCFZiQVzDLsQ.roa
File:                     ztU_x7uZ38opmt-sCFZiQVzDLsQ.roa (raw, json)
Hash identifier:          FxJF/4Oi81Ix97QsxLlwXRswLAJeRIeN3M65z7bMD1Q=
Subject key identifier:   CE:D5:3F:C7:BB:99:DF:CA:29:9A:DF:AC:08:56:62:41:5C:C3:2E:C4
Certificate issuer:       /CN=b39c70f7ce3831b8f2cce89db14a27ddaa0e99c2
Certificate serial:       018CC3492E7EBA3A8058392A6199D9E65A60
Authority key identifier: B3:9C:70:F7:CE:38:31:B8:F2:CC:E8:9D:B1:4A:27:DD:AA:0E:99:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5xw9844MbjyzOidsUon3aoOmcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e91813-927e-47a5-b702-de5378461fee/1/ztU_x7uZ38opmt-sCFZiQVzDLsQ.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47952
IP address blocks:        45.130.14.0/24 maxlen: 24
                          45.130.13.0/24 maxlen: 24
                          45.130.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e91813-927e-47a5-b702-de5378461fee/1/s5xw9844MbjyzOidsUon3aoOmcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e91813-927e-47a5-b702-de5378461fee/1/s5xw9844MbjyzOidsUon3aoOmcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5xw9844MbjyzOidsUon3aoOmcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2e:7e:ba:3a:80:58:39:2a:61:99:d9:e6:5a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b39c70f7ce3831b8f2cce89db14a27ddaa0e99c2
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ced53fc7bb99dfca299adfac085662415cc32ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:10:1c:3a:a6:c7:97:5b:f9:1e:e5:a3:57:2c:
                    68:d1:ce:8f:f3:83:95:65:d3:fa:4d:57:cf:09:ff:
                    49:66:31:c0:b5:ca:73:21:65:03:9f:4f:c8:97:2a:
                    e9:1e:a8:90:89:70:a3:2d:ff:89:33:b5:26:9d:a8:
                    15:d8:3a:d6:d9:83:6a:0b:72:fe:68:c1:c4:9c:4b:
                    4e:f7:6f:9f:0c:2a:51:01:fa:b0:eb:a4:65:a1:46:
                    b6:25:54:c7:21:29:73:33:ec:c8:e9:7b:fa:b0:77:
                    b5:9f:21:fb:9a:3d:41:60:d1:75:86:4c:f0:89:7d:
                    19:da:85:db:46:62:d5:c4:d1:6f:51:01:07:1a:0d:
                    48:b5:4d:92:fc:c6:4c:10:7f:08:e0:9f:ad:8c:91:
                    e2:8d:b1:14:38:7f:e4:1a:b2:d4:a7:97:51:0a:a4:
                    81:6d:4e:2a:ac:32:78:d0:96:2a:fc:2c:3c:4e:2b:
                    48:c7:14:68:ec:db:cd:67:32:5d:5e:42:b6:6c:c3:
                    f7:1e:70:fb:a0:e5:9c:10:c7:35:b3:01:a4:2c:e0:
                    51:e5:2a:3c:31:e1:68:37:f7:99:67:a5:a9:58:ba:
                    10:8d:9c:f7:e3:0b:7b:f6:c0:91:dc:03:e1:c3:99:
                    6d:59:c4:6c:9b:11:cf:81:f1:e2:a7:dd:62:01:cf:
                    82:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D5:3F:C7:BB:99:DF:CA:29:9A:DF:AC:08:56:62:41:5C:C3:2E:C4
            X509v3 Authority Key Identifier:
