Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/41LGPCW0SxVlaSe-dHnekt5Qcqc.roa
File:                     41LGPCW0SxVlaSe-dHnekt5Qcqc.roa (raw, json)
Hash identifier:          415efI4CLiMH+s4OtMksaRjZBSrBo9h9bwj8o5JKDkU=
Subject key identifier:   E3:52:C6:3C:25:B4:4B:15:65:69:27:BE:74:79:DE:92:DE:50:72:A7
Certificate issuer:       /CN=e980fb9530a36ff7b7430d50d44b8fb6d6dca937
Certificate serial:       018CC5DC381CE3073BDBE3F13F67317351D7
Authority key identifier: E9:80:FB:95:30:A3:6F:F7:B7:43:0D:50:D4:4B:8F:B6:D6:DC:A9:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/41LGPCW0SxVlaSe-dHnekt5Qcqc.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30790
IP address blocks:        194.54.185.0/24 maxlen: 24
                          194.54.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:38:1c:e3:07:3b:db:e3:f1:3f:67:31:73:51:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e980fb9530a36ff7b7430d50d44b8fb6d6dca937
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e352c63c25b44b15656927be7479de92de5072a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7a:bf:e7:f3:a2:91:97:03:de:44:54:2f:43:
                    26:7f:08:47:fe:21:81:a2:c5:de:a0:47:3e:8c:20:
                    8e:93:19:0f:f0:08:04:64:1c:18:01:6e:0f:76:30:
                    7e:6f:91:0b:4c:5f:53:38:05:79:b0:41:df:db:92:
                    7c:f0:ca:3f:8b:48:6b:ff:ce:9b:ea:b4:32:ef:19:
                    c6:06:e7:68:6a:f0:d2:30:c6:6b:93:aa:c7:7b:59:
                    14:56:a5:71:df:d3:96:dc:f5:9f:d2:ff:ab:23:bf:
                    dc:a8:8f:d7:82:f8:56:1f:52:9e:37:67:95:4b:c9:
                    58:26:0d:0b:74:dc:53:c2:c5:95:52:8a:29:3f:56:
                    07:0f:86:f5:b5:b3:de:25:8b:0f:73:fb:90:23:64:
                    ea:f7:85:3f:55:37:ca:47:08:04:ae:ff:c9:91:24:
                    6d:00:cb:46:a7:a5:2b:5a:b7:f5:87:a1:e7:3c:6e:
                    8b:32:2d:0b:10:74:30:0c:d3:90:10:e9:97:dd:01:
                    7b:cc:99:1d:ce:05:c7:50:8d:ee:c3:eb:82:56:1d:
                    5d:b6:4d:01:c3:7a:d4:2b:92:db:63:f6:f8:ad:1a:
                    c7:38:9b:6a:24:5f:f4:1e:69:17:31:f3:5c:e7:ee:
                    cd:b4:59:6a:87:3e:48:59:b6:a9:d0:ef:b6:71:a4:
                    5e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:52:C6:3C:25:B4:4B:15:65:69:27:BE:74:79:DE:92:DE:50:72:A7
            X509v3 Authority Key Identifier:
                keyid:E9:80:FB:95:30:A3:6F:F7:B7:43:0D:50:D4:4B:8F:B6:D6:DC:A9:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/41LGPCW0SxVlaSe-dHnekt5Qcqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:7e:b6:d2:3a:05:cc:91:5f:ac:97:30:72:d5:7d:82:55:61:
         68:25:a8:d2:ab:74:32:1b:d5:57:c5:ac:da:27:1f:4f:17:46:
         be:d2:56:37:15:91:9a:a3:3f:2c:a5:90:d2:28:46:02:bb:81:
         25:c7:f9:98:6d:36:9a:dd:2c:34:7a:9f:69:7d:7d:15:f5:62:
         cc:4e:5f:8e:b7:3b:61:67:ec:21:38:19:63:dd:63:2f:7c:57:
         f8:c0:0f:0f:2e:f9:97:2a:b1:93:64:94:e7:b9:4f:dd:12:ce:
         7e:d6:ec:8c:7f:5f:be:3a:b3:1c:cc:1f:6b:a8:f4:e0:9c:60:
         a7:88:ab:86:ce:d4:a3:a7:3e:e3:2c:45:6c:32:91:26:21:ae:
         1c:01:04:b2:b6:f2:88:4e:c9:13:1b:53:3e:d2:4b:3d:4b:53:
         dc:9c:e8:06:6f:5b:02:a8:b1:05:db:8e:31:30:2a:ce:76:3c:
         1e:86:99:7f:ad:8c:de:88:9e:b7:96:cf:69:0f:47:04:bd:9b:
         d0:51:be:18:3c:20:d1:76:9c:64:c1:fd:6c:bc:da:1f:51:25:
         bd:f7:c2:5a:b7:ec:ab:e3:6f:54:d2:2f:04:8a:ed:f8:98:03:
         7b:db:e5:c7:1b:9b:cd:ea:70:08:67:32:89:f9:ec:2d:cc:18:
         9a:16:03:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Dgc4wc72+PxP2cxc1HXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ODBmYjk1MzBhMzZmZjdiNzQzMGQ1MGQ0NGI4ZmI2ZDZk
Y2E5MzcwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzUyYzYzYzI1YjQ0YjE1NjU2OTI3YmU3NDc5ZGU5MmRlNTA3MmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3q/5/OikZcD3kRUL0MmfwhH/iGB
osXeoEc+jCCOkxkP8AgEZBwYAW4PdjB+b5ELTF9TOAV5sEHf25J88Mo/i0hr/86b
6rQy7xnGBudoavDSMMZrk6rHe1kUVqVx39OW3PWf0v+rI7/cqI/XgvhWH1KeN2eV
S8lYJg0LdNxTwsWVUoopP1YHD4b1tbPeJYsPc/uQI2Tq94U/VTfKRwgErv/JkSRt
AMtGp6UrWrf1h6HnPG6LMi0LEHQwDNOQEOmX3QF7zJkdzgXHUI3uw+uCVh1dtk0B
w3rUK5LbY/b4rRrHOJtqJF/0HmkXMfNc5+7NtFlqhz5IWbap0O+2caReVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONSxjwltEsVZWknvnR53pLeUHKnMB8GA1UdIwQY
MBaAFOmA+5Uwo2/3t0MNUNRLj7bW3Kk3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNllEN2xUQ2piX2UzUXcxUTFFdVB0dGJjcVRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80NWEwNGMtY2IwZC00YzBjLThiZjEt
NDhmMzlmZGUwZWVhLzEvNDFMR1BDVzBTeFZsYVNlLWRIbmVrdDVRY3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80NWEwNGMtY2IwZC00YzBjLThiZjEtNDhmMzlmZGUwZWVh
LzEvNllEN2xUQ2piX2UzUXcxUTFFdVB0dGJjcVRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwja4MA0G
CSqGSIb3DQEBCwUAA4IBAQC3frbSOgXMkV+slzBy1X2CVWFoJajSq3QyG9VXxaza
Jx9PF0a+0lY3FZGaoz8spZDSKEYCu4Elx/mYbTaa3Sw0ep9pfX0V9WLMTl+Otzth
Z+whOBlj3WMvfFf4wA8PLvmXKrGTZJTnuU/dEs5+1uyMf1++OrMczB9rqPTgnGCn
iKuGztSjpz7jLEVsMpEmIa4cAQSytvKITskTG1M+0ks9S1PcnOgGb1sCqLEF244x
MCrOdjwehpl/rYzeiJ63ls9pD0cEvZvQUb4YPCDRdpxkwf1svNofUSW998Jat+yr
429U0i8Eiu34mAN72+XHG5vN6nAIZzKJ+ewtzBiaFgOO
-----END CERTIFICATE-----