Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/WRh38AkMJIGDySQopMYLvPj_XD0.roa
File:                     WRh38AkMJIGDySQopMYLvPj_XD0.roa (raw, json)
Hash identifier:          3id/e54UwEhn75z0PmFa6FZIqYyfiBconcbXQOPCh5k=
Subject key identifier:   59:18:77:F0:09:0C:24:81:83:C9:24:28:A4:C6:0B:BC:F8:FF:5C:3D
Certificate issuer:       /CN=530841e82aa46d9959fc7811b25795c56cd50608
Certificate serial:       018CC50088D93CE88DDA251F10EEA4B64320
Authority key identifier: 53:08:41:E8:2A:A4:6D:99:59:FC:78:11:B2:57:95:C5:6C:D5:06:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UwhB6CqkbZlZ_HgRsleVxWzVBgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/WRh38AkMJIGDySQopMYLvPj_XD0.roa
Signing time:             Mon 01 Jan 2024 12:29:55 +0000
ROA not before:           Mon 01 Jan 2024 12:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59780
IP address blocks:        45.12.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/UwhB6CqkbZlZ_HgRsleVxWzVBgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/UwhB6CqkbZlZ_HgRsleVxWzVBgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UwhB6CqkbZlZ_HgRsleVxWzVBgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:88:d9:3c:e8:8d:da:25:1f:10:ee:a4:b6:43:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=530841e82aa46d9959fc7811b25795c56cd50608
        Validity
            Not Before: Jan  1 12:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=591877f0090c248183c92428a4c60bbcf8ff5c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bf:af:09:eb:a7:47:9b:cf:a6:a1:69:25:8f:
                    bf:ea:a0:c6:54:2a:98:a3:0a:6f:1f:7e:08:85:ed:
                    d4:cd:14:0f:7e:41:ae:3d:bf:26:70:fe:1e:a9:44:
                    7f:54:a0:fb:30:50:14:a3:22:ce:c4:33:ad:c9:17:
                    dd:4c:04:b1:e4:7d:f9:44:c2:1d:0b:3a:44:03:ef:
                    ac:ae:4d:29:12:e0:da:f1:42:bc:b1:0c:25:79:a5:
                    9c:95:f9:ec:68:16:1a:b5:65:aa:16:0b:e5:c9:67:
                    0c:87:72:04:a0:04:4f:57:8a:6a:79:5a:5b:8a:88:
                    84:58:ac:bf:9a:0e:7a:d0:23:31:4d:1c:18:54:89:
                    b9:3b:c9:ae:c7:5a:f1:38:b0:53:71:af:1e:b0:c2:
                    85:2d:b6:89:7d:05:a7:28:57:98:57:3f:3f:ec:be:
                    8e:0e:94:04:cb:01:47:6e:bc:0c:82:41:5f:b4:73:
                    7e:b7:ec:e3:84:f8:70:d6:bb:d4:68:0a:56:5d:22:
                    16:a1:bc:4b:ed:85:e6:4e:21:d2:93:85:ca:22:88:
                    39:82:96:b1:da:bc:d6:a0:12:9b:cb:9e:1a:b2:ee:
                    bc:b9:e6:da:e4:45:e4:92:27:1a:ba:01:98:c6:90:
                    18:c6:d6:9b:3b:ee:d6:8c:6a:47:ec:39:c7:3c:f6:
                    a0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:18:77:F0:09:0C:24:81:83:C9:24:28:A4:C6:0B:BC:F8:FF:5C:3D
            X509v3 Authority Key Identifier:
