Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/BVoNgaZYUuLlkkzSFA7w6-aqinQ.roa
File:                     BVoNgaZYUuLlkkzSFA7w6-aqinQ.roa (raw, json)
Hash identifier:          FOXlFMKS6tHD0dfTpaJv9Y2PN7JYtY0g4jxxHQbMa28=
Subject key identifier:   05:5A:0D:81:A6:58:52:E2:E5:92:4C:D2:14:0E:F0:EB:E6:AA:8A:74
Certificate issuer:       /CN=111014ce8ad38d15350096d549ee1c5805d09dc8
Certificate serial:       018CC8DE4F605F4ADA165AD89772C0395C10
Authority key identifier: 11:10:14:CE:8A:D3:8D:15:35:00:96:D5:49:EE:1C:58:05:D0:9D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/BVoNgaZYUuLlkkzSFA7w6-aqinQ.roa
Signing time:             Tue 02 Jan 2024 06:31:01 +0000
ROA not before:           Tue 02 Jan 2024 06:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208499
IP address blocks:        45.132.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 06:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4f:60:5f:4a:da:16:5a:d8:97:72:c0:39:5c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111014ce8ad38d15350096d549ee1c5805d09dc8
        Validity
            Not Before: Jan  2 06:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=055a0d81a65852e2e5924cd2140ef0ebe6aa8a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:60:4c:ab:47:73:3a:c6:3f:dd:24:4e:d9:48:
                    95:9a:41:c9:ae:44:97:06:10:a0:f8:a1:1c:8b:e8:
                    80:00:99:d3:b3:cf:70:41:37:b3:ad:bf:c8:23:b1:
                    f7:61:28:98:00:2d:24:78:0d:b9:40:67:dc:46:5a:
                    bd:58:19:c9:72:54:2a:a9:6e:78:db:59:04:8d:2b:
                    84:31:c0:93:af:73:e5:46:ac:87:a7:06:f8:a3:25:
                    09:12:e0:2f:ce:c3:24:60:3f:79:2f:89:79:54:10:
                    f0:e8:76:38:37:0c:5d:8e:45:c7:bb:9f:f4:85:d2:
                    8f:0c:88:af:be:1e:8a:d3:41:1e:12:7c:75:af:40:
                    74:38:45:f9:d3:e8:15:5d:ca:91:84:f2:82:d2:55:
                    dd:49:1d:c1:fe:3b:c6:67:a9:43:e0:dc:f1:bc:67:
                    38:8a:56:04:1c:6d:c2:7c:a7:96:2e:a2:9b:a6:35:
                    ba:da:60:be:76:79:ca:b0:73:e2:32:a0:6a:7d:18:
                    a0:b0:0a:80:14:64:d6:ab:8b:78:42:22:38:8f:1c:
                    5e:60:13:2e:1e:eb:69:5f:6c:8f:e3:2f:b2:d9:04:
                    8a:c2:d2:71:bd:04:55:d3:6d:60:6e:e5:a1:6b:47:
                    c2:a8:09:03:20:96:63:77:ce:94:8f:8a:ea:2a:38:
                    0c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:5A:0D:81:A6:58:52:E2:E5:92:4C:D2:14:0E:F0:EB:E6:AA:8A:74
            X509v3 Authority Key Identifier:
                keyid:11:10:14:CE:8A:D3:8D:15:35:00:96:D5:49:EE:1C:58:05:D0:9D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/BVoNgaZYUuLlkkzSFA7w6-aqinQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:78:e2:a1:ad:e6:91:04:77:c4:7e:a6:21:e0:1a:5a:6d:f9:
         36:80:24:89:3a:53:84:85:ba:db:f4:ee:f7:7b:44:0b:c1:ff:
         f4:76:29:16:53:94:63:3d:25:c8:6e:03:81:e3:20:35:2b:85:
         1d:02:e5:1d:c5:39:ce:dd:80:8d:2c:71:86:b1:3a:a5:1b:d3:
         0a:78:df:27:45:c5:53:01:9b:cf:84:66:69:ae:fd:96:66:f6:
         12:b9:01:0d:17:4a:bb:89:c5:91:55:d7:f6:3f:1b:51:58:83:
         bb:89:d0:85:37:bd:52:48:91:d6:2f:b4:e9:d7:b3:2e:18:1a:
         df:78:af:37:bf:b7:64:0f:1a:48:76:ef:46:d2:fa:c0:21:d6:
         7e:4a:81:4a:f1:c0:d1:10:5a:ac:dc:c8:3c:2f:0f:33:0f:b2:
         4a:0f:fc:c8:c3:af:2a:34:ab:0c:99:9e:be:b3:b0:91:ea:0f:
         df:25:5b:c9:75:6e:98:2e:6f:5a:25:7e:34:5b:f3:cb:0e:31:
         40:2f:67:7b:73:ea:6f:54:fb:3a:68:b6:cc:e8:29:9b:f7:3e:
         e2:81:87:34:6d:03:18:2d:97:63:6d:02:62:83:80:e2:de:26:
         fe:87:d3:1b:ce:5b:48:8f:45:64:da:b3:07:cd:bf:54:c0:3c:
         2e:5b:c4:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3k9gX0raFlrYl3LAOVwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTAxNGNlOGFkMzhkMTUzNTAwOTZkNTQ5ZWUxYzU4MDVk
MDlkYzgwHhcNMjQwMTAyMDYzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTVhMGQ4MWE2NTg1MmUyZTU5MjRjZDIxNDBlZjBlYmU2YWE4YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmBMq0dzOsY/3SRO2UiVmkHJrkSX
BhCg+KEci+iAAJnTs89wQTezrb/II7H3YSiYAC0keA25QGfcRlq9WBnJclQqqW54
21kEjSuEMcCTr3PlRqyHpwb4oyUJEuAvzsMkYD95L4l5VBDw6HY4NwxdjkXHu5/0
hdKPDIivvh6K00EeEnx1r0B0OEX50+gVXcqRhPKC0lXdSR3B/jvGZ6lD4NzxvGc4
ilYEHG3CfKeWLqKbpjW62mC+dnnKsHPiMqBqfRigsAqAFGTWq4t4QiI4jxxeYBMu
HutpX2yP4y+y2QSKwtJxvQRV021gbuWha0fCqAkDIJZjd86Uj4rqKjgMtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVaDYGmWFLi5ZJM0hQO8Ovmqop0MB8GA1UdIwQY
MBaAFBEQFM6K040VNQCW1UnuHFgF0J3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJBVXpvclRqUlUxQUpiVlNlNGNXQVhRbmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9kNmM3NTItYWE0Yi00ZmE3LWFiMWYt
OTFhMzk0Njg0NjQ0LzEvQlZvTmdhWllVdUxsa2t6U0ZBN3c2LWFxaW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9kNmM3NTItYWE0Yi00ZmE3LWFiMWYtOTFhMzk0Njg0NjQ0
LzEvRVJBVXpvclRqUlUxQUpiVlNlNGNXQVhRbmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYTcMA0G
CSqGSIb3DQEBCwUAA4IBAQABeOKhreaRBHfEfqYh4Bpabfk2gCSJOlOEhbrb9O73
e0QLwf/0dikWU5RjPSXIbgOB4yA1K4UdAuUdxTnO3YCNLHGGsTqlG9MKeN8nRcVT
AZvPhGZprv2WZvYSuQENF0q7icWRVdf2PxtRWIO7idCFN71SSJHWL7Tp17MuGBrf
eK83v7dkDxpIdu9G0vrAIdZ+SoFK8cDREFqs3Mg8Lw8zD7JKD/zIw68qNKsMmZ6+
s7CR6g/fJVvJdW6YLm9aJX40W/PLDjFAL2d7c+pvVPs6aLbM6Cmb9z7igYc0bQMY
LZdjbQJig4Di3ib+h9MbzltIj0Vk2rMHzb9UwDwuW8T0
-----END CERTIFICATE-----