Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/1A-ARGD0GHA3rNEJNDCzqlS9WOY.roa
File:                     1A-ARGD0GHA3rNEJNDCzqlS9WOY.roa (raw, json)
Hash identifier:          eEZtq1y87oY2ndVfZ2eBQPDbew4vt9frgJd/eVp2/wI=
Subject key identifier:   D4:0F:80:44:60:F4:18:70:37:AC:D1:09:34:30:B3:AA:54:BD:58:E6
Certificate issuer:       /CN=c43e5a2cf6d28015dbcaa2850d2013b365e4c931
Certificate serial:       01909DDF49482C2223A0DE8CC340C1EA71B6
Authority key identifier: C4:3E:5A:2C:F6:D2:80:15:DB:CA:A2:85:0D:20:13:B3:65:E4:C9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xD5aLPbSgBXbyqKFDSATs2XkyTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/1A-ARGD0GHA3rNEJNDCzqlS9WOY.roa
Signing time:             Wed 10 Jul 2024 18:19:34 +0000
ROA not before:           Wed 10 Jul 2024 18:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        45.88.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/xD5aLPbSgBXbyqKFDSATs2XkyTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/xD5aLPbSgBXbyqKFDSATs2XkyTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xD5aLPbSgBXbyqKFDSATs2XkyTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9d:df:49:48:2c:22:23:a0:de:8c:c3:40:c1:ea:71:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c43e5a2cf6d28015dbcaa2850d2013b365e4c931
        Validity
            Not Before: Jul 10 18:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d40f804460f4187037acd1093430b3aa54bd58e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:04:be:4f:00:33:b3:3d:2b:3b:32:71:27:5b:
                    be:96:37:5e:74:8e:d5:56:4a:27:07:68:35:74:91:
                    47:42:e3:99:3d:d0:11:a8:76:20:a2:73:0e:de:4b:
                    92:43:8b:13:da:7d:81:86:85:46:90:9d:d5:99:12:
                    b4:20:fc:9d:8b:73:95:d7:06:c8:dd:c2:0a:0e:ab:
                    cb:db:01:2f:90:52:54:a5:cb:8d:6c:a3:e5:9a:4f:
                    73:26:e6:b0:4b:db:57:91:43:d9:1f:da:ef:31:ad:
                    1a:93:bf:a5:61:97:12:3e:d8:bc:67:78:58:1c:80:
                    3e:d7:4f:34:37:d5:46:64:34:86:20:0e:fc:7c:df:
                    0f:0b:c8:96:2e:23:e0:b8:d1:00:3e:c1:c1:4d:21:
                    59:08:14:50:82:98:e2:86:94:9b:51:52:12:75:30:
                    e7:31:e5:a1:ad:3f:f7:4f:71:13:53:ab:aa:2a:a1:
                    f7:12:c3:f4:6f:5f:e7:c4:ae:74:41:48:5a:32:66:
                    9b:d1:a9:2e:0b:91:7e:9f:fa:77:22:28:f6:a0:4c:
                    a7:d4:ad:97:8c:0b:b3:e7:ff:b4:a3:d3:91:02:be:
                    12:5f:f1:34:c3:5f:9b:d3:d5:70:80:a7:c8:ad:0c:
                    35:8f:39:44:c8:cc:f6:75:23:4f:54:a9:e9:07:2d:
                    19:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:0F:80:44:60:F4:18:70:37:AC:D1:09:34:30:B3:AA:54:BD:58:E6
            X509v3 Authority Key Identifier:
                keyid:C4:3E:5A:2C:F6:D2:80:15:DB:CA:A2:85:0D:20:13:B3:65:E4:C9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xD5aLPbSgBXbyqKFDSATs2XkyTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/1A-ARGD0GHA3rNEJNDCzqlS9WOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/xD5aLPbSgBXbyqKFDSATs2XkyTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:0d:e5:ee:7d:36:22:bf:94:81:4f:3e:b3:c0:60:f4:5f:d9:
         ba:3a:45:36:66:ea:d9:03:1e:b0:6a:fa:97:52:7e:9a:c5:f8:
         c1:f2:11:84:6c:4c:96:28:fa:7e:65:2e:a8:a8:91:76:b0:06:
         5f:a5:6d:11:44:df:a0:fd:2b:60:2c:3e:49:b2:ca:9f:37:a4:
         fc:6b:98:0b:ec:b3:34:39:8f:b0:5e:6f:d8:30:c3:ae:7e:a1:
         54:66:ac:3b:9d:0a:45:0a:fe:5c:ee:9c:d5:4f:01:f4:0d:c0:
         70:86:b7:cf:73:87:01:07:d3:7a:7e:dd:6e:6e:b7:f0:9c:65:
         fa:b6:dc:7d:05:7b:12:1f:a1:85:94:ab:2f:b0:00:2a:f3:39:
         18:18:b9:cb:8b:59:b7:4d:80:1c:df:55:7c:3a:7f:4d:1d:5b:
         1a:f2:ff:d9:2a:76:e3:54:72:c7:bc:d7:36:0d:fd:39:d7:87:
         d9:3f:40:88:26:9a:c5:92:d4:f6:ee:d4:5c:a4:9d:56:58:7d:
         f6:91:02:d3:b7:12:22:87:dd:d2:62:2a:4a:2d:60:1a:1c:98:
         3c:5a:25:8e:bb:c0:ba:92:2a:1f:ec:49:42:3f:f3:54:5e:33:
         a8:dd:11:9b:f4:cd:63:ba:49:22:d9:ec:f5:7b:ee:01:eb:88:
         e0:26:d0:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCd30lILCIjoN6Mw0DB6nG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0M2U1YTJjZjZkMjgwMTVkYmNhYTI4NTBkMjAxM2IzNjVl
NGM5MzEwHhcNMjQwNzEwMTgxOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDBmODA0NDYwZjQxODcwMzdhY2QxMDkzNDMwYjNhYTU0YmQ1OGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwS+TwAzsz0rOzJxJ1u+ljdedI7V
VkonB2g1dJFHQuOZPdARqHYgonMO3kuSQ4sT2n2BhoVGkJ3VmRK0IPydi3OV1wbI
3cIKDqvL2wEvkFJUpcuNbKPlmk9zJuawS9tXkUPZH9rvMa0ak7+lYZcSPti8Z3hY
HIA+1080N9VGZDSGIA78fN8PC8iWLiPguNEAPsHBTSFZCBRQgpjihpSbUVISdTDn
MeWhrT/3T3ETU6uqKqH3EsP0b1/nxK50QUhaMmab0akuC5F+n/p3Iij2oEyn1K2X
jAuz5/+0o9ORAr4SX/E0w1+b09VwgKfIrQw1jzlEyMz2dSNPVKnpBy0Z/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQPgERg9BhwN6zRCTQws6pUvVjmMB8GA1UdIwQY
MBaAFMQ+Wiz20oAV28qihQ0gE7Nl5MkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEQ1YUxQYlNnQlhieXFLRkRTQVRzMlhreVRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wMmNmMDgtMGRiNS00MjRlLThmNTEt
OGQ2Zjc0ODNlNjMyLzEvMUEtQVJHRDBHSEEzck5FSk5EQ3pxbFM5V09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wMmNmMDgtMGRiNS00MjRlLThmNTEtOGQ2Zjc0ODNlNjMy
LzEveEQ1YUxQYlNnQlhieXFLRkRTQVRzMlhreVRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVjsMA0G
CSqGSIb3DQEBCwUAA4IBAQCADeXufTYiv5SBTz6zwGD0X9m6OkU2ZurZAx6wavqX
Un6axfjB8hGEbEyWKPp+ZS6oqJF2sAZfpW0RRN+g/StgLD5JssqfN6T8a5gL7LM0
OY+wXm/YMMOufqFUZqw7nQpFCv5c7pzVTwH0DcBwhrfPc4cBB9N6ft1ubrfwnGX6
ttx9BXsSH6GFlKsvsAAq8zkYGLnLi1m3TYAc31V8On9NHVsa8v/ZKnbjVHLHvNc2
Df0514fZP0CIJprFktT27tRcpJ1WWH32kQLTtxIih93SYipKLWAaHJg8WiWOu8C6
kiof7ElCP/NUXjOo3RGb9M1jukki2ez1e+4B64jgJtCd
-----END CERTIFICATE-----