Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/kjnHUbqnNeKUfIlQYz8EIUC_X_I.roa
File:                     kjnHUbqnNeKUfIlQYz8EIUC_X_I.roa (raw, json)
Hash identifier:          RB5I0xfjV+eKRsPYVYAD3VgpPeQvXOFg1SXxWic1wl0=
Subject key identifier:   92:39:C7:51:BA:A7:35:E2:94:7C:89:50:63:3F:04:21:40:BF:5F:F2
Certificate issuer:       /CN=3de49b1844fe4422afbe10cdd2819c7448277e65
Certificate serial:       018CC2DAF55CFFD08BEE0ABD0C7E8A8591D8
Authority key identifier: 3D:E4:9B:18:44:FE:44:22:AF:BE:10:CD:D2:81:9C:74:48:27:7E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeSbGET-RCKvvhDN0oGcdEgnfmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/kjnHUbqnNeKUfIlQYz8EIUC_X_I.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        45.153.19.0/24 maxlen: 24
                          45.153.18.0/23 maxlen: 23
                          45.153.18.0/24 maxlen: 24
                          2a00:1e29::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/PeSbGET-RCKvvhDN0oGcdEgnfmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/PeSbGET-RCKvvhDN0oGcdEgnfmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeSbGET-RCKvvhDN0oGcdEgnfmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:03:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f5:5c:ff:d0:8b:ee:0a:bd:0c:7e:8a:85:91:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de49b1844fe4422afbe10cdd2819c7448277e65
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9239c751baa735e2947c8950633f042140bf5ff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:57:16:b8:c6:c1:e3:10:38:cd:9c:c2:bf:25:
                    e1:e2:11:4f:7c:dc:ca:26:5d:22:66:04:6f:d4:9c:
                    29:7e:1b:19:94:6c:5f:ce:dc:56:cb:99:5f:4a:74:
                    82:dd:6b:d4:e5:a3:7f:f7:d0:b3:ee:24:69:8c:cb:
                    25:c2:20:7e:54:e6:2c:94:c7:d8:8e:30:d0:af:8a:
                    90:dc:cc:1c:9d:17:76:59:f5:70:7a:9c:f5:ea:60:
                    75:cd:35:2a:a6:08:61:77:50:c9:98:79:f9:b8:30:
                    fb:f3:a2:aa:36:85:8d:34:c2:b9:d6:f4:94:2c:15:
                    11:1f:2f:9f:10:7b:b7:11:6c:58:12:22:ac:3c:2d:
                    48:da:f6:23:03:3d:9d:48:9a:b9:b9:07:68:04:02:
                    6e:a2:1d:67:37:30:63:2d:17:f5:10:76:f6:65:04:
                    83:f7:26:bb:67:07:20:03:72:b1:a9:30:fb:02:fa:
                    12:aa:e6:d6:79:72:d3:de:13:ca:8f:e6:87:f5:10:
                    54:cd:25:60:55:49:6c:39:5c:9b:7b:f1:40:93:13:
                    9f:7d:49:24:cd:6f:fa:58:b3:f0:b5:31:53:1b:6e:
                    5c:5b:1c:b2:67:51:2e:9b:b1:33:86:49:4d:7e:d1:
                    16:eb:07:3d:7d:71:67:f7:58:48:61:f6:aa:71:bb:
                    22:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:39:C7:51:BA:A7:35:E2:94:7C:89:50:63:3F:04:21:40:BF:5F:F2
            X509v3 Authority Key Identifier:
