Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/efAcP7a7O0nzq6r0pIw8kjYh_qI.roa
File:                     efAcP7a7O0nzq6r0pIw8kjYh_qI.roa (raw, json)
Hash identifier:          P3Nwoegt3ckPvc8vCR/e88CNgfsY7r/IFE0GOmGPt6U=
Subject key identifier:   79:F0:1C:3F:B6:BB:3B:49:F3:AB:AA:F4:A4:8C:3C:92:36:21:FE:A2
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       018CC7951F4BD9DE08DE6662CA0675B6EA68
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/efAcP7a7O0nzq6r0pIw8kjYh_qI.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        5.180.106.0/24 maxlen: 24
                          45.136.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1f:4b:d9:de:08:de:66:62:ca:06:75:b6:ea:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79f01c3fb6bb3b49f3abaaf4a48c3c923621fea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d5:ee:6c:c0:30:58:cf:a8:5a:63:4c:f5:b7:
                    7c:2c:16:36:3f:5c:78:7c:bd:72:3a:4c:7e:eb:70:
                    91:29:ba:a6:f7:94:45:87:af:62:18:ab:b3:40:d0:
                    62:f9:d5:31:d0:e5:d2:eb:51:f3:00:af:de:d0:54:
                    43:bc:2f:c1:b2:f9:5a:11:da:b0:f7:af:cb:57:4c:
                    ee:37:0c:ee:6f:e0:9f:5a:38:47:4c:37:59:33:53:
                    d4:5d:6f:be:aa:ff:08:33:57:6c:2b:0f:ff:10:98:
                    b4:30:d6:36:12:01:06:1d:15:85:0f:8c:d4:64:ad:
                    dc:10:74:f9:b6:73:81:b7:64:0f:c2:8f:a3:cb:d6:
                    bc:20:ca:8a:1e:a4:54:c9:63:2f:6d:42:5f:20:4c:
                    fd:aa:6e:f3:ef:0b:ba:ac:be:ce:47:d2:b9:25:5f:
                    bb:96:90:28:e8:91:f7:fd:78:41:6a:86:9c:31:ba:
                    82:26:f9:49:fb:08:16:08:71:a2:fa:27:ea:66:2c:
                    68:9f:2c:84:de:f6:d3:f5:ac:47:39:73:0f:b9:74:
                    30:d9:85:f5:a6:b5:63:d5:3a:87:39:7e:57:ef:56:
                    07:86:46:18:41:1c:55:59:83:53:6c:54:7a:82:1c:
                    d6:3a:9f:2a:8f:2a:47:d2:15:0b:a5:7d:10:fe:0d:
                    ce:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F0:1C:3F:B6:BB:3B:49:F3:AB:AA:F4:A4:8C:3C:92:36:21:FE:A2
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/efAcP7a7O0nzq6r0pIw8kjYh_qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.106.0/24
                  45.136.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:a4:f6:5f:21:ad:ec:6d:3a:55:34:34:f2:bd:0d:29:b4:bc:
         1c:b8:46:15:f1:41:8d:a6:e4:81:5a:d1:a7:fd:1d:c4:0e:7d:
         c9:03:ad:43:c7:11:d8:d9:04:a5:8d:fa:da:b7:f4:8d:21:17:
         4b:c0:45:2b:78:ec:a1:19:d3:36:fe:62:6a:be:99:69:e1:3b:
         c2:1c:de:5a:20:6c:24:2d:f0:af:6a:09:df:3e:5c:47:4a:0c:
         d9:22:d4:e3:97:f4:c9:72:9c:ee:56:d8:2e:60:d1:7c:bd:ea:
         99:4e:5d:9d:24:ec:05:1a:9a:70:01:c3:fd:f3:90:0e:15:5a:
         ad:be:3b:da:36:57:6e:1a:2d:d5:e2:71:54:45:2e:ce:fe:b8:
         25:07:dc:95:a4:ae:75:bb:cb:b8:b7:c6:12:4b:0c:65:8e:14:
         9b:01:d7:1e:54:19:4b:a7:e3:cf:af:2c:bf:b4:a2:f0:cb:dc:
         15:22:9c:fe:53:1a:77:73:fe:ae:3d:46:54:12:2d:cf:fc:dd:
         c3:6a:39:c8:c2:3c:85:9c:30:ce:0a:19:a9:2c:b9:1c:ad:56:
         88:29:23:d8:06:8b:f0:fd:a5:3a:b4:ad:f5:22:bc:cf:1e:24:
         33:a3:38:a4:3c:45:b8:f8:37:38:c1:e6:6e:50:0f:b4:b6:13:
         22:45:67:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlR9L2d4I3mZiygZ1tupoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWYwMWMzZmI2YmIzYjQ5ZjNhYmFhZjRhNDhjM2M5MjM2MjFmZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNXubMAwWM+oWmNM9bd8LBY2P1x4
fL1yOkx+63CRKbqm95RFh69iGKuzQNBi+dUx0OXS61HzAK/e0FRDvC/BsvlaEdqw
96/LV0zuNwzub+CfWjhHTDdZM1PUXW++qv8IM1dsKw//EJi0MNY2EgEGHRWFD4zU
ZK3cEHT5tnOBt2QPwo+jy9a8IMqKHqRUyWMvbUJfIEz9qm7z7wu6rL7OR9K5JV+7
lpAo6JH3/XhBaoacMbqCJvlJ+wgWCHGi+ifqZixonyyE3vbT9axHOXMPuXQw2YX1
prVj1TqHOX5X71YHhkYYQRxVWYNTbFR6ghzWOp8qjypH0hULpX0Q/g3O0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHnwHD+2uztJ86uq9KSMPJI2If6iMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvZWZBY1A3YTdPMG56cTZyMHBJdzhralloX3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbRqAwQA
LYgEMA0GCSqGSIb3DQEBCwUAA4IBAQCBpPZfIa3sbTpVNDTyvQ0ptLwcuEYV8UGN
puSBWtGn/R3EDn3JA61DxxHY2QSljfrat/SNIRdLwEUreOyhGdM2/mJqvplp4TvC
HN5aIGwkLfCvagnfPlxHSgzZItTjl/TJcpzuVtguYNF8veqZTl2dJOwFGppwAcP9
85AOFVqtvjvaNlduGi3V4nFURS7O/rglB9yVpK51u8u4t8YSSwxljhSbAdceVBlL
p+PPryy/tKLwy9wVIpz+Uxp3c/6uPUZUEi3P/N3DajnIwjyFnDDOChmpLLkcrVaI
KSPYBovw/aU6tK31IrzPHiQzozikPEW4+Dc4weZuUA+0thMiRWcN
-----END CERTIFICATE-----