                keyid:B3:9C:70:F7:CE:38:31:B8:F2:CC:E8:9D:B1:4A:27:DD:AA:0E:99:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5xw9844MbjyzOidsUon3aoOmcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e91813-927e-47a5-b702-de5378461fee/1/ztU_x7uZ38opmt-sCFZiQVzDLsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e91813-927e-47a5-b702-de5378461fee/1/s5xw9844MbjyzOidsUon3aoOmcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.13.0-45.130.15.255

    Signature Algorithm: sha256WithRSAEncryption
         ee:e0:be:7a:4c:dc:44:d4:c6:dd:e9:a3:3e:04:4e:b6:6c:35:
         7d:7f:06:04:a4:6e:c3:3e:ec:56:af:40:19:a5:a3:08:57:a8:
         e0:a2:b9:ed:46:2f:ef:82:34:39:c0:10:22:94:a6:6e:bb:ca:
         0a:08:65:06:93:6d:fe:70:d2:04:c5:b9:b4:f6:aa:ab:25:c3:
         9d:74:95:a8:ba:8c:ef:76:4a:7d:66:60:e5:59:3e:4d:fe:5a:
         bd:2d:de:a6:3a:14:c2:b7:8b:c2:c0:2a:d5:6e:5b:d1:ed:e0:
         09:aa:8a:8d:a7:e9:12:75:12:15:9d:d4:43:bb:67:d3:72:03:
         df:d8:71:52:14:a5:81:b3:6c:41:1d:17:52:0f:62:aa:4b:38:
         6f:8b:e2:6a:ed:55:ee:fa:2d:27:3d:5c:34:da:ba:94:97:e0:
         99:ce:fe:fe:ba:4a:df:cf:a7:86:4f:44:9d:cb:a7:33:15:da:
         bb:85:04:59:cb:98:fe:19:93:09:37:16:5a:43:14:08:c9:b6:
         5f:ec:24:c1:f8:51:3d:29:e8:b9:6e:11:1f:ae:10:70:70:a0:
         f8:95:d7:61:ed:d1:c5:45:cf:c5:6d:64:ac:cb:da:e4:fa:8c:
         7f:ba:15:f0:26:7e:78:df:48:16:11:7b:cb:b2:ef:ae:05:eb:
         ce:70:f7:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSS5+ujqAWDkqYZnZ5lpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOWM3MGY3Y2UzODMxYjhmMmNjZTg5ZGIxNGEyN2RkYWEw
ZTk5YzIwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWQ1M2ZjN2JiOTlkZmNhMjk5YWRmYWMwODU2NjI0MTVjYzMyZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRAcOqbHl1v5HuWjVyxo0c6P84OV
ZdP6TVfPCf9JZjHAtcpzIWUDn0/IlyrpHqiQiXCjLf+JM7UmnagV2DrW2YNqC3L+
aMHEnEtO92+fDCpRAfqw66RloUa2JVTHISlzM+zI6Xv6sHe1nyH7mj1BYNF1hkzw
iX0Z2oXbRmLVxNFvUQEHGg1ItU2S/MZMEH8I4J+tjJHijbEUOH/kGrLUp5dRCqSB
bU4qrDJ40JYq/Cw8TitIxxRo7NvNZzJdXkK2bMP3HnD7oOWcEMc1swGkLOBR5So8
MeFoN/eZZ6WpWLoQjZz34wt79sCR3APhw5ltWcRsmxHPgfHip91iAc+CUQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM7VP8e7md/KKZrfrAhWYkFcwy7EMB8GA1UdIwQY
MBaAFLOccPfOODG48szonbFKJ92qDpnCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczV4dzk4NDRNYmp5ek9pZHNVb24zYW9PbWNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lOTE4MTMtOTI3ZS00N2E1LWI3MDIt
ZGU1Mzc4NDYxZmVlLzEvenRVX3g3dVozOG9wbXQtc0NGWmlRVnpETHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lOTE4MTMtOTI3ZS00N2E1LWI3MDItZGU1Mzc4NDYxZmVl
LzEvczV4dzk4NDRNYmp5ek9pZHNVb24zYW9PbWNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtgg0D
BAQtggAwDQYJKoZIhvcNAQELBQADggEBAO7gvnpM3ETUxt3poz4ETrZsNX1/BgSk
bsM+7FavQBmlowhXqOCiue1GL++CNDnAECKUpm67ygoIZQaTbf5w0gTFubT2qqsl
w510lai6jO92Sn1mYOVZPk3+Wr0t3qY6FMK3i8LAKtVuW9Ht4Amqio2n6RJ1EhWd
1EO7Z9NyA9/YcVIUpYGzbEEdF1IPYqpLOG+L4mrtVe76LSc9XDTaupSX4JnO/v66
St/Pp4ZPRJ3LpzMV2ruFBFnLmP4Zkwk3FlpDFAjJtl/sJMH4UT0p6LluER+uEHBw
oPiV12Ht0cVFz8VtZKzL2uT6jH+6FfAmfnjfSBYRe8uy764F685w97Y=
-----END CERTIFICATE-----