Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/lG1wziIgBe8rhwQcO9WqJoRATJ8.roa
File:                     lG1wziIgBe8rhwQcO9WqJoRATJ8.roa (raw, json)
Hash identifier:          nPsPmTfe7UkDt1AJ1ko6aLHxrSPu9OiHl9ebIxfJHws=
Subject key identifier:   94:6D:70:CE:22:20:05:EF:2B:87:04:1C:3B:D5:AA:26:84:40:4C:9F
Certificate issuer:       /CN=421f108882a9e2d72782db6527da4d9adeeb19cc
Certificate serial:       018CC5DC4443C2924B9CE8338158E9E05C03
Authority key identifier: 42:1F:10:88:82:A9:E2:D7:27:82:DB:65:27:DA:4D:9A:DE:EB:19:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/lG1wziIgBe8rhwQcO9WqJoRATJ8.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.86.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:44:43:c2:92:4b:9c:e8:33:81:58:e9:e0:5c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421f108882a9e2d72782db6527da4d9adeeb19cc
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=946d70ce222005ef2b87041c3bd5aa2684404c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:74:42:1d:26:6c:cc:5f:70:c8:5a:d1:e7:22:
                    cc:92:27:6f:34:66:74:58:71:4b:03:50:c0:60:3f:
                    89:e5:58:48:29:80:02:cf:c9:25:79:5b:49:46:b6:
                    73:be:d4:4f:19:e8:99:2f:71:84:fa:eb:8b:30:9f:
                    78:8b:6d:3a:98:c8:cc:ff:ad:db:2f:87:94:c2:64:
                    42:b9:00:bf:2e:e6:58:97:ba:e2:8c:46:d1:67:ed:
                    75:04:4b:27:87:c2:0d:06:fc:84:97:35:2b:3c:e3:
                    4e:99:ea:3e:f7:14:ce:33:2f:25:a5:7e:c4:a0:42:
                    63:7b:ef:b6:d1:b9:78:b8:fe:a6:f5:61:1c:b4:10:
                    1c:0d:38:c0:13:37:64:4f:94:c7:83:e8:67:f4:8f:
                    3a:3f:7c:5b:2a:f6:40:70:65:b2:66:45:97:18:3f:
                    7b:7e:74:26:a7:35:f9:ec:d2:69:bd:fd:3b:ee:23:
                    fe:9d:73:41:d2:a7:d1:d1:58:47:a6:fe:5a:a6:61:
                    66:89:4b:12:f8:00:ea:70:ab:f4:bb:87:e8:38:13:
                    20:e9:25:f7:1d:a8:e6:c2:28:9d:c6:f3:93:26:49:
                    25:20:44:8b:99:a8:cb:98:97:88:3a:95:4e:ac:68:
                    15:dc:90:db:ec:f7:45:64:f4:a8:e9:27:c5:d6:a3:
                    fe:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:6D:70:CE:22:20:05:EF:2B:87:04:1C:3B:D5:AA:26:84:40:4C:9F
            X509v3 Authority Key Identifier:
                keyid:42:1F:10:88:82:A9:E2:D7:27:82:DB:65:27:DA:4D:9A:DE:EB:19:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/lG1wziIgBe8rhwQcO9WqJoRATJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:1e:4c:3a:dc:36:89:d3:65:e0:3c:d8:b2:87:2b:27:50:ae:
         1a:27:ba:59:3d:24:78:fc:bb:9a:fc:d7:b9:a5:8a:37:85:88:
         96:b2:f2:41:89:04:9f:c6:ed:91:12:32:86:50:52:93:fa:c1:
         f1:ad:b0:96:87:79:3d:04:d4:be:8d:74:ef:b7:99:72:02:b2:
         52:e5:af:90:d7:9b:fb:90:15:eb:e4:a3:69:70:d1:53:73:06:
         fe:d4:54:79:ae:42:ca:6f:73:6f:b5:72:99:3d:f1:70:32:eb:
         f5:5e:09:64:4e:53:bf:0c:1a:3d:46:b2:73:1c:b8:55:25:d8:
         bd:0a:a4:95:e3:ee:18:3d:5a:1b:f7:fb:b2:a0:52:0f:1f:e9:
         63:42:58:a5:b8:1c:80:c9:91:83:8e:e7:c4:1b:00:17:59:76:
         6d:ea:6c:69:e4:2c:62:2b:1a:c8:bc:71:76:32:e8:e6:34:46:
         27:22:2f:d6:f2:54:f7:3b:f3:b2:9b:d2:67:fe:ed:f7:88:29:
         8c:27:f3:a0:49:63:f5:eb:b6:b1:85:b5:54:ff:3a:20:46:6a:
         80:98:67:0c:eb:06:bc:51:38:04:e5:5f:e3:b0:c2:73:71:9c:
         3d:e3:bb:cd:c7:f6:18:e4:7b:64:d3:c7:ac:d7:1d:58:d1:5c:
         8d:5d:a4:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ERDwpJLnOgzgVjp4FwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWYxMDg4ODJhOWUyZDcyNzgyZGI2NTI3ZGE0ZDlhZGVl
YjE5Y2MwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDZkNzBjZTIyMjAwNWVmMmI4NzA0MWMzYmQ1YWEyNjg0NDA0YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3RCHSZszF9wyFrR5yLMkidvNGZ0
WHFLA1DAYD+J5VhIKYACz8kleVtJRrZzvtRPGeiZL3GE+uuLMJ94i206mMjM/63b
L4eUwmRCuQC/LuZYl7rijEbRZ+11BEsnh8INBvyElzUrPONOmeo+9xTOMy8lpX7E
oEJje++20bl4uP6m9WEctBAcDTjAEzdkT5THg+hn9I86P3xbKvZAcGWyZkWXGD97
fnQmpzX57NJpvf077iP+nXNB0qfR0VhHpv5apmFmiUsS+ADqcKv0u4foOBMg6SX3
HajmwiidxvOTJkklIESLmajLmJeIOpVOrGgV3JDb7PdFZPSo6SfF1qP+gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRtcM4iIAXvK4cEHDvVqiaEQEyfMB8GA1UdIwQY
MBaAFEIfEIiCqeLXJ4LbZSfaTZre6xnMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWg4UWlJS3A0dGNuZ3R0bEo5cE5tdDdyR2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8yMTkyMmEtZGQ3OS00ZjU2LTgzYmUt
MGEwNjlkZWMxMDBhLzEvbEcxd3ppSWdCZThyaHdRY085V3FKb1JBVEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8yMTkyMmEtZGQ3OS00ZjU2LTgzYmUtMGEwNjlkZWMxMDBh
LzEvUWg4UWlJS3A0dGNuZ3R0bEo5cE5tdDdyR2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZwMA0G
CSqGSIb3DQEBCwUAA4IBAQB+Hkw63DaJ02XgPNiyhysnUK4aJ7pZPSR4/Lua/Ne5
pYo3hYiWsvJBiQSfxu2REjKGUFKT+sHxrbCWh3k9BNS+jXTvt5lyArJS5a+Q15v7
kBXr5KNpcNFTcwb+1FR5rkLKb3NvtXKZPfFwMuv1XglkTlO/DBo9RrJzHLhVJdi9
CqSV4+4YPVob9/uyoFIPH+ljQliluByAyZGDjufEGwAXWXZt6mxp5CxiKxrIvHF2
MujmNEYnIi/W8lT3O/Oym9Jn/u33iCmMJ/OgSWP167axhbVU/zogRmqAmGcM6wa8
UTgE5V/jsMJzcZw947vNx/YY5Htk08es1x1Y0VyNXaRh
-----END CERTIFICATE-----