Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/33da71-0b4e-4b16-a9dc-beed916eb140/1/T_7i3rLIBlY5-qWL5W5dClUzyfo.roa
File:                     T_7i3rLIBlY5-qWL5W5dClUzyfo.roa (raw, json)
Hash identifier:          khlHpot/tPBNqi4qzDJ50NeMQvRYix9DN5c/4ak5ro4=
Subject key identifier:   4F:FE:E2:DE:B2:C8:06:56:39:FA:A5:8B:E5:6E:5D:0A:55:33:C9:FA
Certificate issuer:       /CN=06dbc24e08b2c26ada90ad638f1adc747f69a45f
Certificate serial:       018CC2DB55B92987BD0636F8FA138859BA4B
Authority key identifier: 06:DB:C2:4E:08:B2:C2:6A:DA:90:AD:63:8F:1A:DC:74:7F:69:A4:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BtvCTgiywmrakK1jjxrcdH9ppF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/33da71-0b4e-4b16-a9dc-beed916eb140/1/T_7i3rLIBlY5-qWL5W5dClUzyfo.roa
Signing time:             Mon 01 Jan 2024 02:30:03 +0000
ROA not before:           Mon 01 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        45.149.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/33da71-0b4e-4b16-a9dc-beed916eb140/1/BtvCTgiywmrakK1jjxrcdH9ppF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/33da71-0b4e-4b16-a9dc-beed916eb140/1/BtvCTgiywmrakK1jjxrcdH9ppF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BtvCTgiywmrakK1jjxrcdH9ppF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 08:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:55:b9:29:87:bd:06:36:f8:fa:13:88:59:ba:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06dbc24e08b2c26ada90ad638f1adc747f69a45f
        Validity
            Not Before: Jan  1 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ffee2deb2c8065639faa58be56e5d0a5533c9fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4d:0a:3e:fa:64:59:00:34:7e:9d:92:8d:92:
                    f7:89:44:71:1a:f2:84:ca:b7:e0:ee:79:4c:4a:d1:
                    12:f6:0e:4b:30:02:3d:8f:5b:90:db:df:ae:d1:76:
                    1d:22:dd:34:df:9f:61:02:21:30:21:db:ba:56:ee:
                    95:e7:11:52:a5:f3:d6:f5:cd:67:ee:d2:87:b4:7e:
                    62:db:5c:e8:fc:e3:04:d4:1a:0e:01:4a:a3:17:82:
                    f8:ca:63:84:4c:41:0c:0b:e3:9b:36:15:27:60:e1:
                    c7:32:f9:de:3d:4f:bc:9a:89:0e:58:a0:44:ed:65:
                    6f:4d:6c:2a:13:12:14:0b:d6:f8:21:b5:1c:eb:0e:
                    f4:1f:48:71:09:eb:7f:28:45:4f:fb:8b:b7:61:0f:
                    03:dc:e8:05:9c:85:c9:0b:51:ab:ec:7e:b6:17:0e:
                    ef:02:c2:33:93:d4:93:ed:e7:d1:d2:95:bc:29:03:
                    4e:55:41:ac:40:41:3f:80:11:a4:15:09:84:62:9a:
                    ce:6e:1f:fa:5d:e1:e4:17:7d:10:ba:32:27:42:3a:
                    af:d7:00:af:6e:a1:d0:14:d5:5d:76:e7:5f:4a:78:
                    f7:27:58:b0:4d:8d:13:db:db:97:1b:6d:de:42:aa:
                    ec:2e:19:30:f2:0c:a7:da:10:51:4b:db:f2:a7:48:
                    73:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FE:E2:DE:B2:C8:06:56:39:FA:A5:8B:E5:6E:5D:0A:55:33:C9:FA
            X509v3 Authority Key Identifier:
