Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/_E2V2vz2AAs8KhmFZGJjH5lTfXE.roa
File:                     _E2V2vz2AAs8KhmFZGJjH5lTfXE.roa (raw, json)
Hash identifier:          1d20XyUZKGmckyCYD4ACHe3usZoInjqMI+DMTqpGIOM=
Subject key identifier:   FC:4D:95:DA:FC:F6:00:0B:3C:2A:19:85:64:62:63:1F:99:53:7D:71
Certificate issuer:       /CN=47312b28074cb8dfad155178ca254bdb4f5e711a
Certificate serial:       018E32D5B9EB0CF0B08996490FA8B60FD806
Authority key identifier: 47:31:2B:28:07:4C:B8:DF:AD:15:51:78:CA:25:4B:DB:4F:5E:71:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzErKAdMuN-tFVF4yiVL209ecRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/_E2V2vz2AAs8KhmFZGJjH5lTfXE.roa
Signing time:             Tue 12 Mar 2024 13:24:11 +0000
ROA not before:           Tue 12 Mar 2024 13:24:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212128
IP address blocks:        45.153.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/RzErKAdMuN-tFVF4yiVL209ecRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/RzErKAdMuN-tFVF4yiVL209ecRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzErKAdMuN-tFVF4yiVL209ecRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:d5:b9:eb:0c:f0:b0:89:96:49:0f:a8:b6:0f:d8:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47312b28074cb8dfad155178ca254bdb4f5e711a
        Validity
            Not Before: Mar 12 13:24:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc4d95dafcf6000b3c2a19856462631f99537d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2e:24:5e:b9:5b:02:9f:84:af:4b:25:59:bf:
                    f2:c3:e3:68:08:89:fa:66:2d:2b:91:79:86:a8:8b:
                    ca:f6:d8:a5:cb:87:f0:88:0c:ee:84:6b:dc:36:4d:
                    fc:57:c6:82:6a:e2:f9:f0:4c:77:73:36:ad:f9:9f:
                    b7:44:5f:18:43:e4:f5:50:84:9d:92:1f:c8:1a:c1:
                    a0:b4:e6:96:0c:d1:f4:f8:e3:6d:78:47:d4:76:6c:
                    e2:83:3b:77:bc:11:d0:75:7f:01:2c:75:88:9f:58:
                    ca:82:6c:54:59:83:e4:62:5c:66:4e:00:11:3e:a3:
                    00:9a:1d:db:d3:e9:33:65:5a:35:1a:7f:57:5a:ad:
                    a3:58:a4:eb:02:d6:60:06:39:a0:54:08:03:5c:7f:
                    54:f9:80:db:e7:2f:11:19:13:6e:fe:26:ee:28:0b:
                    b1:08:73:e4:a3:05:3c:df:3a:82:8f:a2:83:65:75:
                    2d:ee:e9:83:0c:73:cc:ce:9f:96:90:4c:c2:5b:1a:
                    f8:2c:96:35:f6:f6:99:d7:d9:9b:72:dd:bb:85:88:
                    14:cb:a3:06:8b:9d:b4:98:f4:f3:08:de:02:31:b6:
                    c7:dc:2b:d4:a2:d3:3c:88:0c:76:22:83:3b:62:5f:
                    d1:86:72:73:e0:3b:af:02:95:90:34:ea:0d:55:69:
                    31:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4D:95:DA:FC:F6:00:0B:3C:2A:19:85:64:62:63:1F:99:53:7D:71
            X509v3 Authority Key Identifier:
