Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/GltYcM_LJQbyLLseLRX93I9pdUY.roa
File:                     GltYcM_LJQbyLLseLRX93I9pdUY.roa (raw, json)
Hash identifier:          LFiZCgRuIcmJDP6lKNPlxfPXFvLZsdyAspFB35FKUsQ=
Subject key identifier:   1A:5B:58:70:CF:CB:25:06:F2:2C:BB:1E:2D:15:FD:DC:8F:69:75:46
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D7A93198175DDE1320C805A1C3DC7834B
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/GltYcM_LJQbyLLseLRX93I9pdUY.roa
Signing time:             Mon 05 Feb 2024 18:41:17 +0000
ROA not before:           Mon 05 Feb 2024 18:41:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        45.142.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 03:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:93:19:81:75:dd:e1:32:0c:80:5a:1c:3d:c7:83:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  5 18:41:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a5b5870cfcb2506f22cbb1e2d15fddc8f697546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:46:9f:d7:5b:ce:20:3e:61:90:c9:f3:d3:7d:
                    82:7e:dc:3c:cf:cc:f2:86:95:13:7b:e8:99:da:81:
                    35:2a:68:73:92:0f:e1:27:f8:db:59:02:6f:ba:24:
                    84:fe:83:f0:aa:b5:0f:5e:a8:7e:ac:72:a8:c5:db:
                    75:a5:20:6f:5d:0a:04:a5:d6:3d:d3:ba:2b:55:fb:
                    00:a7:76:e3:08:7b:bd:82:bd:47:3b:2e:d1:81:01:
                    85:10:e9:48:5b:76:60:e4:34:c1:ed:fd:b4:dc:b1:
                    a7:dd:40:a8:ae:42:cf:11:18:17:a3:ec:44:b7:50:
                    0f:95:14:6d:a0:c9:0c:85:96:ad:93:12:e8:6e:79:
                    e9:e8:ca:17:c5:7a:51:f5:90:c9:3b:8c:51:e4:a8:
                    db:60:03:29:84:6b:ef:95:f6:b0:72:25:94:c8:b4:
                    17:2a:47:26:b7:91:b5:ce:5e:4f:8a:6d:fe:5d:6e:
                    c1:e2:58:ca:ae:7b:12:e6:f9:23:a9:8b:04:51:93:
                    73:77:4d:57:1a:3e:f3:34:7e:4b:45:fc:97:50:85:
                    52:94:e3:c6:54:85:4a:2f:b7:20:45:de:fb:63:5b:
                    1f:70:c4:2b:8c:a3:0f:3e:8e:4d:ee:d7:7f:dc:80:
                    fe:2d:27:37:ba:aa:e1:94:14:57:27:68:e1:50:97:
                    8b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5B:58:70:CF:CB:25:06:F2:2C:BB:1E:2D:15:FD:DC:8F:69:75:46
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/GltYcM_LJQbyLLseLRX93I9pdUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:47:be:b9:91:31:07:0b:d9:e4:ab:25:52:80:6c:ae:74:f5:
         d0:e9:28:01:b4:1a:34:e3:9e:eb:0b:c4:98:01:bf:72:0e:5f:
         78:d8:50:2c:41:6e:82:2e:24:78:15:10:ea:56:ce:33:8e:17:
         33:ed:cc:08:8f:42:e9:5e:52:4e:32:e2:2c:cc:ab:2b:b9:07:
         99:d2:db:52:3f:86:80:42:1d:6b:f0:e7:6f:82:e7:3c:d1:36:
         62:eb:cd:d3:4b:57:b3:de:97:53:f0:21:39:c8:27:a9:3d:ab:
         63:b4:ec:1f:b4:86:c7:25:34:2e:29:a1:fb:9b:25:22:58:f1:
         49:ad:d9:96:ea:aa:90:2e:27:22:0a:fe:11:bd:fb:e7:a3:52:
         40:1e:60:eb:e6:4b:d0:af:bc:eb:1c:70:11:2f:0b:4b:43:6b:
         10:33:a3:6d:c4:14:a6:48:fb:5a:fe:fe:28:ca:1d:65:ab:0b:
         58:3c:7d:dd:df:a3:8f:21:e8:36:73:5b:e8:7f:7b:6b:d7:b7:
         29:a9:4e:d0:2c:fe:59:f4:94:b7:8a:86:32:1c:85:bd:6f:8b:
         c6:a5:d2:66:e6:90:ae:95:89:4e:74:13:fe:81:dd:3b:0a:ad:
         7f:d0:16:e9:f9:d7:04:93:15:f0:ff:b9:bd:2e:c5:fa:7e:8d:
         f2:92:f0:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16kxmBdd3hMgyAWhw9x4NLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA1MTg0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTViNTg3MGNmY2IyNTA2ZjIyY2JiMWUyZDE1ZmRkYzhmNjk3NTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEaf11vOID5hkMnz032Cftw8z8zy
hpUTe+iZ2oE1Kmhzkg/hJ/jbWQJvuiSE/oPwqrUPXqh+rHKoxdt1pSBvXQoEpdY9
07orVfsAp3bjCHu9gr1HOy7RgQGFEOlIW3Zg5DTB7f203LGn3UCorkLPERgXo+xE
t1APlRRtoMkMhZatkxLobnnp6MoXxXpR9ZDJO4xR5KjbYAMphGvvlfawciWUyLQX
Kkcmt5G1zl5Pim3+XW7B4ljKrnsS5vkjqYsEUZNzd01XGj7zNH5LRfyXUIVSlOPG
VIVKL7cgRd77Y1sfcMQrjKMPPo5N7td/3ID+LSc3uqrhlBRXJ2jhUJeLFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpbWHDPyyUG8iy7Hi0V/dyPaXVGMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvR2x0WWNNX0xKUWJ5TExzZUxSWDkzSTlwZFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY7YMA0G
CSqGSIb3DQEBCwUAA4IBAQCWR765kTEHC9nkqyVSgGyudPXQ6SgBtBo0457rC8SY
Ab9yDl942FAsQW6CLiR4FRDqVs4zjhcz7cwIj0LpXlJOMuIszKsruQeZ0ttSP4aA
Qh1r8Odvguc80TZi683TS1ez3pdT8CE5yCepPatjtOwftIbHJTQuKaH7myUiWPFJ
rdmW6qqQLiciCv4Rvfvno1JAHmDr5kvQr7zrHHARLwtLQ2sQM6NtxBSmSPta/v4o
yh1lqwtYPH3d36OPIeg2c1vof3tr17cpqU7QLP5Z9JS3ioYyHIW9b4vGpdJm5pCu
lYlOdBP+gd07Cq1/0Bbp+dcEkxXw/7m9LsX6fo3ykvCZ
-----END CERTIFICATE-----