Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/4e09IfPxGiD8OaD0Bi-JimO9Vmw.roa
File:                     4e09IfPxGiD8OaD0Bi-JimO9Vmw.roa (raw, json)
Hash identifier:          nhWtqAbfTzL5ITb4Kq2rOcpzeklXuQ+lOoBZPRUbNxw=
Subject key identifier:   E1:ED:3D:21:F3:F1:1A:20:FC:39:A0:F4:06:2F:89:8A:63:BD:56:6C
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018CC8DE1C93983028DA0785B2EDDEC0496B
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/4e09IfPxGiD8OaD0Bi-JimO9Vmw.roa
Signing time:             Tue 02 Jan 2024 06:30:48 +0000
ROA not before:           Tue 02 Jan 2024 06:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        45.150.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:1c:93:98:30:28:da:07:85:b2:ed:de:c0:49:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  2 06:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1ed3d21f3f11a20fc39a0f4062f898a63bd566c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cf:9d:44:24:4a:1d:78:3c:d1:3f:ce:4b:4b:
                    49:15:5b:5d:66:1d:5b:f1:f9:f1:c1:42:14:f0:16:
                    ce:b5:54:26:56:87:1a:64:43:4f:2f:5e:16:36:f2:
                    b9:33:3e:38:4f:f9:4d:13:aa:3e:20:bf:31:d3:66:
                    60:45:59:2f:d0:e5:ff:48:ab:60:ce:51:00:d4:d9:
                    20:b5:15:dc:ef:4e:84:eb:61:9a:c1:ee:9d:f4:d4:
                    af:3f:da:4c:6c:fe:60:5c:f8:79:87:25:5c:1e:11:
                    2c:26:d4:36:2c:8c:7b:89:71:22:bb:bc:97:b6:67:
                    8b:83:92:10:74:cd:e1:9b:53:b3:84:7b:d6:a3:b3:
                    5a:57:e5:48:ea:3c:31:4b:0e:94:cc:fe:87:91:93:
                    78:af:6f:40:f1:5b:d1:f2:7a:8d:97:ea:94:f1:46:
                    20:52:4b:e5:f3:a4:66:42:86:98:77:08:92:b0:5a:
                    5d:23:f2:5a:82:d1:8e:e7:b5:84:9a:4d:b5:56:c2:
                    b0:be:03:dd:ec:6c:7d:76:dd:c1:72:56:f0:f3:f3:
                    91:ca:4d:cb:e6:79:e3:14:0b:7c:99:29:5b:eb:1c:
                    1e:0b:34:00:0e:49:a3:a1:01:3c:0a:fb:01:c2:7c:
                    4c:c0:96:04:96:76:98:3e:44:56:be:e7:89:6b:0b:
                    88:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:ED:3D:21:F3:F1:1A:20:FC:39:A0:F4:06:2F:89:8A:63:BD:56:6C
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/4e09IfPxGiD8OaD0Bi-JimO9Vmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:6f:36:b1:d5:31:8e:a9:a9:2f:8a:f4:d5:fc:47:a9:e1:b0:
         de:0d:55:88:51:18:bc:fb:2d:88:9e:67:60:b7:ce:d8:f5:f0:
         eb:0b:aa:bd:a3:85:77:41:0a:82:94:a8:4f:0a:03:a3:80:af:
         50:24:26:fb:85:bd:22:4d:2e:00:7f:be:de:da:7d:5c:c0:96:
         da:45:44:16:20:89:ef:e9:db:a5:e3:25:c5:05:6e:d7:40:48:
         8f:c1:22:85:84:70:a1:cb:82:86:ed:8d:75:60:cd:fa:01:3e:
         e3:9c:9e:67:f5:58:45:e2:e5:94:ba:be:94:44:fc:97:5e:4a:
         10:e7:43:0f:7a:28:cf:76:cf:5f:05:ec:90:85:6b:83:a4:ac:
         c6:43:81:9d:b4:79:09:aa:16:29:19:62:8c:7c:05:b7:a1:45:
         24:12:ce:25:9d:b6:9d:89:74:e4:50:ad:23:95:60:64:92:d0:
         7d:11:89:1e:bc:6c:20:59:89:a0:e5:cd:f7:e0:1b:3d:e8:81:
         23:8a:d2:a2:4b:91:6a:f3:d8:8f:31:06:9c:17:0a:10:2d:c6:
         3c:0e:37:7a:35:dc:10:4d:60:28:34:2a:95:5c:67:9f:30:05:
         13:1e:8d:df:a6:e7:a3:d0:68:4a:2c:5f:33:d4:64:19:2a:3c:
         f1:5a:da:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hyTmDAo2geFsu3ewElrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwMTAyMDYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWVkM2QyMWYzZjExYTIwZmMzOWEwZjQwNjJmODk4YTYzYmQ1NjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc+dRCRKHXg80T/OS0tJFVtdZh1b
8fnxwUIU8BbOtVQmVocaZENPL14WNvK5Mz44T/lNE6o+IL8x02ZgRVkv0OX/SKtg
zlEA1NkgtRXc706E62Gawe6d9NSvP9pMbP5gXPh5hyVcHhEsJtQ2LIx7iXEiu7yX
tmeLg5IQdM3hm1OzhHvWo7NaV+VI6jwxSw6UzP6HkZN4r29A8VvR8nqNl+qU8UYg
Ukvl86RmQoaYdwiSsFpdI/JagtGO57WEmk21VsKwvgPd7Gx9dt3Bclbw8/ORyk3L
5nnjFAt8mSlb6xweCzQADkmjoQE8CvsBwnxMwJYElnaYPkRWvueJawuIwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHtPSHz8Rog/Dmg9AYviYpjvVZsMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvNGUwOUlmUHhHaUQ4T2FEMEJpLUppbU85Vm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZatMA0G
CSqGSIb3DQEBCwUAA4IBAQBVbzax1TGOqakvivTV/Eep4bDeDVWIURi8+y2Inmdg
t87Y9fDrC6q9o4V3QQqClKhPCgOjgK9QJCb7hb0iTS4Af77e2n1cwJbaRUQWIInv
6dul4yXFBW7XQEiPwSKFhHChy4KG7Y11YM36AT7jnJ5n9VhF4uWUur6URPyXXkoQ
50MPeijPds9fBeyQhWuDpKzGQ4GdtHkJqhYpGWKMfAW3oUUkEs4lnbadiXTkUK0j
lWBkktB9EYkevGwgWYmg5c334Bs96IEjitKiS5Fq89iPMQacFwoQLcY8Djd6NdwQ
TWAoNCqVXGefMAUTHo3fpuej0GhKLF8z1GQZKjzxWtre
-----END CERTIFICATE-----