Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/jV4KyYOgRoTiEBd1z7O6p8ohyb0.roa
File:                     jV4KyYOgRoTiEBd1z7O6p8ohyb0.roa (raw, json)
Hash identifier:          LV8co3zsXv3cHBPxPfQEUFy1p4Y87jIVKNUsHDiMHq0=
Subject key identifier:   8D:5E:0A:C9:83:A0:46:84:E2:10:17:75:CF:B3:BA:A7:CA:21:C9:BD
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       018CC4922ADC7B64EFF542DEDE2FD6EFDDCA
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/jV4KyYOgRoTiEBd1z7O6p8ohyb0.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59456
IP address blocks:        194.99.66.0/23 maxlen: 23
                          45.88.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2a:dc:7b:64:ef:f5:42:de:de:2f:d6:ef:dd:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d5e0ac983a04684e2101775cfb3baa7ca21c9bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a8:c4:56:92:68:66:72:79:fb:b6:26:e4:5b:
                    3e:f7:58:ed:c3:45:0f:ac:33:5c:1a:b6:fb:28:64:
                    fc:08:0c:f5:e8:47:9d:3f:be:ba:72:8f:e6:e3:77:
                    5d:bc:f9:b5:e6:82:66:48:b3:65:d9:77:c9:ad:c8:
                    64:47:73:09:93:81:2d:2b:de:1e:a6:d6:69:11:c0:
                    6a:64:d9:b1:58:6e:b9:12:3a:3e:46:d5:c4:15:77:
                    ab:23:cd:81:1f:66:14:26:85:04:3c:d0:a8:3b:7f:
                    4b:64:c8:42:4a:66:9f:5a:fb:21:05:6a:91:a5:87:
                    ca:7b:90:c3:92:f6:09:40:ab:c4:a4:6b:03:66:67:
                    10:5f:22:8f:33:89:6d:4e:f6:d2:5e:2b:3f:47:bb:
                    9e:92:46:eb:70:7d:08:a4:41:81:2f:0d:98:51:cf:
                    22:cb:8c:65:ac:81:d3:22:a0:3f:94:4f:c4:43:5c:
                    6d:7e:af:ac:80:ea:d0:8f:c5:7b:c5:81:9a:08:92:
                    88:69:66:19:10:f4:59:1d:14:8d:0a:a7:c9:cf:84:
                    b3:93:bd:85:46:c4:be:f1:ff:9c:8c:44:2a:05:5d:
                    00:f7:d8:72:af:cf:12:ac:22:61:01:f9:3f:fa:49:
                    af:1a:b8:fe:b7:0a:94:28:3f:91:17:8c:ee:26:42:
                    42:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5E:0A:C9:83:A0:46:84:E2:10:17:75:CF:B3:BA:A7:CA:21:C9:BD
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/jV4KyYOgRoTiEBd1z7O6p8ohyb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.128.0/22
                  194.99.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:ba:31:16:f9:62:bc:9a:8c:56:c8:fa:69:88:4b:89:09:92:
         3c:04:ba:05:51:e6:c2:8c:7d:e1:27:1e:d6:9b:0f:c6:e2:31:
         ab:5b:46:32:0a:f4:10:18:35:8a:5b:03:62:f6:b9:a2:5d:8e:
         99:26:fa:55:98:2d:a3:d2:58:80:e5:55:cf:01:5d:5d:cd:6a:
         06:c1:81:f8:0d:be:ad:ca:65:90:3a:5e:e3:5e:b1:76:a2:12:
         81:29:ef:e7:05:b3:68:71:9d:f5:33:85:f0:fb:41:c9:07:a4:
         0d:66:c2:02:89:06:91:34:c3:ec:d4:ca:24:9e:00:6c:4d:80:
         c9:04:41:3c:d3:66:da:79:26:45:5c:b5:b5:05:24:21:0c:07:
         37:15:b3:f0:56:e3:5c:a9:83:f9:67:34:88:ef:a8:75:5d:d3:
         2c:78:0e:a2:ce:3f:0f:c4:d5:a9:40:92:b3:99:6e:4a:49:be:
         3d:cc:fb:77:ed:89:46:20:96:24:cd:73:c5:78:80:f7:38:4b:
         b5:86:b2:0f:04:85:da:a2:37:87:49:d8:f3:b5:b5:e6:c8:c7:
         22:44:8e:02:21:38:7f:29:d2:2c:cd:62:26:e5:59:c8:13:ed:
         cb:59:48:2c:49:99:ee:bd:20:d3:fb:46:ad:2f:7c:18:18:a4:
         b3:18:71:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkirce2Tv9ULe3i/W793KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVlMGFjOTgzYTA0Njg0ZTIxMDE3NzVjZmIzYmFhN2NhMjFjOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjajEVpJoZnJ5+7Ym5Fs+91jtw0UP
rDNcGrb7KGT8CAz16EedP766co/m43ddvPm15oJmSLNl2XfJrchkR3MJk4EtK94e
ptZpEcBqZNmxWG65Ejo+RtXEFXerI82BH2YUJoUEPNCoO39LZMhCSmafWvshBWqR
pYfKe5DDkvYJQKvEpGsDZmcQXyKPM4ltTvbSXis/R7uekkbrcH0IpEGBLw2YUc8i
y4xlrIHTIqA/lE/EQ1xtfq+sgOrQj8V7xYGaCJKIaWYZEPRZHRSNCqfJz4Szk72F
RsS+8f+cjEQqBV0A99hyr88SrCJhAfk/+kmvGrj+twqUKD+RF4zuJkJCiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI1eCsmDoEaE4hAXdc+zuqfKIcm9MB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvalY0S3lZT2dSb1RpRUJkMXo3TzZwOG9oeWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLViAAwQB
wmNCMA0GCSqGSIb3DQEBCwUAA4IBAQCZujEW+WK8moxWyPppiEuJCZI8BLoFUebC
jH3hJx7Wmw/G4jGrW0YyCvQQGDWKWwNi9rmiXY6ZJvpVmC2j0liA5VXPAV1dzWoG
wYH4Db6tymWQOl7jXrF2ohKBKe/nBbNocZ31M4Xw+0HJB6QNZsICiQaRNMPs1Mok
ngBsTYDJBEE802baeSZFXLW1BSQhDAc3FbPwVuNcqYP5ZzSI76h1XdMseA6izj8P
xNWpQJKzmW5KSb49zPt37YlGIJYkzXPFeID3OEu1hrIPBIXaojeHSdjztbXmyMci
RI4CITh/KdIszWIm5VnIE+3LWUgsSZnuvSDT+0atL3wYGKSzGHEw
-----END CERTIFICATE-----