Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/4tGTZ5tuwSIQ6mQwD8VnhpAcnxc.roa
File:                     4tGTZ5tuwSIQ6mQwD8VnhpAcnxc.roa (raw, json)
Hash identifier:          yOwYP4lmLP7pOqm/lGiFz3sfrgITPJVP+o945nDZBRQ=
Subject key identifier:   E2:D1:93:67:9B:6E:C1:22:10:EA:64:30:0F:C5:67:86:90:1C:9F:17
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0193406830D3D4EAC1FDCF38A251341DA584
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/4tGTZ5tuwSIQ6mQwD8VnhpAcnxc.roa
Signing time:             Mon 18 Nov 2024 17:53:10 +0000
ROA not before:           Mon 18 Nov 2024 17:53:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        147.45.113.0/24 maxlen: 24
                          147.45.114.0/24 maxlen: 24
                          193.233.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:40:68:30:d3:d4:ea:c1:fd:cf:38:a2:51:34:1d:a5:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov 18 17:53:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2d193679b6ec12210ea64300fc56786901c9f17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:3c:f7:b3:df:2b:bb:ce:55:cb:dc:d1:da:
                    13:15:f2:d1:ca:38:13:08:62:ad:e3:77:9e:2b:0e:
                    31:f9:33:35:e6:4c:a9:14:73:e1:88:46:18:ba:77:
                    ed:ec:c0:1a:b9:ab:73:e7:87:70:d1:aa:f0:72:47:
                    4f:c7:6e:3d:4f:e9:99:6d:eb:69:b7:e0:4e:48:a6:
                    52:db:59:9e:d1:71:57:31:04:a8:5e:6b:92:1a:84:
                    69:67:da:c9:1f:b3:5b:89:2e:c1:f1:df:ac:83:84:
                    5a:0b:44:4a:02:81:72:83:f5:ca:e6:8b:39:4d:b4:
                    31:b3:3c:ec:ae:10:e2:34:b1:23:5d:d4:51:c5:e5:
                    d0:67:64:d7:f2:f3:6c:d9:37:80:93:e5:91:f8:04:
                    4a:f8:00:17:34:75:1b:31:49:18:65:1d:00:37:d1:
                    cf:1c:db:b9:1c:08:d0:d0:c5:e2:47:48:d5:94:07:
                    d8:17:84:da:04:fc:9c:94:46:b6:af:b0:07:3c:db:
                    45:49:b2:94:fb:2b:d1:48:15:b0:a8:4e:7c:33:42:
                    d4:ba:30:26:01:ec:d0:88:90:59:a4:89:da:ea:b5:
                    ef:41:4d:da:27:5c:7e:e4:48:a5:bb:b1:b6:dc:e9:
                    d3:48:99:2d:bf:5d:4a:0f:b9:f0:95:8f:f6:86:4b:
                    40:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D1:93:67:9B:6E:C1:22:10:EA:64:30:0F:C5:67:86:90:1C:9F:17
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/4tGTZ5tuwSIQ6mQwD8VnhpAcnxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.113.0-147.45.114.255
                  193.233.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:bb:87:28:90:ba:7c:a3:d7:d3:8e:39:c5:17:ce:49:9d:1e:
         ad:d4:94:ec:5b:d1:33:ef:e6:6c:87:d1:a3:6e:7e:25:86:b2:
         7a:d6:fa:2d:f9:2f:c4:ef:8a:9a:63:d4:b7:b2:9e:27:fe:46:
         95:ae:6b:22:89:1b:e7:42:76:26:b7:ff:e0:3a:73:09:47:cf:
         ed:93:12:6a:2e:55:ab:cf:32:03:b0:1f:fb:c0:d0:c8:b3:29:
         55:e0:42:5a:7a:87:53:de:1c:a2:a8:e1:78:a9:be:20:4e:75:
         e6:a6:c0:71:74:6f:4e:4d:d8:b6:94:51:e9:68:35:63:02:64:
         89:9a:6e:be:37:25:dc:55:60:bf:72:08:69:9a:21:df:95:9b:
         1b:8e:b9:5a:d9:8d:c3:86:20:24:b4:41:e6:25:0c:eb:6f:f1:
         34:fb:31:9b:63:3e:a0:b1:0b:e8:9a:5b:29:1d:3a:52:1a:fe:
         7a:26:8b:10:dd:1c:55:e0:5d:69:6d:c9:7c:52:f8:82:9d:62:
         99:42:20:89:ba:44:b8:9b:9f:c2:fc:a6:61:bb:67:be:73:38:
         db:12:bd:2a:f8:bc:07:ae:e3:6f:ca:dd:0a:b4:78:9a:2b:18:
         f6:cb:2c:83:75:fe:29:32:fc:27:19:5a:82:18:a1:d2:7c:41:
         a1:46:13:02
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZNAaDDT1OrB/c84olE0HaWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQxMTE4MTc1MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmQxOTM2NzliNmVjMTIyMTBlYTY0MzAwZmM1Njc4NjkwMWM5ZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fM897PfK7vOVcvc0doTFfLRyjgT
CGKt43eeKw4x+TM15kypFHPhiEYYunft7MAauatz54dw0arwckdPx249T+mZbetp
t+BOSKZS21me0XFXMQSoXmuSGoRpZ9rJH7NbiS7B8d+sg4RaC0RKAoFyg/XK5os5
TbQxszzsrhDiNLEjXdRRxeXQZ2TX8vNs2TeAk+WR+ARK+AAXNHUbMUkYZR0AN9HP
HNu5HAjQ0MXiR0jVlAfYF4TaBPyclEa2r7AHPNtFSbKU+yvRSBWwqE58M0LUujAm
AezQiJBZpIna6rXvQU3aJ1x+5Eilu7G23OnTSJktv11KD7nwlY/2hktAYQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOLRk2ebbsEiEOpkMA/FZ4aQHJ8XMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNHRHVFo1dHV3U0lRNm1Rd0Q4Vm5ocEFjbnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBACTLXED
BACTLXIDBADB6VcwDQYJKoZIhvcNAQELBQADggEBAHG7hyiQunyj19OOOcUXzkmd
Hq3UlOxb0TPv5myH0aNufiWGsnrW+i35L8Tvippj1Leynif+RpWuayKJG+dCdia3
/+A6cwlHz+2TEmouVavPMgOwH/vA0MizKVXgQlp6h1PeHKKo4XipviBOdeamwHF0
b05N2LaUUeloNWMCZImabr43JdxVYL9yCGmaId+VmxuOuVrZjcOGICS0QeYlDOtv
8TT7MZtjPqCxC+iaWykdOlIa/nomixDdHFXgXWltyXxS+IKdYplCIIm6RLibn8L8
pmG7Z75zONsSvSr4vAeu42/K3Qq0eJorGPbLLIN1/iky/CcZWoIYodJ8QaFGEwI=
-----END CERTIFICATE-----