Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/R8OfYueHd1P1AWWtdGiixwllIMs.roa
File:                     R8OfYueHd1P1AWWtdGiixwllIMs.roa (raw, json)
Hash identifier:          ZKzgreBUlCJXbuPQDDLtfbqfZaf5YaZJohzFfYmemPA=
Subject key identifier:   47:C3:9F:62:E7:87:77:53:F5:01:65:AD:74:68:A2:C7:09:65:20:CB
Certificate issuer:       /CN=4cd71f5a0050f8ae6444c638769ba375fddbce19
Certificate serial:       019424B25C7FD183D88845A54F3AA0DBD4F0
Authority key identifier: 4C:D7:1F:5A:00:50:F8:AE:64:44:C6:38:76:9B:A3:75:FD:DB:CE:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TNcfWgBQ-K5kRMY4dpujdf3bzhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/R8OfYueHd1P1AWWtdGiixwllIMs.roa
Signing time:             Thu 02 Jan 2025 01:47:36 +0000
ROA not before:           Thu 02 Jan 2025 01:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60893
IP address blocks:        45.150.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/TNcfWgBQ-K5kRMY4dpujdf3bzhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/TNcfWgBQ-K5kRMY4dpujdf3bzhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TNcfWgBQ-K5kRMY4dpujdf3bzhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:5c:7f:d1:83:d8:88:45:a5:4f:3a:a0:db:d4:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cd71f5a0050f8ae6444c638769ba375fddbce19
        Validity
            Not Before: Jan  2 01:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47c39f62e7877753f50165ad7468a2c7096520cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:cf:35:2f:f6:24:9b:3c:61:52:81:c1:05:08:
                    3c:0d:94:5b:21:fe:44:bc:19:56:96:9f:e7:a0:45:
                    db:54:b0:d1:01:b3:c5:5b:3f:e6:6d:ee:dd:19:e1:
                    f7:32:96:70:8d:24:61:a3:48:2c:fd:9b:1e:08:d2:
                    cb:a2:d4:a8:41:41:a3:4a:a0:74:3e:0a:55:7c:13:
                    6f:6e:4d:cb:5d:aa:87:c2:9a:7c:1c:19:84:cc:13:
                    03:9c:a8:84:06:b3:76:f7:cd:2c:f4:7e:91:f6:0b:
                    d3:3a:09:ef:45:7c:e0:e5:ff:2d:71:c3:30:1f:36:
                    b7:df:e4:dd:ed:34:35:ec:bc:2d:7d:82:bc:fd:65:
                    e1:2c:c0:55:b9:2d:f6:e6:b0:fa:87:ea:f5:cc:5d:
                    16:f0:30:22:e3:b7:02:c1:e2:7a:bb:8c:9a:c7:ff:
                    06:7a:1a:21:d7:ce:3f:ec:df:f3:b6:82:2d:21:43:
                    6a:60:ab:43:79:72:dc:d8:99:0f:4a:b6:f3:d5:f6:
                    67:09:8b:1e:fe:d7:d8:13:8c:38:81:d3:3e:cb:d8:
                    38:27:2f:23:f9:2c:6b:e1:b7:83:8c:f9:45:cd:95:
                    99:de:c4:6e:20:15:bd:46:58:d4:ec:ac:02:55:40:
                    88:cd:5f:fd:d2:95:b0:dd:20:9b:25:dc:63:8c:c4:
                    9a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C3:9F:62:E7:87:77:53:F5:01:65:AD:74:68:A2:C7:09:65:20:CB
            X509v3 Authority Key Identifier:
