Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/T4Ompwr-kUDY-c2o4LuA9Tog1ds.roa
File:                     T4Ompwr-kUDY-c2o4LuA9Tog1ds.roa (raw, json)
Hash identifier:          HNEafpjJwhYZ5xM51yYtQTAThxL7C79G6YZjpFGxvgs=
Subject key identifier:   4F:83:A6:A7:0A:FE:91:40:D8:F9:CD:A8:E0:BB:80:F5:3A:20:D5:DB
Certificate issuer:       /CN=665e4d7ea8a3470c9703ee7551481c36f774febb
Certificate serial:       018CC26D71EA0DEFA032B10328E3A8829169
Authority key identifier: 66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/T4Ompwr-kUDY-c2o4LuA9Tog1ds.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        45.82.120.0/22 maxlen: 22
                          2a0e:6a80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:ea:0d:ef:a0:32:b1:03:28:e3:a8:82:91:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665e4d7ea8a3470c9703ee7551481c36f774febb
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f83a6a70afe9140d8f9cda8e0bb80f53a20d5db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:bd:db:dd:47:f2:ab:81:e5:9e:f3:fd:c7:ed:
                    41:cf:37:79:70:9e:d3:67:db:36:e4:85:55:5c:7c:
                    15:3f:fc:97:ae:02:c3:03:2f:69:46:87:dd:5f:49:
                    e9:7f:d4:8a:e4:bc:8b:32:27:7a:e8:cd:e0:41:5b:
                    dc:f9:ad:ee:84:35:1d:f3:c8:d5:22:41:01:49:a1:
                    77:32:0e:7a:38:5f:7b:e8:89:3f:34:22:89:54:18:
                    0f:11:ee:04:0e:f0:96:b4:d8:a0:47:90:1f:8b:e0:
                    19:5b:9a:b4:9a:db:a9:01:52:05:8b:e8:6d:dd:82:
                    e6:e9:30:bc:ae:1f:1f:df:21:02:ae:e1:f1:09:32:
                    ce:8e:eb:cb:50:67:4f:e6:a7:b8:31:41:8d:52:48:
                    ba:99:af:66:1f:fb:24:4d:5c:d7:f6:35:b5:1f:9d:
                    b3:c1:47:54:b3:77:f5:f6:bf:25:92:b3:a3:e6:96:
                    64:5b:ea:47:3c:7d:fd:be:bd:51:ef:5c:4d:1b:24:
                    d9:40:bf:ee:97:7d:0e:c8:59:ba:ed:eb:07:c2:20:
                    5d:87:5f:16:44:00:cd:4e:a1:e4:60:0f:45:02:16:
                    38:29:d5:78:64:3e:9f:8c:57:71:ff:f6:00:09:ac:
                    39:37:c4:fb:53:af:5e:53:7d:b5:ff:25:8a:3b:38:
                    96:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:83:A6:A7:0A:FE:91:40:D8:F9:CD:A8:E0:BB:80:F5:3A:20:D5:DB
            X509v3 Authority Key Identifier:
                keyid:66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/T4Ompwr-kUDY-c2o4LuA9Tog1ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.120.0/22
                IPv6:
                  2a0e:6a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:98:b6:1e:a5:e2:43:c0:5d:29:16:a7:f6:a5:eb:96:cd:00:
         3d:66:4b:85:5a:d5:60:05:38:b0:8e:38:e1:9d:62:a8:aa:36:
         22:49:5e:d0:8b:8b:8d:b9:32:05:02:fd:f6:bd:63:ff:14:c9:
         0c:b0:a6:6b:5e:dd:30:e6:db:c4:12:a7:0e:c1:81:d2:fa:3c:
         64:18:75:dd:2f:89:94:f6:f2:39:25:2a:a7:42:91:14:b0:6d:
         48:75:39:f1:fa:49:23:2f:d3:d9:67:0f:5e:bc:19:66:4b:89:
         3d:e1:84:e0:53:59:e6:bc:44:38:42:1d:e2:e8:2a:36:04:85:
         ac:61:7a:78:57:d1:8e:7b:67:2a:7d:66:c3:d9:3c:11:25:27:
         d3:68:19:75:1d:d8:5a:3a:9b:6a:47:8c:ba:3d:62:b7:24:19:
         a7:d9:99:f6:ea:50:23:16:60:47:2e:12:3e:75:ae:44:db:36:
         01:63:fe:54:3b:79:54:94:24:d3:7d:23:f5:b2:80:63:84:08:
         36:cc:05:62:ad:d3:c8:ec:db:67:1a:d5:12:d2:26:07:3c:8c:
         36:2c:8b:41:81:6c:bd:aa:2f:02:27:1a:72:87:eb:89:18:3d:
         2b:f3:82:77:b8:4a:3e:de:2a:b3:d3:83:c7:ef:12:5c:46:cf:
         f1:30:aa:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbXHqDe+gMrEDKOOogpFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWU0ZDdlYThhMzQ3MGM5NzAzZWU3NTUxNDgxYzM2Zjc3
NGZlYmIwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjgzYTZhNzBhZmU5MTQwZDhmOWNkYThlMGJiODBmNTNhMjBkNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgb3b3Ufyq4HlnvP9x+1Bzzd5cJ7T
Z9s25IVVXHwVP/yXrgLDAy9pRofdX0npf9SK5LyLMid66M3gQVvc+a3uhDUd88jV
IkEBSaF3Mg56OF976Ik/NCKJVBgPEe4EDvCWtNigR5Afi+AZW5q0mtupAVIFi+ht
3YLm6TC8rh8f3yECruHxCTLOjuvLUGdP5qe4MUGNUki6ma9mH/skTVzX9jW1H52z
wUdUs3f19r8lkrOj5pZkW+pHPH39vr1R71xNGyTZQL/ul30OyFm67esHwiBdh18W
RADNTqHkYA9FAhY4KdV4ZD6fjFdx//YACaw5N8T7U69eU321/yWKOziWuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE+DpqcK/pFA2PnNqOC7gPU6INXbMB8GA1UdIwQY
MBaAFGZeTX6oo0cMlwPudVFIHDb3dP67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmIt
MTYyZWQ2MjRlMjgyLzEvVDRPbXB3ci1rVURZLWMybzRMdUE5VG9nMWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmItMTYyZWQ2MjRlMjgy
LzEvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVJ4MA0E
AgACMAcDBQMqDmqAMA0GCSqGSIb3DQEBCwUAA4IBAQALmLYepeJDwF0pFqf2peuW
zQA9ZkuFWtVgBTiwjjjhnWKoqjYiSV7Qi4uNuTIFAv32vWP/FMkMsKZrXt0w5tvE
EqcOwYHS+jxkGHXdL4mU9vI5JSqnQpEUsG1IdTnx+kkjL9PZZw9evBlmS4k94YTg
U1nmvEQ4Qh3i6Co2BIWsYXp4V9GOe2cqfWbD2TwRJSfTaBl1HdhaOptqR4y6PWK3
JBmn2Zn26lAjFmBHLhI+da5E2zYBY/5UO3lUlCTTfSP1soBjhAg2zAVirdPI7Ntn
GtUS0iYHPIw2LItBgWy9qi8CJxpyh+uJGD0r84J3uEo+3iqz04PH7xJcRs/xMKr9
-----END CERTIFICATE-----