Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/JOEugf6c2IQoHYVRYewzz_dItvE.roa
File:                     JOEugf6c2IQoHYVRYewzz_dItvE.roa (raw, json)
Hash identifier:          idWRpDFzuiOPJIlhxurRB5VOgBZdVahVl8SpF5VSojs=
Subject key identifier:   24:E1:2E:81:FE:9C:D8:84:28:1D:85:51:61:EC:33:CF:F7:48:B6:F1
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       018CC8DEC8B494ABAB541CC3757AF2140A59
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/JOEugf6c2IQoHYVRYewzz_dItvE.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50316
IP address blocks:        45.82.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c8:b4:94:ab:ab:54:1c:c3:75:7a:f2:14:0a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24e12e81fe9cd884281d855161ec33cff748b6f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fa:e5:74:6f:aa:ac:a4:1a:8f:f1:8b:4c:d0:
                    82:a5:5d:6c:82:f0:a5:87:1d:cd:93:b9:00:bc:83:
                    06:fe:c9:47:89:ab:15:f5:dd:c8:c4:19:6b:22:a1:
                    50:91:af:3d:e1:78:19:2c:76:82:1f:2e:96:81:12:
                    61:35:40:50:48:d5:df:1f:dc:ee:f1:6a:cd:0b:07:
                    96:e5:08:ec:d6:87:5f:71:89:d1:de:92:3b:8d:76:
                    2b:d7:f5:2d:53:2c:15:d5:27:b5:ab:90:a7:2a:4b:
                    7a:6e:38:a7:d7:a0:5b:dc:77:12:db:e2:4a:b5:5f:
                    97:3f:56:b8:88:f4:ab:17:89:1a:bb:c0:04:22:9e:
                    62:eb:44:75:f8:fc:b3:ad:04:3f:6a:48:69:a4:d5:
                    f8:49:f7:20:91:2b:2f:43:cc:d6:1b:13:59:9d:5c:
                    9a:4a:e1:ff:84:80:2c:74:52:28:ba:f8:d1:9e:28:
                    35:76:d9:f7:2e:2a:d7:ee:fd:a4:0e:e3:7b:a0:b7:
                    e5:a3:7f:b6:d8:48:56:6c:72:09:84:d2:bc:13:f5:
                    39:71:a5:4d:5b:83:d8:ab:c8:5b:8f:41:dd:58:31:
                    ef:d9:d7:74:70:7c:96:6b:f5:d5:9b:47:fe:d8:d5:
                    29:ea:41:48:c6:ed:d1:61:f3:de:06:35:eb:ea:f3:
                    d0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E1:2E:81:FE:9C:D8:84:28:1D:85:51:61:EC:33:CF:F7:48:B6:F1
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/JOEugf6c2IQoHYVRYewzz_dItvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:37:2e:60:80:01:a9:39:93:68:df:a7:93:cf:56:5d:82:64:
         d4:da:7e:de:00:f0:c0:be:4e:a8:00:d2:86:d2:2c:2c:b1:b3:
         f5:2c:b7:1f:b8:d1:6d:c3:a6:90:65:0c:1e:c2:7e:68:36:18:
         4d:f2:24:02:27:6f:80:47:ca:ab:67:0f:e9:e2:28:fc:9e:7e:
         12:f5:16:a3:47:fe:9b:61:4e:c5:33:36:80:91:26:37:6e:51:
         17:04:de:3e:b0:be:1a:d7:0b:85:1b:6d:53:a2:ee:c0:83:a2:
         70:28:b1:6b:e2:b3:ad:be:5a:5e:f1:c3:62:27:e3:b6:8b:48:
         58:b4:5f:de:60:71:92:66:88:84:a5:fe:44:b8:f7:1d:7e:02:
         07:8d:3a:31:34:6f:8e:f3:d4:be:0f:33:d4:d4:83:96:04:3f:
         08:fb:fd:56:45:a6:4d:e2:ca:00:e0:fe:e4:31:01:28:fc:14:
         51:8f:58:1f:24:0a:98:41:e9:aa:ec:14:b4:25:6e:6d:8a:82:
         13:ff:35:c7:28:6d:71:66:36:20:46:38:d5:79:4c:1a:0a:9a:
         fa:64:f8:6a:d3:8e:48:2b:08:c6:9a:ba:2d:46:30:75:be:14:
         17:3c:c0:cf:d6:50:1b:37:d6:3d:d6:86:de:c5:61:b6:ae:0f:
         ad:a0:28:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3si0lKurVBzDdXryFApZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGUxMmU4MWZlOWNkODg0MjgxZDg1NTE2MWVjMzNjZmY3NDhiNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/rldG+qrKQaj/GLTNCCpV1sgvCl
hx3Nk7kAvIMG/slHiasV9d3IxBlrIqFQka894XgZLHaCHy6WgRJhNUBQSNXfH9zu
8WrNCweW5Qjs1odfcYnR3pI7jXYr1/UtUywV1Se1q5CnKkt6bjin16Bb3HcS2+JK
tV+XP1a4iPSrF4kau8AEIp5i60R1+PyzrQQ/akhppNX4SfcgkSsvQ8zWGxNZnVya
SuH/hIAsdFIouvjRnig1dtn3LirX7v2kDuN7oLflo3+22EhWbHIJhNK8E/U5caVN
W4PYq8hbj0HdWDHv2dd0cHyWa/XVm0f+2NUp6kFIxu3RYfPeBjXr6vPQIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCThLoH+nNiEKB2FUWHsM8/3SLbxMB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvSk9FdWdmNmMySVFvSFlWUllld3p6X2RJdHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVLKMA0G
CSqGSIb3DQEBCwUAA4IBAQAONy5ggAGpOZNo36eTz1ZdgmTU2n7eAPDAvk6oANKG
0iwssbP1LLcfuNFtw6aQZQwewn5oNhhN8iQCJ2+AR8qrZw/p4ij8nn4S9RajR/6b
YU7FMzaAkSY3blEXBN4+sL4a1wuFG21Tou7Ag6JwKLFr4rOtvlpe8cNiJ+O2i0hY
tF/eYHGSZoiEpf5EuPcdfgIHjToxNG+O89S+DzPU1IOWBD8I+/1WRaZN4soA4P7k
MQEo/BRRj1gfJAqYQemq7BS0JW5tioIT/zXHKG1xZjYgRjjVeUwaCpr6ZPhq045I
KwjGmrotRjB1vhQXPMDP1lAbN9Y91obexWG2rg+toChy
-----END CERTIFICATE-----