Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/wBLg01s1qfagLMmGWXJiiLsTaOY.roa
File:                     wBLg01s1qfagLMmGWXJiiLsTaOY.roa (raw, json)
Hash identifier:          KOk0sBAS85yWhWe/9s42cCrYoG7lR/aniXA5zGlJjN4=
Subject key identifier:   C0:12:E0:D3:5B:35:A9:F6:A0:2C:C9:86:59:72:62:88:BB:13:68:E6
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       018F94E3BED7E9F23EC9847B4F2F1ADFB645
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/wBLg01s1qfagLMmGWXJiiLsTaOY.roa
Signing time:             Mon 20 May 2024 07:25:04 +0000
ROA not before:           Mon 20 May 2024 07:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        45.140.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:94:e3:be:d7:e9:f2:3e:c9:84:7b:4f:2f:1a:df:b6:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: May 20 07:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c012e0d35b35a9f6a02cc98659726288bb1368e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:9c:61:5c:48:da:19:04:86:ef:ee:00:94:
                    6a:21:75:a1:1b:02:7f:c1:0b:7f:f4:d1:f2:7c:e6:
                    00:d9:f8:54:9b:b4:92:69:8d:68:19:a1:a8:c0:43:
                    39:32:56:64:c6:05:76:1a:cb:6f:d9:7a:a2:ac:03:
                    26:ff:c8:75:3d:95:c4:e8:29:0b:d3:56:61:ca:87:
                    08:46:8e:eb:80:9a:40:65:77:1f:88:12:98:d8:48:
                    de:d0:95:9c:d5:b5:24:1e:f4:15:36:10:7e:94:f8:
                    54:de:5d:72:b6:7e:6c:21:47:6a:61:eb:0f:02:ae:
                    15:bc:2a:b7:a1:b0:e6:de:bb:3b:16:77:cd:95:31:
                    4c:02:dc:af:a7:bf:6a:89:d3:89:c3:eb:f9:29:6f:
                    16:c9:cb:df:85:d3:0c:4a:3c:8b:12:88:ab:bb:bd:
                    03:76:a1:46:ac:66:5c:2b:67:96:ba:4a:74:69:94:
                    6d:00:e0:5f:08:c1:6d:25:9a:7d:58:ec:14:6f:af:
                    a6:21:42:84:b7:e1:35:0e:9e:89:7b:b5:33:2c:b9:
                    1f:bf:f8:2b:75:06:88:48:d7:e2:12:07:b7:e8:df:
                    6d:e8:ea:7b:73:22:e2:1b:1d:62:a9:f9:37:3e:18:
                    60:87:e7:42:5d:18:6a:30:ae:2d:c7:61:19:20:cb:
                    1e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:12:E0:D3:5B:35:A9:F6:A0:2C:C9:86:59:72:62:88:BB:13:68:E6
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/wBLg01s1qfagLMmGWXJiiLsTaOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:1a:2a:2a:0e:6a:3c:7e:0e:72:7e:d9:63:39:b1:71:98:a5:
         4f:c1:a6:7e:5e:a7:c4:11:30:8d:84:29:ab:ce:b2:49:51:50:
         81:d8:a3:65:9d:1d:37:d7:7b:ee:3e:08:f1:a9:e5:7a:d0:25:
         0a:a9:8c:4d:45:fc:ab:11:1e:74:6d:86:37:35:ff:ac:ac:58:
         f5:fa:9a:ea:fb:3a:08:95:d1:ba:b2:64:31:f8:ec:73:3e:5f:
         36:f1:ee:ec:5b:28:b1:aa:26:62:82:16:21:6b:64:8b:67:49:
         d0:57:20:15:67:2f:07:d4:7a:92:c6:95:71:55:54:b9:b1:50:
         98:eb:1c:fc:6c:b7:9f:11:1b:f6:01:ef:84:4b:05:fc:e8:12:
         c1:fb:19:ae:97:2e:c1:75:e5:a2:22:1f:c3:a5:7e:24:da:0c:
         73:ed:ba:38:51:51:a9:13:55:d7:19:26:5f:91:ad:9e:24:1e:
         f2:35:be:93:60:92:cb:e9:77:43:20:35:c7:f4:6e:36:2a:06:
         77:00:2a:09:1f:96:e3:4b:59:93:e3:c4:01:c5:87:d4:73:48:
         d1:70:8e:f5:78:be:76:2d:85:36:8a:fe:7c:ce:bb:28:89:a0:
         22:dd:fd:91:dc:f3:e4:19:12:67:7b:4a:91:e9:86:1b:39:8d:
         50:d7:d1:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+U477X6fI+yYR7Ty8a37ZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQwNTIwMDcyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDEyZTBkMzViMzVhOWY2YTAyY2M5ODY1OTcyNjI4OGJiMTM2OGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEqcYVxI2hkEhu/uAJRqIXWhGwJ/
wQt/9NHyfOYA2fhUm7SSaY1oGaGowEM5MlZkxgV2Gstv2XqirAMm/8h1PZXE6CkL
01ZhyocIRo7rgJpAZXcfiBKY2Eje0JWc1bUkHvQVNhB+lPhU3l1ytn5sIUdqYesP
Aq4VvCq3obDm3rs7FnfNlTFMAtyvp79qidOJw+v5KW8WycvfhdMMSjyLEoiru70D
dqFGrGZcK2eWukp0aZRtAOBfCMFtJZp9WOwUb6+mIUKEt+E1Dp6Je7UzLLkfv/gr
dQaISNfiEge36N9t6Op7cyLiGx1iqfk3Phhgh+dCXRhqMK4tx2EZIMseUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAS4NNbNan2oCzJhllyYoi7E2jmMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvd0JMZzAxczFxZmFnTE1tR1dYSmlpTHNUYU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYw7MA0G
CSqGSIb3DQEBCwUAA4IBAQBFGioqDmo8fg5yftljObFxmKVPwaZ+XqfEETCNhCmr
zrJJUVCB2KNlnR0313vuPgjxqeV60CUKqYxNRfyrER50bYY3Nf+srFj1+prq+zoI
ldG6smQx+OxzPl828e7sWyixqiZighYha2SLZ0nQVyAVZy8H1HqSxpVxVVS5sVCY
6xz8bLefERv2Ae+ESwX86BLB+xmuly7BdeWiIh/DpX4k2gxz7bo4UVGpE1XXGSZf
ka2eJB7yNb6TYJLL6XdDIDXH9G42KgZ3ACoJH5bjS1mT48QBxYfUc0jRcI71eL52
LYU2iv58zrsoiaAi3f2R3PPkGRJne0qR6YYbOY1Q19FQ
-----END CERTIFICATE-----