                keyid:4C:D7:1F:5A:00:50:F8:AE:64:44:C6:38:76:9B:A3:75:FD:DB:CE:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TNcfWgBQ-K5kRMY4dpujdf3bzhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/R8OfYueHd1P1AWWtdGiixwllIMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/TNcfWgBQ-K5kRMY4dpujdf3bzhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:4b:13:8d:05:c0:c5:86:73:45:3b:11:26:bf:8d:20:58:f8:
         c4:21:da:87:f5:79:9a:b1:b5:c8:37:46:43:4e:9d:19:7c:7a:
         12:23:f4:ff:7a:f9:54:ba:8c:f0:a5:48:37:b9:fd:96:2e:53:
         38:31:ae:5f:3c:aa:dc:d4:68:dc:59:fd:39:9d:4d:c8:80:89:
         84:6e:58:31:e0:a9:dc:c4:67:b1:67:2e:af:83:29:fd:57:3e:
         6b:be:46:ac:67:47:d7:c9:c8:64:cc:d6:c5:1b:86:3d:0b:d3:
         1e:5f:9a:5b:f5:8e:b9:9a:2c:46:ec:d9:a6:62:94:e3:87:c9:
         e2:c1:e8:a7:7a:03:ca:d6:ca:02:a5:15:96:07:c7:ac:53:19:
         85:f4:91:c4:7f:84:68:d7:e2:2a:cf:73:22:ea:e4:af:8c:52:
         71:d9:94:82:5c:ee:d8:df:83:5b:23:7d:7b:e1:1f:f8:cf:e1:
         7d:e2:99:e8:71:3e:2c:f2:eb:84:98:c7:7e:6b:38:76:e1:e1:
         8d:39:57:df:0b:43:b3:64:0b:34:5b:b7:2c:1d:ed:28:0d:f9:
         54:f3:bc:83:87:4f:f1:8f:a7:e3:cd:58:1a:00:2e:d0:c8:c8:
         f1:6f:7a:0f:0c:92:a4:04:6e:ec:25:c9:3f:09:d8:15:c4:c2:
         d2:64:4d:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkslx/0YPYiEWlTzqg29TwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZDcxZjVhMDA1MGY4YWU2NDQ0YzYzODc2OWJhMzc1ZmRk
YmNlMTkwHhcNMjUwMTAyMDE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2MzOWY2MmU3ODc3NzUzZjUwMTY1YWQ3NDY4YTJjNzA5NjUyMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1881L/YkmzxhUoHBBQg8DZRbIf5E
vBlWlp/noEXbVLDRAbPFWz/mbe7dGeH3MpZwjSRho0gs/ZseCNLLotSoQUGjSqB0
PgpVfBNvbk3LXaqHwpp8HBmEzBMDnKiEBrN2980s9H6R9gvTOgnvRXzg5f8tccMw
Hza33+Td7TQ17LwtfYK8/WXhLMBVuS325rD6h+r1zF0W8DAi47cCweJ6u4yax/8G
ehoh184/7N/ztoItIUNqYKtDeXLc2JkPSrbz1fZnCYse/tfYE4w4gdM+y9g4Jy8j
+Sxr4beDjPlFzZWZ3sRuIBW9RljU7KwCVUCIzV/90pWw3SCbJdxjjMSaEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfDn2Lnh3dT9QFlrXRooscJZSDLMB8GA1UdIwQY
MBaAFEzXH1oAUPiuZETGOHabo3X9284ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE5jZldnQlEtSzVrUk1ZNGRwdWpkZjNiemhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8yNzgzOTgtNzMzOS00NGIyLWIwYjAt
NzNhMDFhZTVkZThmLzEvUjhPZll1ZUhkMVAxQVdXdGRHaWl4d2xsSU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8yNzgzOTgtNzMzOS00NGIyLWIwYjAtNzNhMDFhZTVkZThm
LzEvVE5jZldnQlEtSzVrUk1ZNGRwdWpkZjNiemhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZZoMA0G
CSqGSIb3DQEBCwUAA4IBAQAZSxONBcDFhnNFOxEmv40gWPjEIdqH9XmasbXIN0ZD
Tp0ZfHoSI/T/evlUuozwpUg3uf2WLlM4Ma5fPKrc1GjcWf05nU3IgImEblgx4Knc
xGexZy6vgyn9Vz5rvkasZ0fXychkzNbFG4Y9C9MeX5pb9Y65mixG7NmmYpTjh8ni
weinegPK1soCpRWWB8esUxmF9JHEf4Ro1+Iqz3Mi6uSvjFJx2ZSCXO7Y34NbI317
4R/4z+F94pnocT4s8uuEmMd+azh24eGNOVffC0OzZAs0W7csHe0oDflU87yDh0/x
j6fjzVgaAC7QyMjxb3oPDJKkBG7sJck/CdgVxMLSZE1/
-----END CERTIFICATE-----