Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/rjO50r1Csox_w7pK9XK7tB7EqyM.roa
File:                     rjO50r1Csox_w7pK9XK7tB7EqyM.roa (raw, json)
Hash identifier:          zHD2y9uOJnLf8w7zTh8Y9g5t7nEQZo/6vfJBDwey0q0=
Subject key identifier:   AE:33:B9:D2:BD:42:B2:8C:7F:C3:BA:4A:F5:72:BB:B4:1E:C4:AB:23
Certificate issuer:       /CN=53e32c5f895fb12e6d674e0b16f6eee5e512645d
Certificate serial:       01901571BF57B9190C0ED31CC26215D3FDA6
Authority key identifier: 53:E3:2C:5F:89:5F:B1:2E:6D:67:4E:0B:16:F6:EE:E5:E5:12:64:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U-MsX4lfsS5tZ04LFvbu5eUSZF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/rjO50r1Csox_w7pK9XK7tB7EqyM.roa
Signing time:             Fri 14 Jun 2024 06:31:34 +0000
ROA not before:           Fri 14 Jun 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41737
IP address blocks:        45.84.148.0/22 maxlen: 24
                          2a0e:9b80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/U-MsX4lfsS5tZ04LFvbu5eUSZF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/U-MsX4lfsS5tZ04LFvbu5eUSZF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U-MsX4lfsS5tZ04LFvbu5eUSZF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:71:bf:57:b9:19:0c:0e:d3:1c:c2:62:15:d3:fd:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53e32c5f895fb12e6d674e0b16f6eee5e512645d
        Validity
            Not Before: Jun 14 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae33b9d2bd42b28c7fc3ba4af572bbb41ec4ab23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c1:bf:24:99:2f:ed:8a:3c:c3:84:49:48:08:
                    3d:cf:9a:cf:5b:7c:1b:93:b9:73:2b:78:ff:c3:36:
                    be:b3:90:34:37:86:b0:fa:83:f4:dc:5d:76:3b:59:
                    fc:22:2c:29:86:e6:79:59:61:78:57:eb:73:fd:0f:
                    f5:75:10:5c:8f:c4:7b:48:f8:e0:82:24:ec:46:b5:
                    b8:cc:61:bf:62:45:67:a8:ce:50:8e:29:39:43:a1:
                    f5:5c:61:84:41:82:1c:e2:54:a0:94:e6:4b:74:31:
                    8d:c1:a0:44:d7:b9:8f:7c:95:59:ec:65:b9:11:58:
                    4e:6b:65:bc:ee:99:41:55:0c:a4:9f:18:c5:c3:91:
                    06:fa:bb:62:ac:d5:2c:e5:e9:f7:20:fe:7a:f2:e9:
                    c7:ac:c2:e4:78:ee:e5:54:a2:9f:d7:46:71:e6:c6:
                    4e:e5:af:46:ab:d2:0c:74:04:62:81:79:eb:c0:ba:
                    54:f3:58:dd:98:53:e4:4c:91:7f:60:94:a8:dd:96:
                    a5:20:6f:af:c3:6e:d4:3b:39:8d:9d:22:79:1e:45:
                    db:eb:09:3f:cb:a3:61:f3:2a:11:10:39:fd:d8:1f:
                    fa:e7:9d:d6:e2:60:57:8e:91:7a:97:cd:a7:30:45:
                    f5:61:c3:a6:e2:bc:0a:51:7b:81:e6:d4:2e:88:df:
                    bc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:33:B9:D2:BD:42:B2:8C:7F:C3:BA:4A:F5:72:BB:B4:1E:C4:AB:23
            X509v3 Authority Key Identifier:
