Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ALLC8WqMioBQGYyTGNXPhJ3s3F8.roa
File:                     ALLC8WqMioBQGYyTGNXPhJ3s3F8.roa (raw, json)
Hash identifier:          IWo1RQWxRiiXFyJbdrSQnBu5L00qrPzEOI2MIy2n9so=
Subject key identifier:   00:B2:C2:F1:6A:8C:8A:80:50:19:8C:93:18:D5:CF:84:9D:EC:DC:5F
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018FE86FBD396DD55397092765896925B17D
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ALLC8WqMioBQGYyTGNXPhJ3s3F8.roa
Signing time:             Wed 05 Jun 2024 12:46:28 +0000
ROA not before:           Wed 05 Jun 2024 12:46:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        45.148.28.0/22 maxlen: 22
                          217.78.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:6f:bd:39:6d:d5:53:97:09:27:65:89:69:25:b1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jun  5 12:46:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00b2c2f16a8c8a8050198c9318d5cf849decdc5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6c:ef:ab:e5:2b:ef:ca:d7:64:ce:c0:09:d1:
                    ab:11:1e:c2:73:2c:45:07:d9:51:4d:f0:d7:75:77:
                    ac:2c:16:fa:51:a2:84:cf:39:47:3f:fe:46:c7:94:
                    2c:b8:5f:ea:0b:b6:9a:d0:b5:6e:0f:34:d8:69:f1:
                    0b:e7:fe:93:bb:8a:d2:27:a2:ae:66:25:dd:47:71:
                    6a:54:b3:73:28:d3:a3:b8:4b:43:c8:b4:bf:ae:7f:
                    74:56:51:e0:21:b5:00:6a:41:48:3b:84:fc:25:5c:
                    3f:0e:a3:93:e2:29:0b:f9:6b:b8:c8:0e:76:00:c2:
                    42:37:32:22:3b:99:07:39:0e:d2:3a:da:76:ec:64:
                    f4:6b:a7:33:97:1d:a8:91:14:1e:ac:59:45:12:35:
                    98:3c:42:a9:e8:6d:74:02:c8:b3:e4:7b:3e:3e:d1:
                    2e:04:26:5b:30:93:16:8d:30:0d:16:88:ef:5f:50:
                    60:7c:91:47:ce:1e:7b:ef:37:07:d6:a2:e6:bc:d3:
                    cf:94:9e:92:40:0c:f1:19:33:3e:e9:04:77:4f:5f:
                    ef:2a:84:f2:a7:95:1a:22:3b:fb:cd:55:5f:3b:76:
                    34:e7:07:da:a9:f1:c5:6a:7a:36:b3:83:03:ba:80:
                    50:71:d5:26:e6:0d:4a:56:83:ee:ff:bb:1d:9f:a3:
                    8f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B2:C2:F1:6A:8C:8A:80:50:19:8C:93:18:D5:CF:84:9D:EC:DC:5F
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ALLC8WqMioBQGYyTGNXPhJ3s3F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.28.0/22
                  217.78.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:44:a2:6c:1d:8e:21:62:e2:d8:9c:3d:a8:b0:83:c0:c4:23:
         59:b7:e6:e8:c4:c9:32:27:c1:e5:3b:7f:7d:a0:cb:a4:17:97:
         e8:d6:cd:05:aa:3d:93:61:8f:e6:9c:a4:f8:ad:fe:8e:77:b2:
         96:15:7e:40:78:8b:2d:64:c7:72:be:06:c6:c4:ba:83:4f:6b:
         68:75:f2:e4:c9:a8:b5:d2:ac:73:e8:74:90:e2:d5:52:f0:a9:
         72:13:10:1e:be:10:3d:66:e9:d5:e6:a9:5b:bb:31:b4:85:b0:
         81:ca:c4:b7:7c:91:e0:cc:fb:33:b0:19:52:00:39:d9:a8:3f:
         52:97:dd:2a:92:6b:95:f8:d4:b4:62:be:4f:89:29:7e:ec:64:
         cc:c9:f0:a2:0a:06:85:40:bf:5b:a7:78:c7:5d:fa:1a:21:9f:
         e8:ad:6d:14:d2:57:9e:90:0e:82:86:ca:2c:fb:f0:da:e6:0f:
         ea:f1:c1:0c:a9:55:38:3c:c3:f0:10:fe:b9:b6:1e:7b:92:34:
         e2:c7:21:56:21:ad:0e:5b:76:3f:9e:51:a5:ec:fa:d9:0e:3c:
         24:b3:a8:fa:5a:4b:94:49:6e:15:75:b2:d8:22:68:d4:77:e7:
         bb:43:74:29:72:50:23:cd:0b:a8:04:a5:65:a3:bd:49:a9:04:
         79:66:d3:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/ob705bdVTlwknZYlpJbF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwNjA1MTI0NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGIyYzJmMTZhOGM4YTgwNTAxOThjOTMxOGQ1Y2Y4NDlkZWNkYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWzvq+Ur78rXZM7ACdGrER7CcyxF
B9lRTfDXdXesLBb6UaKEzzlHP/5Gx5QsuF/qC7aa0LVuDzTYafEL5/6Tu4rSJ6Ku
ZiXdR3FqVLNzKNOjuEtDyLS/rn90VlHgIbUAakFIO4T8JVw/DqOT4ikL+Wu4yA52
AMJCNzIiO5kHOQ7SOtp27GT0a6czlx2okRQerFlFEjWYPEKp6G10Asiz5Hs+PtEu
BCZbMJMWjTANFojvX1BgfJFHzh577zcH1qLmvNPPlJ6SQAzxGTM+6QR3T1/vKoTy
p5UaIjv7zVVfO3Y05wfaqfHFano2s4MDuoBQcdUm5g1KVoPu/7sdn6OPewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFACywvFqjIqAUBmMkxjVz4Sd7NxfMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvQUxMQzhXcU1pb0JRR1l5VEdOWFBoSjNzM0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZQcAwQA
2U7tMA0GCSqGSIb3DQEBCwUAA4IBAQA6RKJsHY4hYuLYnD2osIPAxCNZt+boxMky
J8HlO399oMukF5fo1s0Fqj2TYY/mnKT4rf6Od7KWFX5AeIstZMdyvgbGxLqDT2to
dfLkyai10qxz6HSQ4tVS8KlyExAevhA9ZunV5qlbuzG0hbCBysS3fJHgzPszsBlS
ADnZqD9Sl90qkmuV+NS0Yr5PiSl+7GTMyfCiCgaFQL9bp3jHXfoaIZ/orW0U0lee
kA6Chsos+/Da5g/q8cEMqVU4PMPwEP65th57kjTixyFWIa0OW3Y/nlGl7PrZDjwk
s6j6WkuUSW4VdbLYImjUd+e7Q3QpclAjzQuoBKVlo71JqQR5ZtMB
-----END CERTIFICATE-----