Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/P4Ngmm4fscIJdjrtcZXwEWC6af0.roa
File:                     P4Ngmm4fscIJdjrtcZXwEWC6af0.roa (raw, json)
Hash identifier:          Dgr4uE36WEf5Xw9kH8tw5qMQ+ewLeqeUvdPupgorbKg=
Subject key identifier:   3F:83:60:9A:6E:1F:B1:C2:09:76:3A:ED:71:95:F0:11:60:BA:69:FD
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       0194266BDBEDDBC6D94A2A7F67B7B96AFCBF
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/P4Ngmm4fscIJdjrtcZXwEWC6af0.roa
Signing time:             Thu 02 Jan 2025 09:49:50 +0000
ROA not before:           Thu 02 Jan 2025 09:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        45.87.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:db:ed:db:c6:d9:4a:2a:7f:67:b7:b9:6a:fc:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jan  2 09:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f83609a6e1fb1c209763aed7195f01160ba69fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6b:0a:b9:02:83:60:ac:dd:49:e3:9a:3a:4b:
                    2a:45:15:c8:0a:ec:65:c7:b8:66:b1:fa:f4:16:ce:
                    27:29:e1:c1:8e:c6:73:94:37:12:d3:48:f1:9a:0c:
                    15:7d:11:0a:d2:5c:cd:38:7b:40:cf:48:20:dc:5b:
                    31:af:40:a2:24:c1:3d:3f:83:b6:2f:44:6a:90:68:
                    de:77:37:2e:19:b9:5e:4f:70:39:5e:93:0e:29:40:
                    2e:9a:4c:16:51:ac:81:bb:59:5a:ac:4b:98:81:55:
                    fc:2b:8d:96:95:b5:52:28:8c:49:ea:d0:a6:7e:e6:
                    b8:2c:c9:a0:9d:84:53:fe:00:97:37:30:6d:6c:54:
                    6d:5e:26:b2:03:f8:2d:fe:70:29:63:59:8e:88:2a:
                    76:91:df:8a:9e:b1:73:1e:dc:b8:e0:96:35:b6:ec:
                    80:7c:9d:05:0e:01:30:65:c9:2c:a2:76:b3:cd:9a:
                    ca:4b:65:2d:4a:d7:b4:84:20:c5:03:aa:d1:60:f3:
                    b5:5f:95:df:37:cd:eb:39:76:7c:2d:a2:d0:07:90:
                    ff:75:98:c3:02:e4:88:c1:14:3b:1c:4b:e8:d4:5c:
                    75:65:79:05:f6:e2:5c:7a:80:01:8f:44:f3:e7:b1:
                    e3:04:c0:f1:ef:d8:9a:51:d4:cf:01:7e:e1:b3:d9:
                    02:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:60:9A:6E:1F:B1:C2:09:76:3A:ED:71:95:F0:11:60:BA:69:FD
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/P4Ngmm4fscIJdjrtcZXwEWC6af0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:3d:e3:73:fd:6d:df:3e:f2:80:58:55:f0:8f:77:48:78:00:
         eb:bf:e9:74:b9:fc:ad:7b:12:6b:52:b1:5b:0b:aa:2c:b4:95:
         84:40:a1:04:0c:ce:3b:02:e3:9b:1a:96:0b:b7:6d:e4:79:e6:
         24:eb:3c:2a:c3:06:2d:f6:94:cc:db:37:7d:a9:1d:e5:84:6f:
         2d:c8:96:d4:b1:39:8f:0e:ef:6a:4c:cb:10:78:13:53:cd:13:
         00:d7:ca:83:bc:8a:a3:ac:1e:7b:c8:ca:e0:43:db:10:4c:18:
         1b:bd:7a:27:b5:85:c5:1e:33:e9:4b:0f:7c:b2:35:c1:b0:8b:
         2c:85:b0:05:3b:42:b7:63:b1:b1:aa:8a:5a:ee:f9:ef:36:41:
         5f:17:8e:26:c6:c7:29:9b:47:71:92:e5:76:53:0e:36:ac:d1:
         c6:8d:c5:e3:b9:06:c4:63:7f:d3:6e:67:fb:1a:99:fa:59:0d:
         79:09:71:da:8a:a9:0a:94:c1:0f:4c:a2:cd:a4:fa:9c:5a:7e:
         45:d0:07:ee:0f:8d:e3:c3:3a:c7:75:0f:7d:c8:9f:32:2d:65:
         21:bf:39:7c:83:b3:f7:bc:1d:c6:30:ea:5a:cf:4d:6d:c4:82:
         e4:e1:00:2c:8d:2f:2a:47:c7:0d:d7:c0:45:0e:51:66:24:e1:
         53:c9:bd:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9vt28bZSip/Z7e5avy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjUwMTAyMDk0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzNjA5YTZlMWZiMWMyMDk3NjNhZWQ3MTk1ZjAxMTYwYmE2OWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWsKuQKDYKzdSeOaOksqRRXICuxl
x7hmsfr0Fs4nKeHBjsZzlDcS00jxmgwVfREK0lzNOHtAz0gg3Fsxr0CiJME9P4O2
L0RqkGjedzcuGbleT3A5XpMOKUAumkwWUayBu1larEuYgVX8K42WlbVSKIxJ6tCm
fua4LMmgnYRT/gCXNzBtbFRtXiayA/gt/nApY1mOiCp2kd+KnrFzHty44JY1tuyA
fJ0FDgEwZcksonazzZrKS2UtSte0hCDFA6rRYPO1X5XfN83rOXZ8LaLQB5D/dZjD
AuSIwRQ7HEvo1Fx1ZXkF9uJceoABj0Tz57HjBMDx79iaUdTPAX7hs9kClQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+DYJpuH7HCCXY67XGV8BFgumn9MB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvUDROZ21tNGZzY0lKZGpydGNaWHdFV0M2YWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVegMA0G
CSqGSIb3DQEBCwUAA4IBAQA8PeNz/W3fPvKAWFXwj3dIeADrv+l0ufytexJrUrFb
C6ostJWEQKEEDM47AuObGpYLt23keeYk6zwqwwYt9pTM2zd9qR3lhG8tyJbUsTmP
Du9qTMsQeBNTzRMA18qDvIqjrB57yMrgQ9sQTBgbvXontYXFHjPpSw98sjXBsIss
hbAFO0K3Y7Gxqopa7vnvNkFfF44mxscpm0dxkuV2Uw42rNHGjcXjuQbEY3/Tbmf7
Gpn6WQ15CXHaiqkKlMEPTKLNpPqcWn5F0AfuD43jwzrHdQ99yJ8yLWUhvzl8g7P3
vB3GMOpaz01txILk4QAsjS8qR8cN18BFDlFmJOFTyb0F
-----END CERTIFICATE-----