Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/nBBOyZn4hnxGryTiBe8h5EXuuD8.roa
File:                     nBBOyZn4hnxGryTiBe8h5EXuuD8.roa (raw, json)
Hash identifier:          k8avLjFcgfUGlRWw6o6SvuEl7eR8NarJjyV5Ci7ic2U=
Subject key identifier:   9C:10:4E:C9:99:F8:86:7C:46:AF:24:E2:05:EF:21:E4:45:EE:B8:3F
Certificate issuer:       /CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
Certificate serial:       018CC26D31DBAB5B957D22E6BDDBACE6D8FB
Authority key identifier: BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/nBBOyZn4hnxGryTiBe8h5EXuuD8.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        45.94.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:db:ab:5b:95:7d:22:e6:bd:db:ac:e6:d8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c104ec999f8867c46af24e205ef21e445eeb83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b7:76:ac:bf:d0:b7:10:bd:18:b2:b5:52:6d:
                    3b:0b:45:09:72:ae:6d:6c:11:97:01:fc:7e:bb:9f:
                    a1:0b:dd:2d:94:10:c1:87:33:57:a8:8f:6e:c7:80:
                    0d:8a:12:db:d9:e4:48:8f:e6:fc:89:ca:71:be:f5:
                    26:57:bb:46:f8:99:70:47:25:ed:d8:f6:c0:76:9b:
                    e3:c2:2e:71:08:40:78:22:b0:85:92:df:7a:82:aa:
                    e5:93:20:9f:0f:03:1b:12:86:fb:e6:eb:80:98:65:
                    2d:40:10:da:19:ac:e8:88:80:53:5d:28:32:7b:37:
                    89:e2:31:db:c4:ed:d5:08:b4:2d:3b:1d:e9:f2:0d:
                    f1:cf:81:a2:c9:50:49:60:49:b9:6f:95:b5:af:2c:
                    a6:3f:89:33:29:70:c3:30:44:7c:08:06:90:ef:ee:
                    b7:74:c0:11:e8:16:f7:c3:ac:42:19:42:68:7c:08:
                    0e:38:f2:5c:43:1e:ec:67:7e:fc:20:22:14:14:b9:
                    91:fb:51:ee:58:0a:75:82:b5:a8:23:09:61:11:86:
                    0d:dc:c7:58:72:a7:05:7f:cb:34:a5:93:e7:52:25:
                    c2:ad:e8:84:2c:fa:f3:af:72:fe:88:2e:25:5a:78:
                    5f:ed:7d:57:72:2b:b4:31:f8:80:37:bb:b1:7e:dc:
                    5a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:10:4E:C9:99:F8:86:7C:46:AF:24:E2:05:EF:21:E4:45:EE:B8:3F
            X509v3 Authority Key Identifier:
                keyid:BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/nBBOyZn4hnxGryTiBe8h5EXuuD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:75:32:e6:93:9b:d0:73:d6:03:59:66:58:c7:38:c8:19:ab:
         d7:13:b7:ca:68:0e:f1:a7:d0:fb:4a:d5:cf:18:d6:19:18:d7:
         e3:2e:bf:75:ff:c9:8a:9a:8b:33:a8:7c:12:41:ee:85:f6:fe:
         c2:01:eb:78:d6:43:7f:10:3b:29:8b:96:be:b8:2e:a0:64:39:
         08:ee:f7:9b:b5:b2:b4:08:66:7b:be:d3:82:0d:b7:49:79:55:
         2e:fc:29:6c:0b:55:93:6f:f1:51:a1:b1:1c:f5:af:05:33:3c:
         b4:18:75:a5:a9:d3:12:7e:32:c4:89:01:1a:f6:09:e0:93:6a:
         5a:7a:cd:7a:46:df:a5:a0:1e:31:56:01:dc:1b:af:30:9d:2b:
         16:54:03:2a:17:d7:f8:bc:b6:de:57:df:1f:77:3a:61:ba:b6:
         c6:dc:2b:b5:01:36:e6:7b:91:f2:e5:b3:46:df:fd:84:90:88:
         eb:a3:78:de:2c:9c:2f:d8:a0:b1:f9:30:d7:ad:c3:0b:8f:9e:
         bd:94:66:2e:24:23:57:d5:a8:59:43:24:c8:fd:71:23:a0:b3:
         2f:8d:32:e2:b5:2f:72:5a:84:1d:82:40:94:49:dd:2e:87:4c:
         0f:a0:fc:f5:20:a3:e9:64:fd:b1:22:8a:d3:8c:32:45:6d:c5:
         17:62:50:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTHbq1uVfSLmvdus5tj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjgzZTk5YmY3MjU0Zjk0ODA1N2E1ZTk4MWJlNmZhNWMy
MDU0ZGQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzEwNGVjOTk5Zjg4NjdjNDZhZjI0ZTIwNWVmMjFlNDQ1ZWViODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7d2rL/QtxC9GLK1Um07C0UJcq5t
bBGXAfx+u5+hC90tlBDBhzNXqI9ux4ANihLb2eRIj+b8icpxvvUmV7tG+JlwRyXt
2PbAdpvjwi5xCEB4IrCFkt96gqrlkyCfDwMbEob75uuAmGUtQBDaGazoiIBTXSgy
ezeJ4jHbxO3VCLQtOx3p8g3xz4GiyVBJYEm5b5W1ryymP4kzKXDDMER8CAaQ7+63
dMAR6Bb3w6xCGUJofAgOOPJcQx7sZ378ICIUFLmR+1HuWAp1grWoIwlhEYYN3MdY
cqcFf8s0pZPnUiXCreiELPrzr3L+iC4lWnhf7X1Xciu0MfiAN7uxftxaHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwQTsmZ+IZ8Rq8k4gXvIeRF7rg/MB8GA1UdIwQY
MBaAFL24Ppm/clT5SAV6Xpgb5vpcIFTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEt
ZTQ5NWFhYTBjYWMwLzEvbkJCT3labjRobnhHcnlUaUJlOGg1RVh1dUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEtZTQ5NWFhYTBjYWMw
LzEvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6YMA0G
CSqGSIb3DQEBCwUAA4IBAQBcdTLmk5vQc9YDWWZYxzjIGavXE7fKaA7xp9D7StXP
GNYZGNfjLr91/8mKmoszqHwSQe6F9v7CAet41kN/EDspi5a+uC6gZDkI7vebtbK0
CGZ7vtOCDbdJeVUu/ClsC1WTb/FRobEc9a8FMzy0GHWlqdMSfjLEiQEa9gngk2pa
es16Rt+loB4xVgHcG68wnSsWVAMqF9f4vLbeV98fdzphurbG3Cu1ATbme5Hy5bNG
3/2EkIjro3jeLJwv2KCx+TDXrcMLj569lGYuJCNX1ahZQyTI/XEjoLMvjTLitS9y
WoQdgkCUSd0uh0wPoPz1IKPpZP2xIorTjDJFbcUXYlDJ
-----END CERTIFICATE-----