Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/KIUZIVBBXBPRMMiT0zA5qiApYos.roa
File:                     KIUZIVBBXBPRMMiT0zA5qiApYos.roa (raw, json)
Hash identifier:          IYV+5RrSW0OxizLkBqqY+KUjUgQQfNe2d1o3c4USv/4=
Subject key identifier:   28:85:19:21:50:41:5C:13:D1:30:C8:93:D3:30:39:AA:20:29:62:8B
Certificate issuer:       /CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
Certificate serial:       018CC2DB2C5EFD8C66DB9BE5DA4CEDBAEE9F
Authority key identifier: B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/KIUZIVBBXBPRMMiT0zA5qiApYos.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202422
IP address blocks:        45.135.229.0/24 maxlen: 24
                          45.135.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2c:5e:fd:8c:66:db:9b:e5:da:4c:ed:ba:ee:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2885192150415c13d130c893d33039aa2029628b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:95:0a:3b:72:9f:a7:68:c6:c4:69:aa:4d:70:
                    bd:15:1b:9b:41:b8:f2:b8:08:5b:04:a7:f2:cf:95:
                    69:6e:2a:84:cf:27:8e:e3:29:6e:d1:63:21:23:56:
                    bc:34:32:a6:b0:50:9a:7c:b2:06:9f:ae:98:fc:d2:
                    3f:04:79:19:10:ed:07:52:99:e4:65:0c:6d:c1:c6:
                    99:86:8b:18:fb:7d:1a:1a:20:2a:b2:75:9b:1b:39:
                    e3:41:9d:99:a6:22:d4:72:25:d1:6d:9c:58:cc:b4:
                    ff:e6:78:d8:3e:f8:25:7f:db:35:0a:7f:9c:e3:f8:
                    d0:69:6c:cb:0a:bf:d9:50:71:ff:0d:62:69:30:d6:
                    21:9f:2d:8f:68:62:fa:fd:d3:fa:ff:83:c1:e2:ab:
                    7e:ad:4f:06:21:c2:7c:0f:a1:13:1f:c8:51:8f:04:
                    25:2f:34:fa:95:ab:c0:83:45:65:a9:b2:ac:e7:a5:
                    10:bc:40:94:77:21:f4:4f:70:78:94:a2:0d:8a:34:
                    2d:01:be:ea:7e:82:8e:bb:cd:da:e2:71:7e:4e:ec:
                    77:41:f3:2d:b7:10:36:b8:b3:8d:03:6e:10:e2:e9:
                    25:5a:61:0b:f8:e2:3b:91:df:da:6a:74:0b:40:2f:
                    c1:45:c6:db:7d:70:21:81:29:28:5a:8c:b9:b5:86:
                    fb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:85:19:21:50:41:5C:13:D1:30:C8:93:D3:30:39:AA:20:29:62:8B
            X509v3 Authority Key Identifier:
                keyid:B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/KIUZIVBBXBPRMMiT0zA5qiApYos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.229.0-45.135.230.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:31:2e:81:f4:62:5f:a9:59:d2:b6:ad:30:0d:c5:6b:3e:d3:
         0b:5b:d4:35:d5:67:f4:af:81:b0:48:d2:cb:3a:20:89:e3:a8:
         73:4c:90:3f:24:8b:49:38:1c:f9:d4:e8:15:ca:a9:f5:6b:56:
         8e:ab:f7:31:fc:f7:53:85:6f:9b:7d:51:de:f4:cb:54:55:85:
         e9:bc:41:d1:f6:63:5b:d9:ba:a3:bf:73:ff:15:16:0e:a8:42:
         86:33:27:68:3b:fa:38:71:6a:ea:1e:2a:33:ca:9a:58:72:5e:
         e4:72:c9:2a:a6:cb:55:0e:32:30:6d:cf:95:a7:67:bc:b3:86:
         c0:1f:08:57:e8:7e:53:0a:0a:f2:62:41:b4:b6:f7:2d:30:d6:
         da:a9:3e:45:c1:f4:93:e0:fd:07:1a:f7:a8:9f:d2:89:14:34:
         69:18:c4:c3:8d:a5:02:da:ac:85:58:e3:49:10:48:99:8b:d4:
         d1:85:76:ca:39:58:43:6b:f9:21:84:d4:e1:ac:11:20:22:f7:
         3f:7e:6e:93:0d:98:8f:46:38:18:e4:52:32:8e:a2:b5:57:53:
         87:86:95:06:82:20:4c:6b:d1:d5:29:38:fa:9d:7a:b5:56:6e:
         55:a0:84:87:53:c1:53:00:c8:54:34:e2:ed:74:cc:13:a8:52:
         03:4c:a4:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2yxe/Yxm25vl2kztuu6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOGFjZTBlYjNlMmRmNDlmZGJiNzc3MjY3MTZmYjY1ZTc3
Nzc5NjQwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODg1MTkyMTUwNDE1YzEzZDEzMGM4OTNkMzMwMzlhYTIwMjk2MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6JUKO3Kfp2jGxGmqTXC9FRubQbjy
uAhbBKfyz5VpbiqEzyeO4ylu0WMhI1a8NDKmsFCafLIGn66Y/NI/BHkZEO0HUpnk
ZQxtwcaZhosY+30aGiAqsnWbGznjQZ2ZpiLUciXRbZxYzLT/5njYPvglf9s1Cn+c
4/jQaWzLCr/ZUHH/DWJpMNYhny2PaGL6/dP6/4PB4qt+rU8GIcJ8D6ETH8hRjwQl
LzT6lavAg0VlqbKs56UQvECUdyH0T3B4lKINijQtAb7qfoKOu83a4nF+Tux3QfMt
txA2uLONA24Q4uklWmEL+OI7kd/aanQLQC/BRcbbfXAhgSkoWoy5tYb7mwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCiFGSFQQVwT0TDIk9MwOaogKWKLMB8GA1UdIwQY
MBaAFLCKzg6z4t9J/bt3cmcW+2Xnd3lkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQt
ODY1YjRjZmJkNGNkLzEvS0lVWklWQkJYQlBSTU1pVDB6QTVxaUFwWW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQtODY1YjRjZmJkNGNk
LzEvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAth+UD
BAAth+YwDQYJKoZIhvcNAQELBQADggEBAH0xLoH0Yl+pWdK2rTANxWs+0wtb1DXV
Z/SvgbBI0ss6IInjqHNMkD8ki0k4HPnU6BXKqfVrVo6r9zH891OFb5t9Ud70y1RV
hem8QdH2Y1vZuqO/c/8VFg6oQoYzJ2g7+jhxauoeKjPKmlhyXuRyySqmy1UOMjBt
z5WnZ7yzhsAfCFfoflMKCvJiQbS29y0w1tqpPkXB9JPg/Qca96if0okUNGkYxMON
pQLarIVY40kQSJmL1NGFdso5WENr+SGE1OGsESAi9z9+bpMNmI9GOBjkUjKOorVX
U4eGlQaCIExr0dUpOPqderVWblWghIdTwVMAyFQ04u10zBOoUgNMpJg=
-----END CERTIFICATE-----