                keyid:3D:E4:9B:18:44:FE:44:22:AF:BE:10:CD:D2:81:9C:74:48:27:7E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeSbGET-RCKvvhDN0oGcdEgnfmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/kjnHUbqnNeKUfIlQYz8EIUC_X_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/PeSbGET-RCKvvhDN0oGcdEgnfmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.18.0/23
                IPv6:
                  2a00:1e29::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:68:0a:41:e0:99:25:62:78:51:71:66:e5:37:97:c5:e7:86:
         14:39:a7:e6:4d:e5:80:ad:d9:f1:f6:ff:a5:b3:8d:0a:eb:49:
         d0:07:38:fd:ca:f3:52:13:2c:94:3c:5f:ff:00:c7:61:09:66:
         2f:b1:ef:35:ac:e0:aa:a1:fd:61:eb:37:c4:cf:e2:fb:fb:2a:
         e9:33:9f:6e:fb:3e:ba:a8:75:3f:d3:2a:42:ef:7b:d2:32:5f:
         a3:2e:51:67:e5:85:c2:b2:20:a2:fb:39:4b:74:f1:04:cd:24:
         29:20:3d:86:c9:5b:e0:a4:8d:83:fa:cf:1d:4e:1f:56:73:75:
         ce:34:62:2b:26:11:02:1a:cf:ad:0b:17:6a:57:f1:83:6c:05:
         e3:e9:1c:31:14:28:e8:df:41:03:8a:f5:07:93:ab:aa:65:f9:
         14:fc:db:48:d3:4d:89:90:7b:a1:82:aa:f7:17:c0:54:fd:6e:
         cf:f9:5a:a7:6a:99:0d:79:14:a5:b7:91:f7:96:8e:d6:08:ee:
         56:b3:4c:83:0e:45:36:4b:52:d6:b1:d5:d7:5c:50:49:6b:d2:
         aa:35:ca:1f:01:67:28:55:f8:33:5d:10:f7:66:99:bb:af:d3:
         00:d8:aa:0b:b2:bd:b4:a0:e5:c3:15:c9:0e:33:3f:51:26:a9:
         74:e8:0a:08
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2vVc/9CL7gq9DH6KhZHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTQ5YjE4NDRmZTQ0MjJhZmJlMTBjZGQyODE5Yzc0NDgy
NzdlNjUwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjM5Yzc1MWJhYTczNWUyOTQ3Yzg5NTA2MzNmMDQyMTQwYmY1ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlcWuMbB4xA4zZzCvyXh4hFPfNzK
Jl0iZgRv1JwpfhsZlGxfztxWy5lfSnSC3WvU5aN/99Cz7iRpjMslwiB+VOYslMfY
jjDQr4qQ3MwcnRd2WfVwepz16mB1zTUqpghhd1DJmHn5uDD786KqNoWNNMK51vSU
LBURHy+fEHu3EWxYEiKsPC1I2vYjAz2dSJq5uQdoBAJuoh1nNzBjLRf1EHb2ZQSD
9ya7ZwcgA3KxqTD7AvoSqubWeXLT3hPKj+aH9RBUzSVgVUlsOVybe/FAkxOffUkk
zW/6WLPwtTFTG25cWxyyZ1Eum7EzhklNftEW6wc9fXFn91hIYfaqcbsiBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJI5x1G6pzXilHyJUGM/BCFAv1/yMB8GA1UdIwQY
MBaAFD3kmxhE/kQir74QzdKBnHRIJ35lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVTYkdFVC1SQ0t2dmhETjBvR2NkRWduZm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC84MWIxODgtMjU1ZC00OWM3LTlmOTgt
MGFjOWI0ZDdlYWI3LzEva2puSFVicW5OZUtVZklsUVl6OEVJVUNfWF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC84MWIxODgtMjU1ZC00OWM3LTlmOTgtMGFjOWI0ZDdlYWI3
LzEvUGVTYkdFVC1SQ0t2dmhETjBvR2NkRWduZm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLZkSMA0E
AgACMAcDBQAqAB4pMA0GCSqGSIb3DQEBCwUAA4IBAQBQaApB4JklYnhRcWblN5fF
54YUOafmTeWArdnx9v+ls40K60nQBzj9yvNSEyyUPF//AMdhCWYvse81rOCqof1h
6zfEz+L7+yrpM59u+z66qHU/0ypC73vSMl+jLlFn5YXCsiCi+zlLdPEEzSQpID2G
yVvgpI2D+s8dTh9Wc3XONGIrJhECGs+tCxdqV/GDbAXj6RwxFCjo30EDivUHk6uq
ZfkU/NtI002JkHuhgqr3F8BU/W7P+VqnapkNeRSlt5H3lo7WCO5Ws0yDDkU2S1LW
sdXXXFBJa9KqNcofAWcoVfgzXRD3Zpm7r9MA2KoLsr20oOXDFckOMz9RJql06AoI
-----END CERTIFICATE-----