Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hEkaKPrNa4ddsVNkS5oCi-wosH8.roa
File:                     hEkaKPrNa4ddsVNkS5oCi-wosH8.roa (raw, json)
Hash identifier:          efxjK7mJkVEb/kfhOs+9rEsnsqHwpL8R+TqoGPPPxuk=
Subject key identifier:   84:49:1A:28:FA:CD:6B:87:5D:B1:53:64:4B:9A:02:8B:EC:28:B0:7F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019266482EAC8AEC8FCCBC37EF48449749F0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hEkaKPrNa4ddsVNkS5oCi-wosH8.roa
Signing time:             Mon 07 Oct 2024 09:20:59 +0000
ROA not before:           Mon 07 Oct 2024 09:20:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206776
IP address blocks:        45.141.156.0/24 maxlen: 24
                          45.141.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:48:2e:ac:8a:ec:8f:cc:bc:37:ef:48:44:97:49:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct  7 09:20:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84491a28facd6b875db153644b9a028bec28b07f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cd:b9:18:b8:21:e8:bc:ad:61:87:6a:3a:3e:
                    07:2a:4b:3b:32:4b:46:62:04:3d:a4:d5:67:8e:82:
                    6a:aa:8a:cb:a0:75:b3:60:2b:79:26:7d:1d:07:96:
                    96:c6:66:96:20:4f:6e:63:e0:ac:3e:3d:4b:62:4e:
                    e0:db:d9:e5:d9:4f:64:68:4d:5e:41:a4:47:4b:88:
                    61:8f:79:79:e0:20:f1:f7:39:2f:ca:0f:70:5b:cc:
                    5b:e5:f7:f0:9c:fb:77:3c:33:73:bf:03:15:dc:f6:
                    8a:83:fc:54:3b:8a:a1:d1:b7:8b:c6:01:d2:b1:71:
                    eb:d1:1c:91:7c:fa:48:50:85:0a:d8:e8:4f:a5:e8:
                    44:08:d9:b9:4e:16:c6:24:ef:b6:95:16:24:8b:a5:
                    07:e2:c3:a1:a3:5f:96:eb:9a:e5:ff:44:ed:98:02:
                    56:e5:81:da:0e:66:59:35:b9:a4:cf:2f:69:c0:57:
                    03:3f:78:7c:e6:9e:f3:1a:05:b7:4f:a9:fb:cc:0a:
                    31:ac:33:30:de:56:0a:29:22:76:0f:b0:9a:54:ec:
                    11:7f:dc:63:18:60:e9:34:7e:6f:9a:ce:78:d5:df:
                    d2:8a:c9:e2:c6:e5:af:a3:18:be:0d:ae:20:53:aa:
                    31:e5:75:4e:ad:dc:d3:ba:f3:a6:56:14:af:18:d5:
                    b8:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:49:1A:28:FA:CD:6B:87:5D:B1:53:64:4B:9A:02:8B:EC:28:B0:7F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hEkaKPrNa4ddsVNkS5oCi-wosH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.156.0/24
                  45.141.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:01:64:87:4f:23:3f:ee:76:90:cd:07:49:1e:52:27:c3:86:
         72:58:4d:2e:51:90:13:e9:75:24:ba:94:6a:4b:ba:c3:11:a4:
         65:35:8f:ac:56:e6:5c:a4:26:58:bc:58:68:0d:27:3b:cf:bd:
         e1:6b:a1:0b:3b:3f:c4:b9:d1:b5:d3:ff:77:78:c6:71:69:2a:
         80:bc:43:b4:f6:3d:15:6f:66:82:f3:41:b5:d8:ea:59:de:77:
         32:53:72:18:f6:4e:f1:7f:bf:d1:16:8a:ce:ae:b0:b0:33:6f:
         13:a4:9a:cb:4a:49:d3:fc:83:41:49:eb:bd:62:6e:a2:6d:06:
         40:02:62:cf:53:c6:d9:73:76:51:61:cd:ac:b2:c4:25:94:63:
         4d:29:4d:15:c4:5a:8b:df:ba:4c:f6:d1:5c:7f:ca:01:6f:2d:
         08:fd:83:ba:0f:39:af:7c:c4:8b:6b:d1:74:72:af:c4:1e:7a:
         13:75:bb:bf:d5:06:69:4a:4b:c5:fe:75:6b:72:47:c6:94:4d:
         cf:2c:da:5f:d8:7e:71:2a:3b:89:3d:f7:4b:ea:71:ed:39:0b:
         cb:f2:7d:1b:33:c6:ab:c3:39:3f:bd:cf:a6:8f:52:2d:36:4e:
         79:58:de:6a:83:6f:79:c1:8c:09:f3:9b:29:94:4a:94:5e:07:
         bb:d0:e9:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJmSC6siuyPzLw370hEl0nwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDA3MDkyMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQ5MWEyOGZhY2Q2Yjg3NWRiMTUzNjQ0YjlhMDI4YmVjMjhiMDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx825GLgh6LytYYdqOj4HKks7MktG
YgQ9pNVnjoJqqorLoHWzYCt5Jn0dB5aWxmaWIE9uY+CsPj1LYk7g29nl2U9kaE1e
QaRHS4hhj3l54CDx9zkvyg9wW8xb5ffwnPt3PDNzvwMV3PaKg/xUO4qh0beLxgHS
sXHr0RyRfPpIUIUK2OhPpehECNm5ThbGJO+2lRYki6UH4sOho1+W65rl/0TtmAJW
5YHaDmZZNbmkzy9pwFcDP3h85p7zGgW3T6n7zAoxrDMw3lYKKSJ2D7CaVOwRf9xj
GGDpNH5vms541d/SisnixuWvoxi+Da4gU6ox5XVOrdzTuvOmVhSvGNW4ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIRJGij6zWuHXbFTZEuaAovsKLB/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaEVrYUtQck5hNGRkc1ZOa1M1b0NpLXdvc0g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY2cAwQA
LY2fMA0GCSqGSIb3DQEBCwUAA4IBAQAAAWSHTyM/7naQzQdJHlInw4ZyWE0uUZAT
6XUkupRqS7rDEaRlNY+sVuZcpCZYvFhoDSc7z73ha6ELOz/EudG10/93eMZxaSqA
vEO09j0Vb2aC80G12OpZ3ncyU3IY9k7xf7/RForOrrCwM28TpJrLSknT/INBSeu9
Ym6ibQZAAmLPU8bZc3ZRYc2sssQllGNNKU0VxFqL37pM9tFcf8oBby0I/YO6Dzmv
fMSLa9F0cq/EHnoTdbu/1QZpSkvF/nVrckfGlE3PLNpf2H5xKjuJPfdL6nHtOQvL
8n0bM8arwzk/vc+mj1ItNk55WN5qg295wYwJ85splEqUXge70OlJ
-----END CERTIFICATE-----