Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Sz_nRSwcvvnxGaU-s2z8ziuiY1I.roa
File:                     Sz_nRSwcvvnxGaU-s2z8ziuiY1I.roa (raw, json)
Hash identifier:          7Slxnvvj7pb5wbJ4unfy+kM8eQaEgPLoJluqhkCnB8s=
Subject key identifier:   4B:3F:E7:45:2C:1C:BE:F9:F1:19:A5:3E:B3:6C:FC:CE:2B:A2:63:52
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A76045D043E05333EC43D8F75B797
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Sz_nRSwcvvnxGaU-s2z8ziuiY1I.roa
Signing time:             Tue 02 Jan 2024 12:33:49 +0000
ROA not before:           Tue 02 Jan 2024 12:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201691
IP address blocks:        45.146.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:76:04:5d:04:3e:05:33:3e:c4:3d:8f:75:b7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b3fe7452c1cbef9f119a53eb36cfcce2ba26352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f5:be:1f:52:c6:f7:90:fc:15:96:26:38:94:
                    7e:11:79:5d:99:a3:8d:31:76:5f:cf:36:32:4c:5c:
                    c2:27:0b:81:fb:6d:71:88:2e:02:ab:b8:6b:0c:73:
                    0f:a9:e5:3d:0e:2c:92:84:a0:cb:4b:4e:db:fb:aa:
                    07:cc:e6:2e:63:b9:f2:e1:9d:95:55:c5:46:13:d5:
                    d7:af:2f:db:97:c9:c0:fe:c1:7e:11:65:52:78:b1:
                    68:3e:78:30:a5:ee:65:06:11:a2:cf:6b:bf:b1:76:
                    88:9b:9e:bf:25:8c:62:b6:77:ea:2e:d1:52:4c:a2:
                    ef:51:9a:0c:59:b3:7e:c5:4a:28:86:95:14:a3:1b:
                    dc:20:2f:85:ca:1d:6f:b6:71:5a:ec:91:54:00:40:
                    dc:18:cc:41:ef:e2:10:c9:6f:ea:ed:70:a5:02:50:
                    2d:35:89:c3:9e:6b:7c:ff:72:dd:e8:24:bb:5d:b3:
                    dd:d3:2e:db:9c:7a:61:36:8f:f0:c5:b9:75:c1:5c:
                    27:c5:22:29:9d:8d:f1:aa:15:55:a0:85:c0:93:fd:
                    b7:96:79:07:36:3e:a8:e6:fc:9c:d0:f9:de:a4:61:
                    7f:4d:44:e1:dc:4e:31:2a:70:c4:9c:b4:f3:a8:54:
                    2b:c1:4e:bc:7e:20:fc:fd:a4:2e:c8:b7:b3:4f:0c:
                    3c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:3F:E7:45:2C:1C:BE:F9:F1:19:A5:3E:B3:6C:FC:CE:2B:A2:63:52
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Sz_nRSwcvvnxGaU-s2z8ziuiY1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:bd:ed:ee:d1:0d:e9:3a:50:8f:1e:67:87:e7:d9:a3:34:c4:
         ef:79:0c:0c:fe:fa:cc:6b:ff:08:05:00:d9:1a:2e:2c:3f:5b:
         be:e1:12:c8:0e:ba:6f:ca:cb:b7:50:84:04:17:e9:18:88:d0:
         17:68:10:f0:97:ac:4a:33:4f:61:50:01:e1:11:79:56:d9:fa:
         07:5b:7a:55:86:48:85:3d:6e:43:ce:4e:fa:ea:44:20:9e:c3:
         36:7a:96:67:62:cf:f8:3a:89:e0:3e:e3:dd:2a:ae:39:f4:c7:
         fd:ed:a6:39:1a:de:82:c1:50:cb:cc:3a:0f:26:1c:5e:cf:de:
         d7:51:04:31:5b:64:ce:79:6e:05:d7:73:d3:53:f2:23:a6:82:
         9d:25:cd:aa:ab:25:43:07:61:25:91:8a:94:34:62:c7:02:29:
         ac:85:89:f8:81:48:52:76:ad:2b:97:ba:03:af:b8:0d:a0:c0:
         9b:1a:b0:be:0b:dc:53:07:ef:82:5d:60:4d:9f:e7:d7:06:b5:
         88:20:58:81:9a:8b:6e:34:dd:89:23:0d:b2:6a:8a:1d:ec:ed:
         ae:60:28:94:00:75:b4:28:ec:b6:d1:cb:e0:30:7b:ef:a3:f6:
         de:4b:24:5f:22:48:84:d5:8d:2b:c8:6b:4e:c6:30:5d:8e:07:
         48:51:3a:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnYEXQQ+BTM+xD2PdbeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNmZTc0NTJjMWNiZWY5ZjExOWE1M2ViMzZjZmNjZTJiYTI2MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/W+H1LG95D8FZYmOJR+EXldmaON
MXZfzzYyTFzCJwuB+21xiC4Cq7hrDHMPqeU9DiyShKDLS07b+6oHzOYuY7ny4Z2V
VcVGE9XXry/bl8nA/sF+EWVSeLFoPngwpe5lBhGiz2u/sXaIm56/JYxitnfqLtFS
TKLvUZoMWbN+xUoohpUUoxvcIC+Fyh1vtnFa7JFUAEDcGMxB7+IQyW/q7XClAlAt
NYnDnmt8/3Ld6CS7XbPd0y7bnHphNo/wxbl1wVwnxSIpnY3xqhVVoIXAk/23lnkH
Nj6o5vyc0PnepGF/TUTh3E4xKnDEnLTzqFQrwU68fiD8/aQuyLezTww8KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEs/50UsHL758RmlPrNs/M4romNSMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvU3pfblJTd2N2dm54R2FVLXMyejh6aXVpWTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLwMA0G
CSqGSIb3DQEBCwUAA4IBAQCjve3u0Q3pOlCPHmeH59mjNMTveQwM/vrMa/8IBQDZ
Gi4sP1u+4RLIDrpvysu3UIQEF+kYiNAXaBDwl6xKM09hUAHhEXlW2foHW3pVhkiF
PW5Dzk766kQgnsM2epZnYs/4OongPuPdKq459Mf97aY5Gt6CwVDLzDoPJhxez97X
UQQxW2TOeW4F13PTU/IjpoKdJc2qqyVDB2ElkYqUNGLHAimshYn4gUhSdq0rl7oD
r7gNoMCbGrC+C9xTB++CXWBNn+fXBrWIIFiBmotuNN2JIw2yaood7O2uYCiUAHW0
KOy20cvgMHvvo/beSyRfIkiE1Y0ryGtOxjBdjgdIUTof
-----END CERTIFICATE-----