Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/dXqyn33TZzqjKp-XJX3_rl1-G6E.roa
File:                     dXqyn33TZzqjKp-XJX3_rl1-G6E.roa (raw, json)
Hash identifier:          HJfRvZ8URaY4aNbzbjXNVAC2tPbApyJwf9lfZS4fJxk=
Subject key identifier:   75:7A:B2:9F:7D:D3:67:3A:A3:2A:9F:97:25:7D:FF:AE:5D:7E:1B:A1
Certificate issuer:       /CN=4ab7dc03789f58621b25e8dd0d925dc91b4a5aa2
Certificate serial:       018CC64B3D50179C0C9591DA4F47A3D4D695
Authority key identifier: 4A:B7:DC:03:78:9F:58:62:1B:25:E8:DD:0D:92:5D:C9:1B:4A:5A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/dXqyn33TZzqjKp-XJX3_rl1-G6E.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57829
IP address blocks:        45.93.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3d:50:17:9c:0c:95:91:da:4f:47:a3:d4:d6:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ab7dc03789f58621b25e8dd0d925dc91b4a5aa2
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=757ab29f7dd3673aa32a9f97257dffae5d7e1ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b4:02:fa:a8:97:cc:e8:e5:40:8e:c7:eb:91:
                    0c:6a:ef:a6:33:01:1b:58:0b:4a:7e:aa:f0:48:87:
                    52:3a:01:ee:6f:5a:5e:47:c5:c2:c2:27:42:68:25:
                    69:54:b0:53:32:40:cc:c1:a9:b2:bc:10:4d:e4:21:
                    e5:3b:18:b7:1f:cd:e4:4c:6a:f8:5e:76:84:b0:bd:
                    0c:7f:08:08:d3:54:44:00:9b:62:03:ee:f4:62:3c:
                    11:d9:30:c9:dd:d0:4d:94:48:1f:a5:4f:52:95:eb:
                    9f:5d:a8:c8:04:00:0b:b4:20:8c:de:92:d2:62:37:
                    3c:f9:73:43:e1:be:25:4d:4b:1d:fd:3e:56:ca:70:
                    7f:9a:ad:f2:7d:84:f0:6e:52:1a:d2:b8:c7:08:5a:
                    6b:74:34:40:b3:43:26:49:6f:e0:b3:1b:d8:2e:68:
                    2d:11:73:ce:aa:e0:be:33:01:2f:89:ba:54:7e:94:
                    3f:ee:90:9c:04:59:c4:55:b0:d4:41:c9:5b:8f:03:
                    9b:e0:f8:f3:dc:3d:d2:5a:e4:bb:1d:e4:5b:57:75:
                    e8:9b:c7:0d:29:12:19:62:01:f0:1f:57:bd:29:58:
                    f8:a3:f1:e6:08:82:50:f2:aa:8e:94:4f:5e:44:47:
                    60:90:7f:b7:7f:af:29:b7:c7:f5:db:94:ac:0f:a8:
                    16:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7A:B2:9F:7D:D3:67:3A:A3:2A:9F:97:25:7D:FF:AE:5D:7E:1B:A1
            X509v3 Authority Key Identifier:
                keyid:4A:B7:DC:03:78:9F:58:62:1B:25:E8:DD:0D:92:5D:C9:1B:4A:5A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/dXqyn33TZzqjKp-XJX3_rl1-G6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:92:aa:72:ca:5a:c2:b8:6a:e0:e3:06:71:3e:84:0b:37:c3:
