Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/cd703a-06f9-4106-8c8d-b7289b370b6d/1/1-v4En1LA3eCL2C0xsA0lO0XpaVE.roa
File:                     1-v4En1LA3eCL2C0xsA0lO0XpaVE.roa (raw, json)
Hash identifier:          jUCo4TE64EsRzMIPiZetiObvqTAAgvm6TSIQ/i71XVM=
Subject key identifier:   FA:FE:04:9F:52:C0:DD:E0:8B:D8:2D:31:B0:0D:25:3B:45:E9:69:51
Certificate issuer:       /CN=446158c75b1e3203b22b583cc184c3f5488b25d6
Certificate serial:       018CCA2A4EF54452E742DB74620345D2360E
Authority key identifier: 44:61:58:C7:5B:1E:32:03:B2:2B:58:3C:C1:84:C3:F5:48:8B:25:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RGFYx1seMgOyK1g8wYTD9UiLJdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/cd703a-06f9-4106-8c8d-b7289b370b6d/1/1-v4En1LA3eCL2C0xsA0lO0XpaVE.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204860
IP address blocks:        45.150.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/cd703a-06f9-4106-8c8d-b7289b370b6d/1/RGFYx1seMgOyK1g8wYTD9UiLJdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/cd703a-06f9-4106-8c8d-b7289b370b6d/1/RGFYx1seMgOyK1g8wYTD9UiLJdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RGFYx1seMgOyK1g8wYTD9UiLJdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4e:f5:44:52:e7:42:db:74:62:03:45:d2:36:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=446158c75b1e3203b22b583cc184c3f5488b25d6
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fafe049f52c0dde08bd82d31b00d253b45e96951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:cd:bf:69:5a:83:a5:b2:ce:07:c0:1f:68:b2:
                    80:a7:e5:67:77:14:fa:fb:a4:f2:02:9b:f8:78:67:
                    bc:58:ad:99:76:d9:20:38:95:bb:a0:0f:cb:94:98:
                    2f:74:c9:9d:66:65:f1:31:be:2f:39:7f:47:7d:02:
                    a3:d1:1c:8b:7c:dc:f2:68:83:c3:68:b5:f5:9e:8a:
                    03:f5:98:aa:f3:df:c5:19:17:68:ac:6b:8a:eb:f0:
                    53:d0:37:52:42:75:a4:cc:84:33:1f:09:ff:7f:7f:
                    60:40:3c:fb:a5:86:55:0c:55:64:74:91:27:45:5d:
                    7f:fa:81:9b:e1:b7:cf:fe:7a:a4:ad:10:b8:d7:5e:
                    91:c9:88:80:6e:b8:30:8b:94:f5:d9:6c:3e:7a:66:
                    2a:1e:43:4f:ef:d7:93:c8:17:d6:b9:bd:89:6e:ec:
                    99:64:a4:92:8d:1b:4b:16:20:26:d1:83:6b:41:77:
                    05:d4:95:39:c7:d6:8b:08:13:14:59:f1:5a:60:c8:
                    54:c1:b0:93:b4:bc:b7:88:d9:67:9d:c8:cb:a4:aa:
                    62:2e:f1:ac:71:85:c5:1f:db:a5:fa:01:05:d8:b9:
                    a8:b2:b8:6d:a1:16:7a:70:7c:79:17:48:e4:73:c0:
                    82:b1:18:aa:3d:69:b6:88:bb:f2:08:9b:05:79:68:
                    76:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:FE:04:9F:52:C0:DD:E0:8B:D8:2D:31:B0:0D:25:3B:45:E9:69:51
            X509v3 Authority Key Identifier:
                keyid:44:61:58:C7:5B:1E:32:03:B2:2B:58:3C:C1:84:C3:F5:48:8B:25:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RGFYx1seMgOyK1g8wYTD9UiLJdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/cd703a-06f9-4106-8c8d-b7289b370b6d/1/1-v4En1LA3eCL2C0xsA0lO0XpaVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/cd703a-06f9-4106-8c8d-b7289b370b6d/1/RGFYx1seMgOyK1g8wYTD9UiLJdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:13:e2:e3:58:82:6f:42:6b:85:a0:ac:18:2c:1f:55:18:51:
         40:db:28:d3:bf:89:c8:46:94:3b:a5:f9:92:23:d7:61:6a:fb:
         6a:84:4e:61:c5:59:ee:9c:c7:86:e5:85:c7:d5:23:a9:55:fd:
         e3:41:8b:41:46:a3:a2:6a:c7:67:59:90:ee:e3:e6:c1:9f:5b:
         5a:85:4f:13:58:91:e1:f3:95:dc:e3:dd:b7:ad:df:d5:81:88:
         7c:04:58:cf:9a:3c:6d:3c:12:b4:5c:77:07:6a:7d:3a:d7:e9:
         d4:f0:1d:3d:65:f2:34:9a:78:16:a3:79:3e:39:c0:24:62:88:
         5b:4a:4f:20:09:d5:09:80:00:80:1c:36:00:a5:3f:7d:01:e9:
         f4:b3:18:46:bc:3e:5f:f4:6d:c2:c6:74:43:f1:50:ab:45:0d:
         8a:94:24:84:06:06:e4:5e:ae:4f:3c:e7:2b:80:27:34:07:ec:
         0b:db:2d:5b:58:c4:4c:bf:87:09:ee:f8:a5:77:b4:af:47:02:
         3b:29:a3:e9:5e:ba:78:71:96:90:23:23:ee:7b:6c:31:ab:b1:
         9e:64:11:d8:15:77:e0:d2:cd:43:83:b5:1b:e7:96:eb:db:79:
         f2:ff:d2:a7:06:d6:e5:a1:c1:2a:92:6b:fc:18:4a:2b:34:dd:
         3e:5b:75:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKk71RFLnQtt0YgNF0jYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NjE1OGM3NWIxZTMyMDNiMjJiNTgzY2MxODRjM2Y1NDg4
YjI1ZDYwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWZlMDQ5ZjUyYzBkZGUwOGJkODJkMzFiMDBkMjUzYjQ1ZTk2OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgs2/aVqDpbLOB8AfaLKAp+VndxT6
+6TyApv4eGe8WK2ZdtkgOJW7oA/LlJgvdMmdZmXxMb4vOX9HfQKj0RyLfNzyaIPD
aLX1nooD9Ziq89/FGRdorGuK6/BT0DdSQnWkzIQzHwn/f39gQDz7pYZVDFVkdJEn
RV1/+oGb4bfP/nqkrRC4116RyYiAbrgwi5T12Ww+emYqHkNP79eTyBfWub2JbuyZ
ZKSSjRtLFiAm0YNrQXcF1JU5x9aLCBMUWfFaYMhUwbCTtLy3iNlnncjLpKpiLvGs
cYXFH9ul+gEF2LmosrhtoRZ6cHx5F0jkc8CCsRiqPWm2iLvyCJsFeWh20wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPr+BJ9SwN3gi9gtMbANJTtF6WlRMB8GA1UdIwQY
MBaAFERhWMdbHjIDsitYPMGEw/VIiyXWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkdGWXgxc2VNZ095SzFnOHdZVEQ5VWlMSmRZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9jZDcwM2EtMDZmOS00MTA2LThjOGQt
YjcyODliMzcwYjZkLzEvMS12NEVuMUxBM2VDTDJDMHhzQTBsTzBYcGFWRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjYvY2Q3MDNhLTA2ZjktNDEwNi04YzhkLWI3Mjg5YjM3MGI2
ZC8xL1JHRll4MXNlTWdPeUsxZzh3WVREOVVpTEpkWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2WJDAN
BgkqhkiG9w0BAQsFAAOCAQEAlhPi41iCb0JrhaCsGCwfVRhRQNso07+JyEaUO6X5
kiPXYWr7aoROYcVZ7pzHhuWFx9UjqVX940GLQUajomrHZ1mQ7uPmwZ9bWoVPE1iR
4fOV3OPdt63f1YGIfARYz5o8bTwStFx3B2p9Otfp1PAdPWXyNJp4FqN5PjnAJGKI
W0pPIAnVCYAAgBw2AKU/fQHp9LMYRrw+X/RtwsZ0Q/FQq0UNipQkhAYG5F6uTzzn
K4AnNAfsC9stW1jETL+HCe74pXe0r0cCOymj6V66eHGWkCMj7ntsMauxnmQR2BV3
4NLNQ4O1G+eW69t58v/SpwbW5aHBKpJr/BhKKzTdPlt15g==
-----END CERTIFICATE-----