                keyid:06:DB:C2:4E:08:B2:C2:6A:DA:90:AD:63:8F:1A:DC:74:7F:69:A4:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BtvCTgiywmrakK1jjxrcdH9ppF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/33da71-0b4e-4b16-a9dc-beed916eb140/1/T_7i3rLIBlY5-qWL5W5dClUzyfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/33da71-0b4e-4b16-a9dc-beed916eb140/1/BtvCTgiywmrakK1jjxrcdH9ppF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:8a:f0:f5:f3:4a:10:9b:86:9e:28:a2:08:b3:53:68:fe:3e:
         ec:ca:68:65:44:05:f5:94:12:02:f4:ee:3f:4c:51:85:b7:44:
         15:ae:c7:7e:2a:6b:a9:09:ab:8d:72:b9:d8:7e:d9:be:ac:7d:
         ce:f8:db:f3:42:8f:23:3f:60:01:34:da:a3:90:4f:54:81:61:
         87:59:ae:ac:4d:74:e4:03:75:99:e5:d2:96:b4:13:0f:b3:c8:
         d0:d8:7c:4f:72:b4:a5:39:e4:ba:b4:42:9b:d0:87:cb:3c:b6:
         e1:e9:14:b6:5f:e7:86:8f:63:48:e8:a7:dc:8b:df:96:ba:d7:
         e1:a8:e7:76:35:4a:e0:d0:38:db:f9:cb:58:b3:e6:ba:d6:41:
         30:2d:76:df:40:06:27:d7:eb:ce:82:bd:7d:d6:e1:b1:ce:d6:
         6a:09:c8:8b:99:fb:c8:a1:01:4a:11:fc:e0:2b:f2:5e:91:be:
         f4:95:54:f3:c4:08:ce:78:2d:1d:36:c1:ff:58:3c:d7:ea:e0:
         e1:2e:18:1d:e1:33:6e:b3:7e:22:64:bc:2a:bb:2f:c6:09:fb:
         15:bc:76:af:72:49:d3:ea:3c:23:72:59:b4:9d:86:79:0b:b7:
         6b:46:3c:e8:8a:b4:89:79:6b:66:9f:cc:42:cc:48:7b:e6:84:
         4d:ef:0b:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21W5KYe9Bjb4+hOIWbpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZGJjMjRlMDhiMmMyNmFkYTkwYWQ2MzhmMWFkYzc0N2Y2
OWE0NWYwHhcNMjQwMTAxMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZlZTJkZWIyYzgwNjU2MzlmYWE1OGJlNTZlNWQwYTU1MzNjOWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE0KPvpkWQA0fp2SjZL3iURxGvKE
yrfg7nlMStES9g5LMAI9j1uQ29+u0XYdIt00359hAiEwIdu6Vu6V5xFSpfPW9c1n
7tKHtH5i21zo/OME1BoOAUqjF4L4ymOETEEMC+ObNhUnYOHHMvnePU+8mokOWKBE
7WVvTWwqExIUC9b4IbUc6w70H0hxCet/KEVP+4u3YQ8D3OgFnIXJC1Gr7H62Fw7v
AsIzk9ST7efR0pW8KQNOVUGsQEE/gBGkFQmEYprObh/6XeHkF30QujInQjqv1wCv
bqHQFNVddudfSnj3J1iwTY0T29uXG23eQqrsLhkw8gyn2hBRS9vyp0hzHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/+4t6yyAZWOfqli+VuXQpVM8n6MB8GA1UdIwQY
MBaAFAbbwk4IssJq2pCtY48a3HR/aaRfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnR2Q1RnaXl3bXJha0sxamp4cmNkSDlwcEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zM2RhNzEtMGI0ZS00YjE2LWE5ZGMt
YmVlZDkxNmViMTQwLzEvVF83aTNyTElCbFk1LXFXTDVXNWRDbFV6eWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zM2RhNzEtMGI0ZS00YjE2LWE5ZGMtYmVlZDkxNmViMTQw
LzEvQnR2Q1RnaXl3bXJha0sxamp4cmNkSDlwcEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZV8MA0G
CSqGSIb3DQEBCwUAA4IBAQA3ivD180oQm4aeKKIIs1No/j7symhlRAX1lBIC9O4/
TFGFt0QVrsd+KmupCauNcrnYftm+rH3O+NvzQo8jP2ABNNqjkE9UgWGHWa6sTXTk
A3WZ5dKWtBMPs8jQ2HxPcrSlOeS6tEKb0IfLPLbh6RS2X+eGj2NI6Kfci9+Wutfh
qOd2NUrg0Djb+ctYs+a61kEwLXbfQAYn1+vOgr191uGxztZqCciLmfvIoQFKEfzg
K/Jekb70lVTzxAjOeC0dNsH/WDzX6uDhLhgd4TNus34iZLwquy/GCfsVvHavcknT
6jwjclm0nYZ5C7drRjzoirSJeWtmn8xCzEh75oRN7wus
-----END CERTIFICATE-----