Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/28db82-bd8c-4e00-912a-e09801171b92/1/xH9WXrv5klrIgcHG6UV9C-4QruQ.roa
File:                     xH9WXrv5klrIgcHG6UV9C-4QruQ.roa (raw, json)
Hash identifier:          AnMt3wdwBhXL/s/JcVdxMgQV04W8rD/3kQT/yenWJic=
Subject key identifier:   C4:7F:56:5E:BB:F9:92:5A:C8:81:C1:C6:E9:45:7D:0B:EE:10:AE:E4
Certificate issuer:       /CN=0046801e45ca1eed3f78d99277d0193f576665c7
Certificate serial:       018CC3B6980023FD335B225B7BC942B52E58
Authority key identifier: 00:46:80:1E:45:CA:1E:ED:3F:78:D9:92:77:D0:19:3F:57:66:65:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AEaAHkXKHu0_eNmSd9AZP1dmZcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/28db82-bd8c-4e00-912a-e09801171b92/1/xH9WXrv5klrIgcHG6UV9C-4QruQ.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42189
IP address blocks:        45.82.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/28db82-bd8c-4e00-912a-e09801171b92/1/AEaAHkXKHu0_eNmSd9AZP1dmZcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/28db82-bd8c-4e00-912a-e09801171b92/1/AEaAHkXKHu0_eNmSd9AZP1dmZcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AEaAHkXKHu0_eNmSd9AZP1dmZcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:98:00:23:fd:33:5b:22:5b:7b:c9:42:b5:2e:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0046801e45ca1eed3f78d99277d0193f576665c7
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c47f565ebbf9925ac881c1c6e9457d0bee10aee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:91:de:c2:18:80:14:42:99:fb:8f:3e:5a:b6:
                    b7:de:72:80:b8:a0:c2:e5:e2:5b:a2:7c:5d:a7:4b:
                    12:b9:7e:52:39:56:b0:40:a0:c0:5d:21:74:17:e2:
                    a9:a2:0d:49:ec:30:f5:1f:6e:26:5d:30:f8:64:b8:
                    69:c2:46:9d:c7:9b:77:04:76:1a:37:0f:cf:80:be:
                    b9:f0:85:cf:32:a8:ea:1c:df:45:cf:ea:1a:e8:66:
                    11:8e:13:78:d9:f4:c2:3e:55:29:2c:e6:05:fb:c5:
                    ff:93:80:33:98:62:9a:af:dc:0f:ce:c7:0d:ce:c2:
                    49:0c:18:e1:bc:95:74:d3:9e:cb:bc:27:87:54:9c:
                    ad:69:b3:1d:80:24:ae:ec:73:1a:dc:e8:a5:ae:65:
                    ce:09:21:6b:23:6d:80:7d:7c:35:0b:ca:74:1d:f7:
                    ef:42:ff:de:9b:04:54:74:cf:78:26:4c:82:7c:ba:
                    47:0a:3a:b6:9b:04:fb:2b:a5:66:ff:15:d1:77:db:
                    01:9f:4d:d6:92:bc:98:77:1a:e8:e5:f4:f8:59:9b:
                    61:d4:d4:cc:6f:3a:ca:c3:4c:3c:3e:49:4d:55:82:
                    b8:7b:53:a8:97:72:97:8b:a2:93:30:38:de:d5:91:
                    1a:cd:c6:b2:be:64:98:02:22:32:ba:ab:a9:92:2e:
                    45:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:7F:56:5E:BB:F9:92:5A:C8:81:C1:C6:E9:45:7D:0B:EE:10:AE:E4
            X509v3 Authority Key Identifier:
                keyid:00:46:80:1E:45:CA:1E:ED:3F:78:D9:92:77:D0:19:3F:57:66:65:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AEaAHkXKHu0_eNmSd9AZP1dmZcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/28db82-bd8c-4e00-912a-e09801171b92/1/xH9WXrv5klrIgcHG6UV9C-4QruQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/28db82-bd8c-4e00-912a-e09801171b92/1/AEaAHkXKHu0_eNmSd9AZP1dmZcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d6:11:c7:d7:3f:e8:b4:34:fa:fd:de:cb:7b:39:86:f3:e8:27:
         cf:e5:14:51:81:be:28:af:78:f0:7c:1c:dc:3b:2a:58:df:ba:
         c7:d5:6b:d4:5a:f6:91:88:f6:55:ab:c6:16:8a:56:b6:4e:99:
         85:f5:37:aa:8e:dd:06:09:d5:f7:5f:e1:60:e6:89:81:ec:7a:
         16:47:6b:6a:aa:ee:e7:8f:2b:d5:f7:88:c3:b6:87:ba:1c:78:
         3f:16:39:f7:a4:a4:a2:45:5b:39:74:6b:de:27:19:64:e3:9a:
         45:fe:59:b6:68:c1:38:6e:77:cb:2f:90:63:a6:4e:76:af:67:
         60:b0:74:26:68:d3:ae:ad:65:76:41:c4:9d:c9:e5:b6:e3:d1:
         af:fb:61:09:fa:33:8a:d8:d1:9f:ed:86:05:b6:df:91:b0:2c:
         b4:9a:fc:75:8a:f2:cd:19:d6:78:13:8b:4f:06:86:4c:f4:ea:
         51:12:6d:47:5e:bb:bc:47:80:2a:0e:3e:e5:12:8f:be:cd:17:
         6d:e8:95:12:5f:d9:2c:7a:db:73:d0:80:18:f6:30:93:44:20:
         4e:3b:ce:4a:f7:98:e2:f3:d5:69:df:2c:0d:a3:c0:44:26:28:
         4b:93:ef:a1:0e:71:09:0f:75:d5:df:55:0b:c4:fa:98:c2:3b:
         a2:09:53:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpgAI/0zWyJbe8lCtS5YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNDY4MDFlNDVjYTFlZWQzZjc4ZDk5Mjc3ZDAxOTNmNTc2
NjY1YzcwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDdmNTY1ZWJiZjk5MjVhYzg4MWMxYzZlOTQ1N2QwYmVlMTBhZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZHewhiAFEKZ+48+Wra33nKAuKDC
5eJbonxdp0sSuX5SOVawQKDAXSF0F+Kpog1J7DD1H24mXTD4ZLhpwkadx5t3BHYa
Nw/PgL658IXPMqjqHN9Fz+oa6GYRjhN42fTCPlUpLOYF+8X/k4AzmGKar9wPzscN
zsJJDBjhvJV0057LvCeHVJytabMdgCSu7HMa3OilrmXOCSFrI22AfXw1C8p0Hffv
Qv/emwRUdM94JkyCfLpHCjq2mwT7K6Vm/xXRd9sBn03WkryYdxro5fT4WZth1NTM
bzrKw0w8PklNVYK4e1Ool3KXi6KTMDje1ZEazcayvmSYAiIyuqupki5FMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMR/Vl67+ZJayIHBxulFfQvuEK7kMB8GA1UdIwQY
MBaAFABGgB5Fyh7tP3jZknfQGT9XZmXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUVhQUhrWEtIdTBfZU5tU2Q5QVpQMWRtWmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yOGRiODItYmQ4Yy00ZTAwLTkxMmEt
ZTA5ODAxMTcxYjkyLzEveEg5V1hydjVrbHJJZ2NIRzZVVjlDLTRRcnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yOGRiODItYmQ4Yy00ZTAwLTkxMmEtZTA5ODAxMTcxYjky
LzEvQUVhQUhrWEtIdTBfZU5tU2Q5QVpQMWRtWmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVKcMA0G
CSqGSIb3DQEBCwUAA4IBAQDWEcfXP+i0NPr93st7OYbz6CfP5RRRgb4or3jwfBzc
OypY37rH1WvUWvaRiPZVq8YWila2TpmF9Teqjt0GCdX3X+Fg5omB7HoWR2tqqu7n
jyvV94jDtoe6HHg/Fjn3pKSiRVs5dGveJxlk45pF/lm2aME4bnfLL5Bjpk52r2dg
sHQmaNOurWV2QcSdyeW249Gv+2EJ+jOK2NGf7YYFtt+RsCy0mvx1ivLNGdZ4E4tP
BoZM9OpREm1HXru8R4AqDj7lEo++zRdt6JUSX9ksettz0IAY9jCTRCBOO85K95ji
89Vp3ywNo8BEJihLk++hDnEJD3XV31ULxPqYwjuiCVNG
-----END CERTIFICATE-----