Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/TIfh5EdEHvSZvfNjaOtDjywPT8c.roa
File:                     TIfh5EdEHvSZvfNjaOtDjywPT8c.roa (raw, json)
Hash identifier:          Bq/XtDPS53SyJm0CLyZzicozbktyBuuEGEG5nR9Wu1g=
Subject key identifier:   4C:87:E1:E4:47:44:1E:F4:99:BD:F3:63:68:EB:43:8F:2C:0F:4F:C7
Certificate issuer:       /CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
Certificate serial:       018CC3B70013F31B3257EAF48789DA3BA359
Authority key identifier: 8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/TIfh5EdEHvSZvfNjaOtDjywPT8c.roa
Signing time:             Mon 01 Jan 2024 06:29:59 +0000
ROA not before:           Mon 01 Jan 2024 06:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50302
IP address blocks:        45.133.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:00:13:f3:1b:32:57:ea:f4:87:89:da:3b:a3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
        Validity
            Not Before: Jan  1 06:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c87e1e447441ef499bdf36368eb438f2c0f4fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8d:17:ef:69:42:00:ef:08:9b:54:ab:eb:4a:
                    a8:d4:d5:53:eb:83:85:3a:06:29:6e:85:6c:55:bd:
                    38:7f:61:67:7c:84:5f:ab:17:d6:e9:0c:f1:84:00:
                    4d:f7:d8:79:37:d2:0f:c2:9d:29:fb:84:23:ca:f7:
                    48:94:14:99:6d:96:7b:73:3d:23:04:a7:69:c5:c1:
                    cf:40:ff:e4:3b:37:90:78:9f:52:35:25:c0:03:b4:
                    32:0c:6d:af:c1:57:09:c4:8a:eb:4a:34:0e:e4:a1:
                    00:72:c3:2a:58:ed:58:58:89:d8:da:0a:e2:ef:23:
                    00:42:36:09:55:5b:ad:2b:ab:84:09:72:ae:ae:6c:
                    1c:91:1e:5e:d3:b0:75:22:c3:70:d1:cd:e4:3e:db:
                    74:1e:50:99:0a:29:71:88:5b:65:63:cd:59:5e:e3:
                    6b:e4:66:38:b2:c7:85:04:c6:5f:6c:81:a3:a2:b0:
                    8f:ee:74:08:b7:64:f7:59:0c:0b:c0:12:c0:3e:09:
                    93:cc:f9:30:9a:fd:dc:84:6f:99:6f:ac:f1:8f:ca:
                    be:a4:22:a5:a7:38:a2:12:45:83:5c:20:ba:39:9c:
                    9b:00:e3:bc:5f:73:c2:3f:30:2d:25:25:7a:59:3f:
                    ab:fb:db:4d:86:4a:ab:74:b2:10:ad:04:d0:66:69:
                    a9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:87:E1:E4:47:44:1E:F4:99:BD:F3:63:68:EB:43:8F:2C:0F:4F:C7
            X509v3 Authority Key Identifier:
                keyid:8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/TIfh5EdEHvSZvfNjaOtDjywPT8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:11:3f:26:03:cd:68:1e:7d:d6:89:f2:99:9a:96:a2:d5:47:
         86:24:41:e6:6c:41:97:89:41:fc:40:2a:dc:b7:1a:e3:f2:eb:
         99:ba:7a:62:e4:e2:25:61:de:1d:9c:1e:5c:c3:c3:1f:8f:5e:
         d2:37:eb:a1:39:5e:e5:4d:e2:e8:9f:2c:67:dd:50:98:99:e5:
         b2:4c:f1:2c:02:f8:38:b2:78:b4:9a:46:af:bd:2b:ca:57:07:
         8c:d8:9e:d8:a7:3c:1d:ff:ba:a2:56:52:0b:e0:5a:d1:6f:66:
         7a:68:57:72:46:30:3b:fc:25:e8:96:b0:3c:2a:b4:0c:8b:14:
         ee:8a:a7:6c:2c:ba:5f:6f:e3:09:a3:7f:10:6b:26:f9:e3:9a:
         be:29:d9:83:5b:6d:8f:60:47:34:33:39:64:fc:0f:85:a9:f9:
         43:26:57:f8:79:fc:17:16:78:b1:64:41:c2:12:77:77:5c:58:
         d8:8e:0e:a5:98:3a:4a:f5:16:3a:e7:e8:0e:60:0d:45:4c:4a:
         e6:c6:ab:83:a7:d6:6e:3c:ca:d0:1a:43:32:f6:ff:d2:33:4e:
         56:e2:cb:1b:61:40:c3:df:e7:d4:72:26:0f:cd:58:c6:16:2d:
         66:29:14:74:fb:02:fb:a8:e1:75:9b:39:ae:0c:fd:65:db:51:
         00:11:2f:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwAT8xsyV+r0h4naO6NZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMWNlMWQxMzViZjJjZjhlOGMxM2YzM2VjMTFjODUyMzcw
M2RjNzUwHhcNMjQwMTAxMDYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzg3ZTFlNDQ3NDQxZWY0OTliZGYzNjM2OGViNDM4ZjJjMGY0ZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh40X72lCAO8Im1Sr60qo1NVT64OF
OgYpboVsVb04f2FnfIRfqxfW6QzxhABN99h5N9IPwp0p+4QjyvdIlBSZbZZ7cz0j
BKdpxcHPQP/kOzeQeJ9SNSXAA7QyDG2vwVcJxIrrSjQO5KEAcsMqWO1YWInY2gri
7yMAQjYJVVutK6uECXKurmwckR5e07B1IsNw0c3kPtt0HlCZCilxiFtlY81ZXuNr
5GY4sseFBMZfbIGjorCP7nQIt2T3WQwLwBLAPgmTzPkwmv3chG+Zb6zxj8q+pCKl
pziiEkWDXCC6OZybAOO8X3PCPzAtJSV6WT+r+9tNhkqrdLIQrQTQZmmpYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyH4eRHRB70mb3zY2jrQ48sD0/HMB8GA1UdIwQY
MBaAFIoc4dE1vyz46ME/M+wRyFI3A9x1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDIt
ZGVlMjkyZWE4N2EzLzEvVElmaDVFZEVIdlNadmZOamFPdERqeXdQVDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDItZGVlMjkyZWE4N2Ez
LzEvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYVcMA0G
CSqGSIb3DQEBCwUAA4IBAQARET8mA81oHn3WifKZmpai1UeGJEHmbEGXiUH8QCrc
txrj8uuZunpi5OIlYd4dnB5cw8Mfj17SN+uhOV7lTeLonyxn3VCYmeWyTPEsAvg4
sni0mkavvSvKVweM2J7Ypzwd/7qiVlIL4FrRb2Z6aFdyRjA7/CXolrA8KrQMixTu
iqdsLLpfb+MJo38Qayb545q+KdmDW22PYEc0Mzlk/A+FqflDJlf4efwXFnixZEHC
End3XFjYjg6lmDpK9RY65+gOYA1FTErmxquDp9ZuPMrQGkMy9v/SM05W4ssbYUDD
3+fUciYPzVjGFi1mKRR0+wL7qOF1mzmuDP1l21EAES/j
-----END CERTIFICATE-----