Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GXeq1ubOGzSEQD1GwpwI8HfDy-4.roa
File:                     GXeq1ubOGzSEQD1GwpwI8HfDy-4.roa (raw, json)
Hash identifier:          yqlVj8f7ku1rSg0XzgYeKux4IMZ4h13PaePwU72TU5U=
Subject key identifier:   19:77:AA:D6:E6:CE:1B:34:84:40:3D:46:C2:9C:08:F0:77:C3:CB:EE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD168C58FC5AC8A907E69031B689C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GXeq1ubOGzSEQD1GwpwI8HfDy-4.roa
Signing time:             Tue 02 Jan 2024 06:29:23 +0000
ROA not before:           Tue 02 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19437
IP address blocks:        45.8.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d1:68:c5:8f:c5:ac:8a:90:7e:69:03:1b:68:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1977aad6e6ce1b3484403d46c29c08f077c3cbee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7c:0b:33:a2:8c:7f:09:62:2c:ee:51:f1:be:
                    b4:07:46:f5:11:8c:ed:e8:0c:f5:1d:ca:43:11:f3:
                    e6:d4:6d:30:99:bf:ba:1e:c0:ab:f5:39:45:e9:8b:
                    ff:e5:df:9f:e4:0d:13:30:c3:ef:d5:95:8f:1e:77:
                    e2:c7:ac:68:0d:45:63:e6:e0:68:9c:64:2f:bd:1b:
                    ef:04:e6:70:55:1d:99:64:da:18:30:83:be:b4:e5:
                    ea:60:c1:d8:ee:e7:0b:b5:ee:dd:27:d5:ca:9c:34:
                    44:4c:8b:98:39:a0:64:c0:dd:a4:f7:02:ea:2a:f7:
                    d1:cd:dd:16:e8:4c:02:33:24:8b:40:80:93:01:9f:
                    fd:37:ff:a7:24:e2:25:7a:0f:a0:3c:13:03:c1:53:
                    9f:5f:68:1f:43:7d:60:40:71:3a:aa:4e:b2:0a:7f:
                    a7:29:8b:bd:e0:38:ab:ec:2d:ec:d5:96:70:c9:2d:
                    8f:4d:7e:5b:78:26:32:fa:90:b9:97:bb:8e:b7:44:
                    f2:9f:f3:2d:97:bc:eb:e0:6f:de:48:35:69:ba:36:
                    75:4c:39:f1:2d:14:1e:b2:05:6f:c8:ad:ee:2e:36:
                    d6:fd:ed:93:52:b6:09:a6:a4:de:66:f4:84:29:1a:
                    e0:f8:e9:e7:29:07:f5:36:a8:c3:c9:95:ab:93:d7:
                    ad:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:77:AA:D6:E6:CE:1B:34:84:40:3D:46:C2:9C:08:F0:77:C3:CB:EE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GXeq1ubOGzSEQD1GwpwI8HfDy-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:c6:5f:66:7d:7f:a5:c6:19:bb:b7:33:8c:5f:b8:90:84:0d:
         6c:df:18:de:75:cc:44:57:bd:94:72:ea:fb:2b:55:aa:2d:fb:
         9c:f4:63:5d:fc:d5:bf:f0:66:ea:5b:d0:68:3a:68:4c:a3:7f:
         55:34:c7:6e:89:e8:36:9e:91:19:bc:8d:a6:50:6a:e3:86:25:
         17:53:de:4a:62:67:a7:6e:63:73:01:0f:0a:fc:84:21:d8:f2:
         f6:ad:da:7f:77:81:d4:34:b7:8e:8e:8f:90:54:65:dd:aa:b4:
         99:38:d3:1f:a8:39:54:1b:21:80:02:8b:aa:0c:66:93:44:76:
         80:45:2f:a0:1c:25:c3:e1:b6:c0:7d:05:7b:98:e5:6e:dd:e7:
         c5:49:1c:c2:a4:bf:44:64:e2:bb:6f:34:3b:c6:47:d5:30:54:
         11:1d:fb:c2:dc:34:06:33:f7:3e:f8:7f:07:76:87:4e:6e:79:
         f4:af:32:37:f0:16:c2:1b:3b:21:27:a3:f1:fa:a2:6a:6c:45:
         7e:ab:bc:43:76:f5:17:4d:e3:34:4e:d5:de:8f:ce:44:21:79:
         a6:5f:83:4a:6b:f0:27:85:61:d5:10:23:81:5b:d6:15:cd:96:
         dc:d9:53:90:64:bd:4d:fe:aa:ee:6b:4e:de:10:5b:78:69:58:
         a0:b1:b2:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NFoxY/FrIqQfmkDG2icMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc3YWFkNmU2Y2UxYjM0ODQ0MDNkNDZjMjljMDhmMDc3YzNjYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHwLM6KMfwliLO5R8b60B0b1EYzt
6Az1HcpDEfPm1G0wmb+6HsCr9TlF6Yv/5d+f5A0TMMPv1ZWPHnfix6xoDUVj5uBo
nGQvvRvvBOZwVR2ZZNoYMIO+tOXqYMHY7ucLte7dJ9XKnDRETIuYOaBkwN2k9wLq
KvfRzd0W6EwCMySLQICTAZ/9N/+nJOIleg+gPBMDwVOfX2gfQ31gQHE6qk6yCn+n
KYu94Dir7C3s1ZZwyS2PTX5beCYy+pC5l7uOt0Tyn/Mtl7zr4G/eSDVpujZ1TDnx
LRQesgVvyK3uLjbW/e2TUrYJpqTeZvSEKRrg+OnnKQf1NqjDyZWrk9et2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBl3qtbmzhs0hEA9RsKcCPB3w8vuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR1hlcTF1Yk9HelNFUUQxR3dwd0k4SGZEeS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQhfMA0G
CSqGSIb3DQEBCwUAA4IBAQCzxl9mfX+lxhm7tzOMX7iQhA1s3xjedcxEV72Ucur7
K1WqLfuc9GNd/NW/8GbqW9BoOmhMo39VNMduieg2npEZvI2mUGrjhiUXU95KYmen
bmNzAQ8K/IQh2PL2rdp/d4HUNLeOjo+QVGXdqrSZONMfqDlUGyGAAouqDGaTRHaA
RS+gHCXD4bbAfQV7mOVu3efFSRzCpL9EZOK7bzQ7xkfVMFQRHfvC3DQGM/c++H8H
dodObnn0rzI38BbCGzshJ6Px+qJqbEV+q7xDdvUXTeM0TtXej85EIXmmX4NKa/An
hWHVECOBW9YVzZbc2VOQZL1N/qrua07eEFt4aVigsbIQ
-----END CERTIFICATE-----