                keyid:47:31:2B:28:07:4C:B8:DF:AD:15:51:78:CA:25:4B:DB:4F:5E:71:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzErKAdMuN-tFVF4yiVL209ecRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/_E2V2vz2AAs8KhmFZGJjH5lTfXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/RzErKAdMuN-tFVF4yiVL209ecRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:71:78:1e:b8:48:ed:78:6f:d1:71:be:07:d6:23:bd:09:ab:
         ef:58:04:66:cf:31:3f:83:99:39:c2:e6:c6:70:56:e1:eb:5a:
         3d:62:cf:c2:dd:e4:81:20:8f:27:97:dd:26:94:28:3e:7c:05:
         fd:97:59:41:4f:2a:d7:d0:d7:f6:89:20:1c:86:c5:ad:7d:8e:
         09:ed:46:bd:d3:e7:5d:4e:13:1b:f4:37:d3:3b:e5:71:fc:3a:
         a5:9c:96:a4:7e:a4:5b:5d:b4:51:94:73:0e:d1:60:cc:a6:08:
         33:8a:8e:ee:25:0b:bf:44:3a:67:0d:c5:c4:6c:ef:d6:b0:e1:
         a6:3a:dd:1e:81:e1:51:cd:f2:d3:c3:92:56:36:a0:7a:74:c9:
         3a:9f:a5:2f:be:f6:1d:b4:40:aa:31:af:cc:b3:45:1d:1b:03:
         5c:70:42:26:0c:39:ba:32:e3:e0:b0:c2:f1:bb:bb:ce:9a:85:
         72:a1:9f:12:6a:14:8f:54:95:b4:18:11:ca:1b:39:93:eb:88:
         bf:7f:6f:8a:67:70:37:bd:62:4f:bf:24:8f:54:9d:e3:3d:64:
         fd:4e:d2:82:0e:66:91:f6:c1:b3:24:28:ee:26:1c:20:91:40:
         6a:db:ba:15:ff:06:4d:b0:56:1c:74:ba:0a:41:3e:7f:61:df:
         5c:e3:e7:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4y1bnrDPCwiZZJD6i2D9gGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzEyYjI4MDc0Y2I4ZGZhZDE1NTE3OGNhMjU0YmRiNGY1
ZTcxMWEwHhcNMjQwMzEyMTMyNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzRkOTVkYWZjZjYwMDBiM2MyYTE5ODU2NDYyNjMxZjk5NTM3ZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0y4kXrlbAp+Er0slWb/yw+NoCIn6
Zi0rkXmGqIvK9tily4fwiAzuhGvcNk38V8aCauL58Ex3czat+Z+3RF8YQ+T1UISd
kh/IGsGgtOaWDNH0+ONteEfUdmzigzt3vBHQdX8BLHWIn1jKgmxUWYPkYlxmTgAR
PqMAmh3b0+kzZVo1Gn9XWq2jWKTrAtZgBjmgVAgDXH9U+YDb5y8RGRNu/ibuKAux
CHPkowU83zqCj6KDZXUt7umDDHPMzp+WkEzCWxr4LJY19vaZ19mbct27hYgUy6MG
i520mPTzCN4CMbbH3CvUotM8iAx2IoM7Yl/RhnJz4DuvApWQNOoNVWkx5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxNldr89gALPCoZhWRiYx+ZU31xMB8GA1UdIwQY
MBaAFEcxKygHTLjfrRVReMolS9tPXnEaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpFcktBZE11Ti10RlZGNHlpVkwyMDllY1JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84MjdkY2QtNTY5NS00MWU2LWJiZmIt
ODhlMTVmYjE5Zjc0LzEvX0UyVjJ2ejJBQXM4S2htRlpHSmpINWxUZlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84MjdkY2QtNTY5NS00MWU2LWJiZmItODhlMTVmYjE5Zjc0
LzEvUnpFcktBZE11Ti10RlZGNHlpVkwyMDllY1JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZm8MA0G
CSqGSIb3DQEBCwUAA4IBAQBkcXgeuEjteG/Rcb4H1iO9CavvWARmzzE/g5k5wubG
cFbh61o9Ys/C3eSBII8nl90mlCg+fAX9l1lBTyrX0Nf2iSAchsWtfY4J7Ua90+dd
ThMb9DfTO+Vx/DqlnJakfqRbXbRRlHMO0WDMpggzio7uJQu/RDpnDcXEbO/WsOGm
Ot0egeFRzfLTw5JWNqB6dMk6n6UvvvYdtECqMa/Ms0UdGwNccEImDDm6MuPgsMLx
u7vOmoVyoZ8SahSPVJW0GBHKGzmT64i/f2+KZ3A3vWJPvySPVJ3jPWT9TtKCDmaR
9sGzJCjuJhwgkUBq27oV/wZNsFYcdLoKQT5/Yd9c4+fk
-----END CERTIFICATE-----