Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gnrfaQ-gSASXJ5d_f1sOxBaOzW8.roa
File:                     gnrfaQ-gSASXJ5d_f1sOxBaOzW8.roa (raw, json)
Hash identifier:          /LUsqZl4SPXYOY8oo4xoJ03hnVxeC7M83kfenlwohkk=
Subject key identifier:   82:7A:DF:69:0F:A0:48:04:97:27:97:7F:7F:5B:0E:C4:16:8E:CD:6F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018EE607FD515FD868EB6A4320C359B79FDA
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gnrfaQ-gSASXJ5d_f1sOxBaOzW8.roa
Signing time:             Tue 16 Apr 2024 08:31:07 +0000
ROA not before:           Tue 16 Apr 2024 08:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        45.92.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:07:fd:51:5f:d8:68:eb:6a:43:20:c3:59:b7:9f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 16 08:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=827adf690fa048049727977f7f5b0ec4168ecd6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:34:aa:f6:d6:ea:79:55:c1:c1:69:4a:81:0e:
                    a2:01:19:06:cb:46:f6:0a:0b:a3:b1:0f:18:8e:4a:
                    4f:d9:15:34:f2:1f:36:43:7e:15:84:79:3a:96:81:
                    ef:fb:5d:3c:f3:14:e0:33:60:c6:de:5a:46:d3:d7:
                    c7:63:90:dd:f5:f2:16:b3:21:31:37:7d:ba:e5:de:
                    0a:b6:14:61:1b:e9:38:4e:9c:24:c8:87:9f:f0:cd:
                    07:1f:88:b0:92:55:cf:f0:0b:91:99:d0:d6:ad:0f:
                    f0:6c:58:b6:4c:ef:ae:27:ba:d7:b9:fd:48:53:80:
                    66:d8:81:9d:4e:a3:c7:f0:df:d5:2a:7f:f8:30:5b:
                    1f:45:3c:30:7a:68:3e:c2:ad:f1:4c:aa:13:a4:5b:
                    f0:97:b9:ba:e8:c4:84:a8:cc:28:25:ee:5f:7a:5a:
                    74:d6:0e:c8:b0:54:75:ab:83:d8:de:1a:d4:cb:7b:
                    b1:98:cd:78:7c:9e:81:54:f0:a6:79:c1:2d:bf:6c:
                    ed:bd:32:43:da:cd:5c:08:23:26:e5:d7:a3:fc:3a:
                    ae:58:83:d9:ab:aa:bc:66:1f:5b:1d:04:0e:46:64:
                    dc:76:c0:7b:7e:4b:5d:bc:bf:17:ed:ba:71:0b:0c:
                    e6:f2:66:04:41:de:8d:a0:4e:d0:45:4c:7b:a2:c5:
                    85:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7A:DF:69:0F:A0:48:04:97:27:97:7F:7F:5B:0E:C4:16:8E:CD:6F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gnrfaQ-gSASXJ5d_f1sOxBaOzW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:42:4f:d1:ed:35:89:13:c8:2a:86:ba:8e:c2:82:3e:ce:d9:
         3c:cc:5b:70:d6:65:4e:1c:2e:ab:bc:0f:5c:8a:6c:6c:da:8a:
         12:e0:d0:1c:2d:26:a7:d2:ae:98:cf:f2:21:fb:d0:6f:e8:33:
         57:52:61:aa:97:3b:57:a2:6e:ff:10:53:cc:17:91:fc:6e:2d:
         df:ef:12:53:3d:e0:f8:6b:fb:cc:a0:b2:03:27:32:03:2d:e7:
         a8:c9:88:74:da:84:c3:0d:43:e5:39:93:36:c6:e6:15:88:0d:
         33:b9:05:e6:1a:cc:5f:4b:9b:09:6d:13:4a:ff:e8:f5:da:c5:
         b9:2f:1d:7a:ff:87:a5:c9:14:4a:85:30:b2:5e:4c:68:8a:20:
         32:1b:da:5a:2b:47:7a:bd:09:44:76:d6:e1:c1:71:6e:d0:3d:
         3c:d2:a5:9f:0c:91:92:f2:e0:ad:ea:0d:98:57:5d:bd:94:ce:
         4a:f1:dd:24:9c:9f:e1:b0:bd:49:0e:03:10:fc:33:cc:72:0e:
         83:bf:be:24:27:61:0a:2e:ec:67:ab:36:e9:1c:38:32:b1:cc:
         64:60:88:5e:01:e6:65:d6:8b:df:1f:6f:b3:3f:c0:1a:98:95:
         3f:f3:0d:75:55:6e:77:9c:2a:f9:49:e4:c5:4d:88:95:93:67:
         2b:d4:4b:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mB/1RX9ho62pDIMNZt5/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDE2MDgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdhZGY2OTBmYTA0ODA0OTcyNzk3N2Y3ZjViMGVjNDE2OGVjZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TSq9tbqeVXBwWlKgQ6iARkGy0b2
CgujsQ8YjkpP2RU08h82Q34VhHk6loHv+1088xTgM2DG3lpG09fHY5Dd9fIWsyEx
N3265d4KthRhG+k4TpwkyIef8M0HH4iwklXP8AuRmdDWrQ/wbFi2TO+uJ7rXuf1I
U4Bm2IGdTqPH8N/VKn/4MFsfRTwwemg+wq3xTKoTpFvwl7m66MSEqMwoJe5felp0
1g7IsFR1q4PY3hrUy3uxmM14fJ6BVPCmecEtv2ztvTJD2s1cCCMm5dej/DquWIPZ
q6q8Zh9bHQQORmTcdsB7fktdvL8X7bpxCwzm8mYEQd6NoE7QRUx7osWFTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJ632kPoEgElyeXf39bDsQWjs1vMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZ25yZmFRLWdTQVNYSjVkX2Yxc094QmFPelc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVxNMA0G
CSqGSIb3DQEBCwUAA4IBAQBuQk/R7TWJE8gqhrqOwoI+ztk8zFtw1mVOHC6rvA9c
imxs2ooS4NAcLSan0q6Yz/Ih+9Bv6DNXUmGqlztXom7/EFPMF5H8bi3f7xJTPeD4
a/vMoLIDJzIDLeeoyYh02oTDDUPlOZM2xuYViA0zuQXmGsxfS5sJbRNK/+j12sW5
Lx16/4elyRRKhTCyXkxoiiAyG9paK0d6vQlEdtbhwXFu0D080qWfDJGS8uCt6g2Y
V129lM5K8d0knJ/hsL1JDgMQ/DPMcg6Dv74kJ2EKLuxnqzbpHDgyscxkYIheAeZl
1ovfH2+zP8AamJU/8w11VW53nCr5SeTFTYiVk2cr1Et4
-----END CERTIFICATE-----