Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/bHXKiCnQcej3QzWyNriIFEFMmyA.roa
File:                     bHXKiCnQcej3QzWyNriIFEFMmyA.roa (raw, json)
Hash identifier:          9ibCdCNmB8rA/jqv9Cew+WqOsPG+qSPH0RkGbzpSrKI=
Subject key identifier:   6C:75:CA:88:29:D0:71:E8:F7:43:35:B2:36:B8:88:14:41:4C:9B:20
Certificate issuer:       /CN=b1814a28a8c1ebe0adc33a1519b9883e3084bb59
Certificate serial:       018CC56DF856F0DF91489E08176D495303CB
Authority key identifier: B1:81:4A:28:A8:C1:EB:E0:AD:C3:3A:15:19:B9:88:3E:30:84:BB:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sYFKKKjB6-CtwzoVGbmIPjCEu1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/bHXKiCnQcej3QzWyNriIFEFMmyA.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.152.134.0/24 maxlen: 24
                          45.152.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/sYFKKKjB6-CtwzoVGbmIPjCEu1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/sYFKKKjB6-CtwzoVGbmIPjCEu1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sYFKKKjB6-CtwzoVGbmIPjCEu1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f8:56:f0:df:91:48:9e:08:17:6d:49:53:03:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1814a28a8c1ebe0adc33a1519b9883e3084bb59
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c75ca8829d071e8f74335b236b88814414c9b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:40:d8:d7:e4:24:f1:ad:a8:ae:e3:23:80:07:
                    3a:fe:3b:df:c9:3c:61:75:8f:30:83:ab:fe:02:a5:
                    99:b4:37:56:57:85:73:9f:59:56:a2:f4:0b:01:16:
                    c7:87:8e:70:6b:74:8b:ae:2f:52:52:fb:cd:da:01:
                    37:90:80:93:50:29:36:99:a6:b8:79:3f:92:ea:ec:
                    15:eb:b9:01:1a:62:5d:bd:3e:30:63:63:49:87:cf:
                    f5:a3:18:95:c2:52:fb:e9:a6:03:09:72:6a:36:e6:
                    c0:98:4a:66:a3:d2:17:47:a9:8a:15:db:71:3c:0a:
                    7b:48:61:4e:5f:35:af:74:f0:f0:9b:80:1d:20:65:
                    c3:15:ec:ed:95:f6:ee:c0:9f:b1:da:95:11:cd:31:
                    89:90:f1:c3:be:c4:ae:55:6b:a6:09:36:9c:47:43:
                    d0:45:44:2f:f4:f9:f9:bf:1b:e3:3a:6f:95:56:f0:
                    b5:8d:35:e9:7d:33:78:a3:42:91:b4:79:cb:a1:1d:
                    8a:e1:bd:3a:f9:4a:b3:55:c7:1c:a7:cd:85:ce:6e:
                    a0:46:4b:9e:06:8b:65:ed:fb:1d:06:53:72:07:e1:
                    e2:b8:08:10:19:38:6e:77:20:b2:0a:39:34:17:cb:
                    b0:c6:dd:b6:e2:70:1e:4e:b6:58:87:8a:57:2d:1c:
                    fc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:75:CA:88:29:D0:71:E8:F7:43:35:B2:36:B8:88:14:41:4C:9B:20
            X509v3 Authority Key Identifier:
