Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/4Mt58Xq4qYulMxngf2Cbba1xle0.roa
File:                     4Mt58Xq4qYulMxngf2Cbba1xle0.roa (raw, json)
Hash identifier:          clyMZnG6HcPZlEr496HgttwR9wR8IxzDiMa4yR/OEyY=
Subject key identifier:   E0:CB:79:F1:7A:B8:A9:8B:A5:33:19:E0:7F:60:9B:6D:AD:71:95:ED
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018CC727375C1EB47D71BAAB4389286E7F77
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/4Mt58Xq4qYulMxngf2Cbba1xle0.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46261
IP address blocks:        45.90.204.0/22 maxlen: 22
                          45.129.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:37:5c:1e:b4:7d:71:ba:ab:43:89:28:6e:7f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0cb79f17ab8a98ba53319e07f609b6dad7195ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ce:67:09:a9:3e:2c:9d:e5:70:db:b7:80:77:
                    b0:1f:e9:02:dc:34:c6:f2:bd:78:fc:d0:2f:63:ae:
                    3c:b3:89:9a:40:0f:6d:06:9d:d1:88:b4:0b:04:28:
                    03:7e:4b:39:1d:ed:b1:2f:84:11:01:22:4b:a8:be:
                    38:46:f8:4d:db:6a:6c:34:b4:0a:cc:15:15:97:90:
                    a0:a9:62:6e:99:b7:cb:5b:41:6e:fb:82:2c:03:3b:
                    e5:73:4d:79:3d:63:8e:27:12:89:51:6a:af:94:e9:
                    24:8a:e8:41:1e:11:b1:7a:0f:ee:b1:ea:36:92:0b:
                    72:38:2c:dc:0b:de:66:cb:78:d9:ad:e3:35:fe:50:
                    31:c9:7e:9a:12:bf:dd:24:cd:ba:f0:f7:e8:90:b6:
                    5b:7d:33:6c:94:cb:8d:42:52:5c:be:60:a5:04:0c:
                    5b:ca:0a:35:ad:53:96:64:f2:0d:78:35:db:91:97:
                    10:e9:4e:ad:ce:fa:5d:10:82:d1:7a:e6:e9:9f:8f:
                    1e:9f:af:c4:8c:6e:fa:90:23:be:a6:d0:d7:3e:2b:
                    f7:96:04:3f:98:e2:ea:d5:6e:25:c0:d6:d7:3e:5b:
                    10:e3:df:b6:dc:f5:6e:ce:d2:35:ab:49:b4:62:2e:
                    fb:fe:7d:42:d0:ac:07:1c:6a:22:32:29:59:e0:75:
                    ec:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CB:79:F1:7A:B8:A9:8B:A5:33:19:E0:7F:60:9B:6D:AD:71:95:ED
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/4Mt58Xq4qYulMxngf2Cbba1xle0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.204.0/22
                  45.129.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:cb:63:e1:b4:e2:de:b7:f6:84:5c:30:da:5c:af:79:64:28:
         e2:bb:df:ee:e1:db:06:66:c2:11:37:f7:c5:07:dc:7b:e0:da:
         6c:33:0a:26:7e:5f:55:df:c3:69:59:8d:b8:1c:ea:64:6a:91:
         6b:7b:9e:31:1e:36:66:c4:fe:97:4a:96:f6:5c:8d:d3:e5:12:
         52:e4:4c:ae:36:d0:60:09:f9:ca:fd:dd:06:39:bf:95:53:71:
         2a:4c:2a:e8:24:f3:9a:35:35:40:4a:60:35:46:a8:54:b2:ec:
         ab:15:67:a5:80:69:e1:24:fd:63:9f:e7:fb:43:2e:5c:e1:0c:
         1a:e1:8f:39:92:03:2b:30:9f:e7:14:a4:67:c2:a4:f6:d2:65:
         7e:93:f5:79:69:73:3d:69:df:82:0f:f1:82:c6:e2:3b:3e:88:
         ea:f1:4e:ec:63:ac:e6:1c:ba:8c:cb:39:fe:8c:08:df:2e:be:
         3b:7e:45:61:af:08:25:98:32:10:1d:84:e9:68:2e:3f:95:68:
         c3:40:48:38:71:d0:1f:9e:f4:62:3e:16:e8:a7:f5:39:48:a9:
         e0:19:03:0b:87:a8:19:1a:0e:4e:e2:7c:a6:46:b5:b2:2f:36:
         c0:14:20:00:40:66:38:59:25:63:9a:ba:6b:bf:32:b9:ed:40:
         34:40:61:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzdcHrR9cbqrQ4kobn93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNiNzlmMTdhYjhhOThiYTUzMzE5ZTA3ZjYwOWI2ZGFkNzE5NWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM5nCak+LJ3lcNu3gHewH+kC3DTG
8r14/NAvY648s4maQA9tBp3RiLQLBCgDfks5He2xL4QRASJLqL44RvhN22psNLQK
zBUVl5CgqWJumbfLW0Fu+4IsAzvlc015PWOOJxKJUWqvlOkkiuhBHhGxeg/useo2
kgtyOCzcC95my3jZreM1/lAxyX6aEr/dJM268PfokLZbfTNslMuNQlJcvmClBAxb
ygo1rVOWZPINeDXbkZcQ6U6tzvpdEILReubpn48en6/EjG76kCO+ptDXPiv3lgQ/
mOLq1W4lwNbXPlsQ49+23PVuztI1q0m0Yi77/n1C0KwHHGoiMilZ4HXsHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFODLefF6uKmLpTMZ4H9gm22tcZXtMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvNE10NThYcTRxWXVsTXhuZ2YyQ2JiYTF4bGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVrMAwQC
LYHcMA0GCSqGSIb3DQEBCwUAA4IBAQAVy2PhtOLet/aEXDDaXK95ZCjiu9/u4dsG
ZsIRN/fFB9x74NpsMwomfl9V38NpWY24HOpkapFre54xHjZmxP6XSpb2XI3T5RJS
5EyuNtBgCfnK/d0GOb+VU3EqTCroJPOaNTVASmA1RqhUsuyrFWelgGnhJP1jn+f7
Qy5c4Qwa4Y85kgMrMJ/nFKRnwqT20mV+k/V5aXM9ad+CD/GCxuI7Pojq8U7sY6zm
HLqMyzn+jAjfLr47fkVhrwglmDIQHYTpaC4/lWjDQEg4cdAfnvRiPhbop/U5SKng
GQMLh6gZGg5O4nymRrWyLzbAFCAAQGY4WSVjmrprvzK57UA0QGFp
-----END CERTIFICATE-----