Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/4N4Vmd5Lt3tIPh_lY6QrUE-_k88.roa
File:                     4N4Vmd5Lt3tIPh_lY6QrUE-_k88.roa (raw, json)
Hash identifier:          +NAXP/k192GmPSIcIIb/4YdbMvPVxnVIttB+9OiCBEs=
Subject key identifier:   E0:DE:15:99:DE:4B:B7:7B:48:3E:1F:E5:63:A4:2B:50:4F:BF:93:CF
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018F549671B4C4779A32968ED155C7A165BE
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/4N4Vmd5Lt3tIPh_lY6QrUE-_k88.roa
Signing time:             Tue 07 May 2024 19:44:56 +0000
ROA not before:           Tue 07 May 2024 19:44:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214969
IP address blocks:        45.94.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:54:96:71:b4:c4:77:9a:32:96:8e:d1:55:c7:a1:65:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: May  7 19:44:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0de1599de4bb77b483e1fe563a42b504fbf93cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a8:3a:a1:76:b0:12:86:5f:2e:86:4a:79:98:
                    c3:cb:91:4b:1f:7c:8f:aa:f9:73:77:1c:55:d2:26:
                    23:a3:83:5f:61:b8:92:5b:15:3f:15:86:b3:c1:ea:
                    3e:d2:7f:80:e2:eb:37:a2:f0:36:1f:e5:5d:bc:e6:
                    9a:c1:97:c4:b1:b6:72:c1:f2:0a:a9:91:0a:e1:a9:
                    8b:49:fd:ff:00:b3:0a:61:af:3f:28:80:14:e3:ed:
                    fb:9a:b2:13:e4:4b:1b:ee:47:cd:f6:f8:24:a7:9d:
                    54:69:9b:f6:23:94:66:0c:93:f6:4f:14:07:59:2d:
                    82:94:a3:9a:1f:cb:46:64:01:fd:35:7d:ab:ef:bd:
                    f5:3d:a4:ad:73:c7:c0:3b:8f:23:2f:a7:6f:6e:86:
                    9c:8f:6e:29:75:d4:7b:b1:41:f0:9a:24:de:96:bf:
                    64:c2:9e:6f:c9:69:f4:2f:77:e2:b8:35:9a:87:3f:
                    ee:ac:93:c2:6a:11:bf:dc:5b:26:fa:8a:30:f4:70:
                    50:9f:38:76:47:0a:a0:b9:dd:8d:78:89:5f:d7:1c:
                    8f:0a:c8:be:9f:09:ff:4e:09:7e:11:5b:cc:1e:42:
                    85:5f:46:17:b7:1f:94:ba:99:4c:da:3c:c1:8c:6c:
                    ea:19:eb:77:56:eb:95:87:05:d9:45:c5:8e:e7:62:
                    f0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DE:15:99:DE:4B:B7:7B:48:3E:1F:E5:63:A4:2B:50:4F:BF:93:CF
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/4N4Vmd5Lt3tIPh_lY6QrUE-_k88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:e7:74:e0:01:5e:27:f9:fa:21:75:70:05:5c:e3:ff:a8:40:
         10:74:00:11:f9:7b:52:06:1a:d1:de:69:7d:c4:39:ef:aa:7c:
         6f:90:f1:ab:10:2a:b0:38:bd:14:28:57:cf:2d:a9:63:db:11:
         93:20:c4:ca:53:d7:b8:c8:ae:a9:c3:24:6b:47:08:94:d3:b5:
         34:6c:44:ce:38:46:04:d4:02:66:f0:2b:e4:21:ea:36:31:ca:
         9f:c9:a3:4e:63:b5:4c:74:6e:96:43:a9:a4:af:d7:5e:63:36:
         57:85:42:ea:7f:17:a5:30:25:30:d6:1a:e4:0b:f0:84:75:ca:
         2e:5b:73:f1:68:9b:e0:c0:42:e0:f9:9e:cc:10:d6:f0:71:7f:
         32:f0:41:51:11:78:c6:83:62:ad:b0:04:ee:d0:c7:e9:c0:34:
         f0:d8:16:96:79:0b:26:78:a3:98:b5:f9:6f:8b:a9:d0:36:62:
         53:b9:92:0c:ef:cc:12:50:38:7e:00:a1:b4:dd:a0:6c:9a:e0:
         63:74:73:29:67:19:1b:a4:92:ac:b3:a3:46:7e:c5:13:74:5a:
         9b:5f:dd:5c:fe:b4:55:06:05:c0:cf:ed:86:44:fa:23:4c:81:
         d4:b7:da:ff:d6:14:ea:81:ad:56:b6:43:65:62:fc:f0:74:29:
         c6:01:a4:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9UlnG0xHeaMpaO0VXHoWW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwNTA3MTk0NDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGRlMTU5OWRlNGJiNzdiNDgzZTFmZTU2M2E0MmI1MDRmYmY5M2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtag6oXawEoZfLoZKeZjDy5FLH3yP
qvlzdxxV0iYjo4NfYbiSWxU/FYazweo+0n+A4us3ovA2H+VdvOaawZfEsbZywfIK
qZEK4amLSf3/ALMKYa8/KIAU4+37mrIT5Esb7kfN9vgkp51UaZv2I5RmDJP2TxQH
WS2ClKOaH8tGZAH9NX2r7731PaStc8fAO48jL6dvboacj24pddR7sUHwmiTelr9k
wp5vyWn0L3fiuDWahz/urJPCahG/3Fsm+oow9HBQnzh2Rwqgud2NeIlf1xyPCsi+
nwn/Tgl+EVvMHkKFX0YXtx+UuplM2jzBjGzqGet3VuuVhwXZRcWO52LwNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODeFZneS7d7SD4f5WOkK1BPv5PPMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvNE40Vm1kNUx0M3RJUGhfbFk2UXJVRS1fazg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV42MA0G
CSqGSIb3DQEBCwUAA4IBAQBM53TgAV4n+fohdXAFXOP/qEAQdAAR+XtSBhrR3ml9
xDnvqnxvkPGrECqwOL0UKFfPLalj2xGTIMTKU9e4yK6pwyRrRwiU07U0bETOOEYE
1AJm8CvkIeo2McqfyaNOY7VMdG6WQ6mkr9deYzZXhULqfxelMCUw1hrkC/CEdcou
W3PxaJvgwELg+Z7MENbwcX8y8EFREXjGg2KtsATu0MfpwDTw2BaWeQsmeKOYtflv
i6nQNmJTuZIM78wSUDh+AKG03aBsmuBjdHMpZxkbpJKss6NGfsUTdFqbX91c/rRV
BgXAz+2GRPojTIHUt9r/1hTqga1WtkNlYvzwdCnGAaTE
-----END CERTIFICATE-----