                keyid:53:E3:2C:5F:89:5F:B1:2E:6D:67:4E:0B:16:F6:EE:E5:E5:12:64:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U-MsX4lfsS5tZ04LFvbu5eUSZF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/rjO50r1Csox_w7pK9XK7tB7EqyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/U-MsX4lfsS5tZ04LFvbu5eUSZF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.148.0/22
                IPv6:
                  2a0e:9b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:b9:8f:38:96:62:43:d6:85:02:f1:2f:fe:96:f8:8d:9f:40:
         af:94:4f:5d:f6:6c:2d:92:97:26:2f:07:42:55:17:55:4e:1a:
         7e:0c:b1:ec:a1:81:aa:9a:9b:99:cb:cc:63:16:19:c8:36:bd:
         68:45:81:f3:90:53:e8:f3:7c:7c:d6:3e:cc:2c:3b:b3:f4:4d:
         ff:79:17:87:6e:21:66:1c:01:51:a2:3e:63:90:ff:13:2a:07:
         60:f3:54:b9:6c:25:8e:12:97:96:29:34:73:cd:c0:17:8f:5b:
         e9:e7:14:33:c8:22:5b:6e:da:b8:bf:9f:9a:83:97:89:cc:1c:
         fc:9e:91:49:21:f5:97:06:f9:59:f0:04:13:a6:3d:19:7e:64:
         f0:38:c4:4a:75:5f:9c:52:88:15:36:c0:4e:92:4a:49:27:6b:
         bb:26:ec:a3:17:bb:65:80:5b:26:84:79:e4:d5:7c:bb:c7:44:
         b1:71:a0:9d:1a:4e:cd:c7:7e:72:60:11:bd:43:89:03:9b:54:
         c4:79:03:0f:8d:a9:78:bc:8a:f0:3c:b9:e3:96:a4:dc:ab:d6:
         b6:f9:67:2d:8a:c0:d4:b5:fe:83:73:80:6f:cb:cf:3c:1c:3d:
         f4:5a:22:78:5a:5a:64:c3:7d:9c:38:0a:5a:88:22:01:9e:b6:
         e1:91:a1:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAVcb9XuRkMDtMcwmIV0/2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZTMyYzVmODk1ZmIxMmU2ZDY3NGUwYjE2ZjZlZWU1ZTUx
MjY0NWQwHhcNMjQwNjE0MDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTMzYjlkMmJkNDJiMjhjN2ZjM2JhNGFmNTcyYmJiNDFlYzRhYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8G/JJkv7Yo8w4RJSAg9z5rPW3wb
k7lzK3j/wza+s5A0N4aw+oP03F12O1n8IiwphuZ5WWF4V+tz/Q/1dRBcj8R7SPjg
giTsRrW4zGG/YkVnqM5Qjik5Q6H1XGGEQYIc4lSglOZLdDGNwaBE17mPfJVZ7GW5
EVhOa2W87plBVQyknxjFw5EG+rtirNUs5en3IP568unHrMLkeO7lVKKf10Zx5sZO
5a9Gq9IMdARigXnrwLpU81jdmFPkTJF/YJSo3ZalIG+vw27UOzmNnSJ5HkXb6wk/
y6Nh8yoREDn92B/6553W4mBXjpF6l82nMEX1YcOm4rwKUXuB5tQuiN+8ZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK4zudK9QrKMf8O6SvVyu7QexKsjMB8GA1UdIwQY
MBaAFFPjLF+JX7EubWdOCxb27uXlEmRdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVS1Nc1g0bGZzUzV0WjA0TEZ2YnU1ZVVTWkYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy84NjVmMDgtNDYzMy00ZWRjLWJjOGQt
MzA4NGY3NjdjMmI2LzEvcmpPNTByMUNzb3hfdzdwSzlYSzd0QjdFcXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy84NjVmMDgtNDYzMy00ZWRjLWJjOGQtMzA4NGY3NjdjMmI2
LzEvVS1Nc1g0bGZzUzV0WjA0TEZ2YnU1ZVVTWkYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVSUMA0E
AgACMAcDBQMqDpuAMA0GCSqGSIb3DQEBCwUAA4IBAQAduY84lmJD1oUC8S/+lviN
n0CvlE9d9mwtkpcmLwdCVRdVThp+DLHsoYGqmpuZy8xjFhnINr1oRYHzkFPo83x8
1j7MLDuz9E3/eReHbiFmHAFRoj5jkP8TKgdg81S5bCWOEpeWKTRzzcAXj1vp5xQz
yCJbbtq4v5+ag5eJzBz8npFJIfWXBvlZ8AQTpj0ZfmTwOMRKdV+cUogVNsBOkkpJ
J2u7JuyjF7tlgFsmhHnk1Xy7x0SxcaCdGk7Nx35yYBG9Q4kDm1TEeQMPjal4vIrw
PLnjlqTcq9a2+WctisDUtf6Dc4Bvy888HD30WiJ4Wlpkw32cOApaiCIBnrbhkaHy
-----END CERTIFICATE-----