         1f:fd:52:0c:82:71:05:37:66:b0:58:0c:9f:b1:c3:cf:c0:9c:
         67:f3:09:ce:c1:81:d2:76:76:fd:75:c4:9f:06:90:8d:5c:5a:
         db:3c:91:74:44:b1:cc:4d:c4:67:41:f8:f0:4c:45:1e:bb:d4:
         fb:3b:a3:c2:5d:5a:b7:54:d1:ca:74:70:97:4b:43:61:09:8a:
         53:b5:9b:3f:4b:e6:25:f3:f5:82:cc:c0:9c:fa:ea:21:29:f9:
         d4:98:df:93:7d:56:96:92:98:1f:10:57:7a:6f:18:79:91:00:
         50:99:81:7f:6c:dd:92:7e:30:f8:17:51:14:77:99:c3:39:83:
         8b:36:dd:8f:cf:41:3f:aa:c8:e4:64:d6:ba:4a:74:b8:60:3d:
         f4:2a:97:7b:74:e5:1a:21:d5:2d:2c:c2:3c:cb:23:f1:b1:46:
         99:b5:68:9e:2d:da:37:d9:1e:28:cf:5d:7a:61:2b:61:8d:74:
         4b:47:80:d4:30:15:b4:41:62:71:62:c1:1d:11:fa:e0:70:12:
         aa:4d:18:00:36:53:e5:00:71:8e:13:c3:a8:88:6f:bc:66:65:
         b0:82:12:20:44:11:22:30:16:06:12:64:2d:6e:e3:9b:2a:30:
         7a:28:f6:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSz1QF5wMlZHaT0ej1NaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYjdkYzAzNzg5ZjU4NjIxYjI1ZThkZDBkOTI1ZGM5MWI0
YTVhYTIwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdhYjI5ZjdkZDM2NzNhYTMyYTlmOTcyNTdkZmZhZTVkN2UxYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7QC+qiXzOjlQI7H65EMau+mMwEb
WAtKfqrwSIdSOgHub1peR8XCwidCaCVpVLBTMkDMwamyvBBN5CHlOxi3H83kTGr4
XnaEsL0MfwgI01REAJtiA+70YjwR2TDJ3dBNlEgfpU9SleufXajIBAALtCCM3pLS
Yjc8+XND4b4lTUsd/T5WynB/mq3yfYTwblIa0rjHCFprdDRAs0MmSW/gsxvYLmgt
EXPOquC+MwEvibpUfpQ/7pCcBFnEVbDUQclbjwOb4Pjz3D3SWuS7HeRbV3Xom8cN
KRIZYgHwH1e9KVj4o/HmCIJQ8qqOlE9eREdgkH+3f68pt8f125SsD6gW9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHV6sp9902c6oyqflyV9/65dfhuhMB8GA1UdIwQY
MBaAFEq33AN4n1hiGyXo3Q2SXckbSlqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3JmY0EzaWZXR0liSmVqZERaSmR5UnRLV3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84YTU5ZGItNWFkOC00ZjNmLTk3YzIt
ZjM4YmNiZDkzMzkwLzEvZFhxeW4zM1RaenFqS3AtWEpYM19ybDEtRzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84YTU5ZGItNWFkOC00ZjNmLTk3YzItZjM4YmNiZDkzMzkw
LzEvU3JmY0EzaWZXR0liSmVqZERaSmR5UnRLV3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV2MMA0G
CSqGSIb3DQEBCwUAA4IBAQCvkqpyylrCuGrg4wZxPoQLN8Mf/VIMgnEFN2awWAyf
scPPwJxn8wnOwYHSdnb9dcSfBpCNXFrbPJF0RLHMTcRnQfjwTEUeu9T7O6PCXVq3
VNHKdHCXS0NhCYpTtZs/S+Yl8/WCzMCc+uohKfnUmN+TfVaWkpgfEFd6bxh5kQBQ
mYF/bN2SfjD4F1EUd5nDOYOLNt2Pz0E/qsjkZNa6SnS4YD30Kpd7dOUaIdUtLMI8
yyPxsUaZtWieLdo32R4oz116YSthjXRLR4DUMBW0QWJxYsEdEfrgcBKqTRgANlPl
AHGOE8OoiG+8ZmWwghIgRBEiMBYGEmQtbuObKjB6KPYW
-----END CERTIFICATE-----