Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/4Jmbn1xOoG9xCA7GK9tKy1lASqw.roa
File:                     4Jmbn1xOoG9xCA7GK9tKy1lASqw.roa (raw, json)
Hash identifier:          u8XsA6jdtBntK3Pf2zU6CrICct2bX4wWW0UJntV+CFM=
Subject key identifier:   E0:99:9B:9F:5C:4E:A0:6F:71:08:0E:C6:2B:DB:4A:CB:59:40:4A:AC
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018EE84CB8F5E141FC4A10C30C755F2B2644
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/4Jmbn1xOoG9xCA7GK9tKy1lASqw.roa
Signing time:             Tue 16 Apr 2024 19:05:25 +0000
ROA not before:           Tue 16 Apr 2024 19:05:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        45.65.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e8:4c:b8:f5:e1:41:fc:4a:10:c3:0c:75:5f:2b:26:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Apr 16 19:05:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0999b9f5c4ea06f71080ec62bdb4acb59404aac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6c:1a:f5:c4:20:68:0f:59:b0:9d:57:18:f7:
                    4a:1e:e4:d0:da:97:ce:1b:7f:ab:60:1b:ce:3f:9f:
                    29:ba:7d:ad:51:15:d7:cd:47:3c:a5:83:77:97:76:
                    c3:22:0a:44:99:52:e3:94:3c:ef:91:2e:52:dc:ec:
                    27:f8:d4:fc:48:a9:0e:fe:6e:f0:ab:53:1c:cb:4b:
                    80:cb:26:4c:66:64:4c:23:bb:dc:9b:ae:e2:0f:ff:
                    e8:49:c3:32:4c:37:fc:bc:3c:92:59:c4:43:d9:ae:
                    39:14:7f:34:79:b3:10:39:4d:35:62:37:aa:89:26:
                    60:2d:59:26:72:b4:35:13:1a:c9:5b:bb:a7:97:d0:
                    4b:8f:08:8d:26:0b:f6:e7:e6:0a:7a:e9:9e:45:99:
                    ba:0d:28:46:37:98:d7:95:12:dc:0c:2b:b9:3d:49:
                    55:32:01:ad:1e:c3:0c:81:77:ec:a8:34:7c:e5:e5:
                    94:33:a6:15:fd:f8:ce:c3:00:85:b9:d6:ca:27:a9:
                    c9:63:99:58:42:c7:7e:e7:b6:fd:35:91:46:69:50:
                    23:99:91:83:9a:e4:67:f4:e9:ca:f8:b5:f7:d6:3e:
                    83:13:81:b7:6c:3c:b4:f0:e2:87:b0:60:43:a2:b4:
                    29:56:fd:8d:d2:fe:d9:38:a5:19:1a:b4:88:fd:9e:
                    f6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:99:9B:9F:5C:4E:A0:6F:71:08:0E:C6:2B:DB:4A:CB:59:40:4A:AC
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/4Jmbn1xOoG9xCA7GK9tKy1lASqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:46:35:4c:94:7d:de:f8:38:12:2d:d4:6c:b2:4f:1f:2a:e0:
         57:17:35:ae:18:37:c9:d4:4d:5a:ea:a0:6a:f2:4d:6e:cd:dd:
         b8:9c:1a:52:a3:4a:9d:5b:ce:dd:e1:7d:30:5d:41:86:a1:5d:
         ba:f2:b8:6f:20:ab:82:a0:69:37:67:0c:7e:6e:1b:29:1c:f6:
         75:0c:db:66:e8:2c:7b:ab:86:3e:2c:20:3c:f3:ad:39:52:60:
         6f:c7:c2:3b:f3:33:a5:c9:39:21:0c:97:c8:a7:fa:f6:08:0d:
         87:27:40:37:71:5f:45:dd:e8:65:ff:e7:39:70:8d:5d:a1:c0:
         da:df:29:36:a5:1c:a2:67:85:1f:f7:46:3f:29:87:62:2d:dd:
         e3:69:41:21:d2:cc:4e:d5:f0:41:c5:f5:89:d5:10:94:6b:a7:
         bb:9f:a3:5b:34:64:49:c5:4f:ca:db:cc:1c:f1:55:08:c1:82:
         f3:bd:f6:e7:26:db:d3:6e:0a:0b:00:59:3d:ca:22:08:53:ad:
         47:5d:88:38:26:fb:7e:d7:28:47:96:12:81:b6:f8:71:bd:8f:
         e8:59:ee:53:cb:07:d5:1e:f9:ce:c1:9d:ed:83:b5:dd:28:6e:
         0e:2b:05:de:7a:9d:2e:39:69:da:da:6a:83:39:a7:82:cf:2c:
         69:80:fa:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7oTLj14UH8ShDDDHVfKyZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwNDE2MTkwNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDk5OWI5ZjVjNGVhMDZmNzEwODBlYzYyYmRiNGFjYjU5NDA0YWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGwa9cQgaA9ZsJ1XGPdKHuTQ2pfO
G3+rYBvOP58pun2tURXXzUc8pYN3l3bDIgpEmVLjlDzvkS5S3Own+NT8SKkO/m7w
q1Mcy0uAyyZMZmRMI7vcm67iD//oScMyTDf8vDySWcRD2a45FH80ebMQOU01Yjeq
iSZgLVkmcrQ1ExrJW7unl9BLjwiNJgv25+YKeumeRZm6DShGN5jXlRLcDCu5PUlV
MgGtHsMMgXfsqDR85eWUM6YV/fjOwwCFudbKJ6nJY5lYQsd+57b9NZFGaVAjmZGD
muRn9OnK+LX31j6DE4G3bDy08OKHsGBDorQpVv2N0v7ZOKUZGrSI/Z72gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCZm59cTqBvcQgOxivbSstZQEqsMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvNEptYm4xeE9vRzl4Q0E3R0s5dEt5MWxBU3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUFxMA0G
CSqGSIb3DQEBCwUAA4IBAQBaRjVMlH3e+DgSLdRssk8fKuBXFzWuGDfJ1E1a6qBq
8k1uzd24nBpSo0qdW87d4X0wXUGGoV268rhvIKuCoGk3Zwx+bhspHPZ1DNtm6Cx7
q4Y+LCA88605UmBvx8I78zOlyTkhDJfIp/r2CA2HJ0A3cV9F3ehl/+c5cI1docDa
3yk2pRyiZ4Uf90Y/KYdiLd3jaUEh0sxO1fBBxfWJ1RCUa6e7n6NbNGRJxU/K28wc
8VUIwYLzvfbnJtvTbgoLAFk9yiIIU61HXYg4Jvt+1yhHlhKBtvhxvY/oWe5TywfV
HvnOwZ3tg7XdKG4OKwXeep0uOWna2mqDOaeCzyxpgPqb
-----END CERTIFICATE-----