                keyid:53:08:41:E8:2A:A4:6D:99:59:FC:78:11:B2:57:95:C5:6C:D5:06:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UwhB6CqkbZlZ_HgRsleVxWzVBgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/WRh38AkMJIGDySQopMYLvPj_XD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/UwhB6CqkbZlZ_HgRsleVxWzVBgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:c7:6d:dc:76:ba:f2:81:52:42:01:1d:1d:e2:ff:30:19:a4:
         da:28:58:44:1e:e8:ca:91:f3:e6:9a:d0:3c:01:e2:02:ce:56:
         32:e8:05:75:04:12:1d:d1:1e:ed:ca:ff:f2:63:5e:7c:a0:82:
         68:cc:15:35:51:4e:b8:5b:13:b1:4d:c6:c0:d9:34:12:54:ed:
         7a:56:ef:b1:35:71:12:a2:57:41:6d:49:df:47:18:0a:36:ce:
         e7:63:66:f4:cd:ac:17:5d:26:1c:e2:d0:fc:a8:71:62:3b:29:
         98:61:e0:50:54:ee:79:0e:64:ed:9f:36:79:71:df:f0:7e:c5:
         c3:a1:50:44:b2:d4:e1:52:e7:75:88:bd:01:eb:69:84:90:2a:
         ef:2a:ca:d5:64:c0:5e:7e:df:54:6f:b7:ed:a0:28:40:1f:12:
         de:8b:e4:51:6e:c2:ee:e2:bd:f2:78:d3:ab:88:33:8b:42:a7:
         9a:06:9e:21:32:dc:67:1b:d5:ff:fe:11:41:49:b0:2a:40:e3:
         ed:ae:d1:b3:5c:2d:54:3e:6a:72:dc:26:2e:cc:30:e1:4b:35:
         4a:81:83:f4:e2:0c:03:25:6f:c8:cb:19:2f:1b:0a:a8:0a:3f:
         c4:87:90:a8:ae:2a:fe:5c:79:ed:75:80:62:be:1f:df:09:77:
         f3:3a:a1:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAIjZPOiN2iUfEO6ktkMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMDg0MWU4MmFhNDZkOTk1OWZjNzgxMWIyNTc5NWM1NmNk
NTA2MDgwHhcNMjQwMTAxMTIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTE4NzdmMDA5MGMyNDgxODNjOTI0MjhhNGM2MGJiY2Y4ZmY1YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL+vCeunR5vPpqFpJY+/6qDGVCqY
owpvH34Ihe3UzRQPfkGuPb8mcP4eqUR/VKD7MFAUoyLOxDOtyRfdTASx5H35RMId
CzpEA++srk0pEuDa8UK8sQwleaWclfnsaBYatWWqFgvlyWcMh3IEoARPV4pqeVpb
ioiEWKy/mg560CMxTRwYVIm5O8mux1rxOLBTca8esMKFLbaJfQWnKFeYVz8/7L6O
DpQEywFHbrwMgkFftHN+t+zjhPhw1rvUaApWXSIWobxL7YXmTiHSk4XKIog5gpax
2rzWoBKby54asu68ueba5EXkkicaugGYxpAYxtabO+7WjGpH7DnHPPagDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkYd/AJDCSBg8kkKKTGC7z4/1w9MB8GA1UdIwQY
MBaAFFMIQegqpG2ZWfx4EbJXlcVs1QYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXdoQjZDcWtiWmxaX0hnUnNsZVZ4V3pWQmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9hZmI3ZjItNTVkMi00OWU1LTg2NTkt
NGE4MmNkZDRiMWEwLzEvV1JoMzhBa01KSUdEeVNRb3BNWUx2UGpfWEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9hZmI3ZjItNTVkMi00OWU1LTg2NTktNGE4MmNkZDRiMWEw
LzEvVXdoQjZDcWtiWmxaX0hnUnNsZVZ4V3pWQmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQx0MA0G
CSqGSIb3DQEBCwUAA4IBAQBHx23cdrrygVJCAR0d4v8wGaTaKFhEHujKkfPmmtA8
AeICzlYy6AV1BBId0R7tyv/yY158oIJozBU1UU64WxOxTcbA2TQSVO16Vu+xNXES
oldBbUnfRxgKNs7nY2b0zawXXSYc4tD8qHFiOymYYeBQVO55DmTtnzZ5cd/wfsXD
oVBEstThUud1iL0B62mEkCrvKsrVZMBeft9Ub7ftoChAHxLei+RRbsLu4r3yeNOr
iDOLQqeaBp4hMtxnG9X//hFBSbAqQOPtrtGzXC1UPmpy3CYuzDDhSzVKgYP04gwD
JW/IyxkvGwqoCj/Eh5Corir+XHntdYBivh/fCXfzOqFB
-----END CERTIFICATE-----