Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/851708-19f9-4ecc-a442-0ce3a2efc8dd/1/U4gLWb_wme_gTUaUWRIF8erO1K0.roa
File:                     U4gLWb_wme_gTUaUWRIF8erO1K0.roa (raw, json)
Hash identifier:          Hy8hvYxqvSsb/ltjExSfq2iQcxMzaXBbUzbqWaZVtVI=
Subject key identifier:   53:88:0B:59:BF:F0:99:EF:E0:4D:46:94:59:12:05:F1:EA:CE:D4:AD
Certificate issuer:       /CN=525915b4c72407afb7941e5be294ac7133b107b3
Certificate serial:       018CC7273BEB2BD56F01997D547995FB7A2B
Authority key identifier: 52:59:15:B4:C7:24:07:AF:B7:94:1E:5B:E2:94:AC:71:33:B1:07:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UlkVtMckB6-3lB5b4pSscTOxB7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/851708-19f9-4ecc-a442-0ce3a2efc8dd/1/U4gLWb_wme_gTUaUWRIF8erO1K0.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44683
IP address blocks:        45.152.244.0/22 maxlen: 22
                          2a0f:6d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/851708-19f9-4ecc-a442-0ce3a2efc8dd/1/UlkVtMckB6-3lB5b4pSscTOxB7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/851708-19f9-4ecc-a442-0ce3a2efc8dd/1/UlkVtMckB6-3lB5b4pSscTOxB7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UlkVtMckB6-3lB5b4pSscTOxB7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3b:eb:2b:d5:6f:01:99:7d:54:79:95:fb:7a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525915b4c72407afb7941e5be294ac7133b107b3
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53880b59bff099efe04d4694591205f1eaced4ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:85:2a:12:dd:2f:51:e3:6c:32:21:06:17:75:
                    a3:db:5c:2a:e4:01:ea:21:cd:ed:59:4d:9d:0a:e6:
                    a2:0f:08:f2:b3:d7:4a:89:85:42:92:cb:c9:c7:38:
                    1e:e2:7c:0f:5c:25:9e:3f:d1:38:02:77:4d:b1:e3:
                    48:2f:57:eb:29:7e:8c:a4:ee:a3:74:68:2a:7e:69:
                    f6:d6:f9:cd:99:f4:2c:87:fc:80:f6:11:13:d7:33:
                    a0:e3:97:c0:97:29:9c:b9:c2:17:13:d0:0a:20:8e:
                    7d:a2:e8:9d:64:b1:f0:a5:26:d0:38:bd:05:62:f3:
                    78:bd:f8:f2:66:13:e6:8b:29:88:f6:a5:e7:94:e8:
                    2e:f1:87:ab:69:6e:1c:6d:b8:88:7a:0f:31:2b:89:
                    67:20:27:ae:f7:5d:ae:d2:77:d1:17:fe:c6:e4:6b:
                    b3:94:87:5d:54:f3:8f:32:bf:9a:dd:be:87:a4:7f:
                    2b:89:10:93:a4:5b:38:9c:20:14:0e:6d:28:ef:19:
                    b7:07:f7:9d:68:8d:6e:10:1d:d1:a5:ed:e5:7b:88:
                    53:95:39:96:14:cc:f5:be:d0:3d:84:8d:6e:f9:6b:
                    7f:2b:a9:6d:ff:6d:68:09:0f:ba:8f:ca:88:52:76:
                    d7:be:ca:e6:c8:d7:36:34:cd:03:2a:cb:01:84:41:
                    4e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:88:0B:59:BF:F0:99:EF:E0:4D:46:94:59:12:05:F1:EA:CE:D4:AD
            X509v3 Authority Key Identifier:
                keyid:52:59:15:B4:C7:24:07:AF:B7:94:1E:5B:E2:94:AC:71:33:B1:07:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UlkVtMckB6-3lB5b4pSscTOxB7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/851708-19f9-4ecc-a442-0ce3a2efc8dd/1/U4gLWb_wme_gTUaUWRIF8erO1K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/851708-19f9-4ecc-a442-0ce3a2efc8dd/1/UlkVtMckB6-3lB5b4pSscTOxB7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.244.0/22
                IPv6:
                  2a0f:6d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:92:ec:c2:61:0f:32:21:d1:2a:fb:c7:f0:6e:44:e3:37:bf:
         01:64:9a:99:4c:d5:5a:98:ae:ce:38:43:28:51:5a:0e:da:c9:
         f8:57:64:c2:2a:f8:f1:6f:31:59:29:0e:10:78:47:01:7a:56:
         56:49:5e:a1:77:ac:b2:d7:76:fa:0e:6d:99:21:1a:ea:35:70:
         98:72:2d:8d:e9:58:cd:f8:b5:ae:60:07:b8:61:21:83:c7:1d:
         f7:1f:2c:59:a7:10:9b:e8:e1:f8:25:5d:c4:d9:54:88:e1:65:
         32:9e:73:d7:70:f4:47:a2:70:ae:54:ea:8a:b0:d3:69:b9:38:
         48:13:c5:22:ba:f5:ca:40:08:f6:37:c5:86:d9:29:a9:c6:72:
         d3:60:12:32:db:74:83:23:5e:8c:4f:dd:50:ce:0f:c4:a1:ed:
         f0:6c:83:72:2a:9d:ed:fa:b8:9e:41:d4:0b:ee:da:76:a8:a3:
         c1:46:b3:9a:5e:cd:98:9b:8b:b1:41:a2:6b:b7:d5:f7:f6:22:
         4e:cd:34:a1:41:8d:42:24:8d:20:27:f7:61:b8:9f:ae:c7:77:
         c4:74:d4:37:1c:91:b5:e1:0a:58:cf:07:be:a4:fb:8e:fb:c1:
         33:8f:f5:85:74:94:17:9b:4f:fd:56:b7:fd:42:01:18:7d:5e:
         d5:63:65:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJzvrK9VvAZl9VHmV+3orMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNTkxNWI0YzcyNDA3YWZiNzk0MWU1YmUyOTRhYzcxMzNi
MTA3YjMwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzg4MGI1OWJmZjA5OWVmZTA0ZDQ2OTQ1OTEyMDVmMWVhY2VkNGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroUqEt0vUeNsMiEGF3Wj21wq5AHq
Ic3tWU2dCuaiDwjys9dKiYVCksvJxzge4nwPXCWeP9E4AndNseNIL1frKX6MpO6j
dGgqfmn21vnNmfQsh/yA9hET1zOg45fAlymcucIXE9AKII59ouidZLHwpSbQOL0F
YvN4vfjyZhPmiymI9qXnlOgu8YeraW4cbbiIeg8xK4lnICeu912u0nfRF/7G5Guz
lIddVPOPMr+a3b6HpH8riRCTpFs4nCAUDm0o7xm3B/edaI1uEB3Rpe3le4hTlTmW
FMz1vtA9hI1u+Wt/K6lt/21oCQ+6j8qIUnbXvsrmyNc2NM0DKssBhEFOhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFOIC1m/8Jnv4E1GlFkSBfHqztStMB8GA1UdIwQY
MBaAFFJZFbTHJAevt5QeW+KUrHEzsQezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWxrVnRNY2tCNi0zbEI1YjRwU3NjVE94QjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS84NTE3MDgtMTlmOS00ZWNjLWE0NDIt
MGNlM2EyZWZjOGRkLzEvVTRnTFdiX3dtZV9nVFVhVVdSSUY4ZXJPMUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS84NTE3MDgtMTlmOS00ZWNjLWE0NDItMGNlM2EyZWZjOGRk
LzEvVWxrVnRNY2tCNi0zbEI1YjRwU3NjVE94QjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZj0MA0E
AgACMAcDBQMqD20AMA0GCSqGSIb3DQEBCwUAA4IBAQAZkuzCYQ8yIdEq+8fwbkTj
N78BZJqZTNVamK7OOEMoUVoO2sn4V2TCKvjxbzFZKQ4QeEcBelZWSV6hd6yy13b6
Dm2ZIRrqNXCYci2N6VjN+LWuYAe4YSGDxx33HyxZpxCb6OH4JV3E2VSI4WUynnPX
cPRHonCuVOqKsNNpuThIE8UiuvXKQAj2N8WG2SmpxnLTYBIy23SDI16MT91Qzg/E
oe3wbINyKp3t+rieQdQL7tp2qKPBRrOaXs2Ym4uxQaJrt9X39iJOzTShQY1CJI0g
J/dhuJ+ux3fEdNQ3HJG14QpYzwe+pPuO+8Ezj/WFdJQXm0/9Vrf9QgEYfV7VY2WK
-----END CERTIFICATE-----