                keyid:B1:81:4A:28:A8:C1:EB:E0:AD:C3:3A:15:19:B9:88:3E:30:84:BB:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sYFKKKjB6-CtwzoVGbmIPjCEu1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/bHXKiCnQcej3QzWyNriIFEFMmyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/sYFKKKjB6-CtwzoVGbmIPjCEu1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:12:da:dd:16:e2:9a:cd:f3:a7:76:fa:44:29:80:a8:c1:52:
         7f:8f:75:4d:a0:25:00:00:4e:0f:33:07:49:e7:cd:f1:9d:bc:
         47:8a:e8:49:72:9d:95:eb:17:7f:47:50:ad:dd:53:5c:02:b4:
         34:9a:01:19:8d:08:92:ef:3c:91:35:13:36:c9:3b:0a:09:6f:
         f9:5e:9c:4f:97:74:69:05:e1:02:c8:71:f4:02:a3:59:33:98:
         b0:16:2c:f9:2d:b5:53:84:a5:8d:7c:2c:5d:6c:fd:01:83:dd:
         d1:e5:ae:b1:41:b6:68:1e:08:2f:36:bc:3c:72:34:14:9c:10:
         f7:06:53:ba:61:9f:84:c6:cb:80:58:49:6b:27:11:30:c0:a4:
         4f:8d:96:4f:3a:e7:7f:e4:2a:be:6c:af:e7:30:d5:b4:41:00:
         43:da:3c:2a:86:99:fd:84:99:ba:e8:d9:6c:3d:ad:88:3c:45:
         3f:52:27:bc:a6:73:5c:23:61:0d:c9:eb:c4:21:5c:e8:43:1e:
         c8:0f:f1:19:fc:f0:5d:09:8a:f3:fb:8c:d0:15:ab:5c:b2:e5:
         de:dc:cf:ac:48:d0:dc:c3:de:07:f3:b5:3a:36:a5:80:05:50:
         92:cc:1a:b2:26:27:eb:8d:cf:42:1d:17:97:69:6a:81:55:ed:
         81:0a:5b:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfhW8N+RSJ4IF21JUwPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxODE0YTI4YThjMWViZTBhZGMzM2ExNTE5Yjk4ODNlMzA4
NGJiNTkwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc1Y2E4ODI5ZDA3MWU4Zjc0MzM1YjIzNmI4ODgxNDQxNGM5YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0DY1+Qk8a2oruMjgAc6/jvfyTxh
dY8wg6v+AqWZtDdWV4Vzn1lWovQLARbHh45wa3SLri9SUvvN2gE3kICTUCk2maa4
eT+S6uwV67kBGmJdvT4wY2NJh8/1oxiVwlL76aYDCXJqNubAmEpmo9IXR6mKFdtx
PAp7SGFOXzWvdPDwm4AdIGXDFeztlfbuwJ+x2pURzTGJkPHDvsSuVWumCTacR0PQ
RUQv9Pn5vxvjOm+VVvC1jTXpfTN4o0KRtHnLoR2K4b06+UqzVcccp82Fzm6gRkue
Botl7fsdBlNyB+HiuAgQGThudyCyCjk0F8uwxt224nAeTrZYh4pXLRz8WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGx1yogp0HHo90M1sja4iBRBTJsgMB8GA1UdIwQY
MBaAFLGBSiiowevgrcM6FRm5iD4whLtZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1lGS0tLakI2LUN0d3pvVkdibUlQakNFdTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8zZmJmZjYtNzNlZS00ODEyLThlNGIt
ODFkYWJjODFjMDVjLzEvYkhYS2lDblFjZWozUXpXeU5yaUlGRUZNbXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8zZmJmZjYtNzNlZS00ODEyLThlNGItODFkYWJjODFjMDVj
LzEvc1lGS0tLakI2LUN0d3pvVkdibUlQakNFdTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZiGMA0G
CSqGSIb3DQEBCwUAA4IBAQBbEtrdFuKazfOndvpEKYCowVJ/j3VNoCUAAE4PMwdJ
583xnbxHiuhJcp2V6xd/R1Ct3VNcArQ0mgEZjQiS7zyRNRM2yTsKCW/5XpxPl3Rp
BeECyHH0AqNZM5iwFiz5LbVThKWNfCxdbP0Bg93R5a6xQbZoHggvNrw8cjQUnBD3
BlO6YZ+ExsuAWElrJxEwwKRPjZZPOud/5Cq+bK/nMNW0QQBD2jwqhpn9hJm66Nls
Pa2IPEU/Uie8pnNcI2ENyevEIVzoQx7ID/EZ/PBdCYrz+4zQFatcsuXe3M+sSNDc
w94H87U6NqWABVCSzBqyJifrjc9CHReXaWqBVe2BClto
-----END CERTIFICATE-----