Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/P54kU8VzssC-47HhzMryKOq9v14.roa
File:                     P54kU8VzssC-47HhzMryKOq9v14.roa (raw, json)
Hash identifier:          b2CKq42C05Pp3TTpI9SGSG5X6GUrSV4k1QuE6SXYAKY=
Subject key identifier:   3F:9E:24:53:C5:73:B2:C0:BE:E3:B1:E1:CC:CA:F2:28:EA:BD:BF:5E
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC7944826D4CEC1DF8F6C5075A604A7F2
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/P54kU8VzssC-47HhzMryKOq9v14.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44877
IP address blocks:        139.45.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:48:26:d4:ce:c1:df:8f:6c:50:75:a6:04:a7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9e2453c573b2c0bee3b1e1cccaf228eabdbf5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:cf:26:16:a5:a7:0c:df:b6:7b:f9:03:bf:06:
                    10:81:5a:16:27:8a:0d:ba:c4:eb:5c:9f:da:d0:08:
                    3a:8f:4e:60:4d:b3:ef:06:ea:37:f4:cb:5c:a5:fa:
                    2f:28:a7:d2:de:6b:24:e2:df:2b:47:4b:0d:3e:59:
                    ec:cf:61:c1:76:44:81:8c:85:2f:a9:d5:77:8c:cc:
                    ff:68:7d:62:8c:56:60:ac:f8:9c:fb:3c:ed:be:5c:
                    9f:33:ea:9d:d2:f6:42:f5:99:de:44:9c:26:e7:fc:
                    22:30:c1:02:38:41:43:b5:71:f0:10:ae:fc:db:04:
                    35:38:8d:33:3b:44:3c:82:c0:f5:1b:96:af:cf:c0:
                    d8:8d:c0:82:0e:2b:4b:2b:91:e4:31:77:76:17:0a:
                    da:14:2a:9d:60:af:6a:d3:34:94:a3:f9:22:0e:ee:
                    f4:68:52:0e:18:57:eb:18:de:f9:a0:9b:a3:0f:84:
                    79:88:05:de:10:7c:ad:b4:bb:95:a7:71:00:58:43:
                    6c:3d:ab:a2:01:56:1a:84:42:c9:ca:74:ba:af:2a:
                    69:84:85:39:62:fe:86:de:99:be:09:7d:f8:c6:33:
                    41:c7:3f:6c:7f:cd:e1:cd:62:c7:25:fa:8f:26:ca:
                    09:2e:40:5f:96:24:a6:45:90:3b:73:08:5f:83:51:
                    88:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9E:24:53:C5:73:B2:C0:BE:E3:B1:E1:CC:CA:F2:28:EA:BD:BF:5E
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/P54kU8VzssC-47HhzMryKOq9v14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:51:98:60:9c:b5:05:3b:f6:dd:e0:cc:57:9a:90:a9:7c:06:
         c7:dd:24:5d:17:bf:f6:83:cf:cd:12:c3:19:32:c3:6d:50:b0:
         71:b8:1d:70:9a:cf:c0:01:45:51:a5:46:a2:53:00:6a:45:49:
         2d:68:b5:fe:35:d0:cd:1f:8e:e1:2b:cf:a3:9d:53:0a:21:4e:
         f2:ea:99:8a:95:61:e1:46:15:8e:41:ae:dd:76:0c:b8:dd:74:
         c3:f1:d0:aa:92:f1:6d:6a:2c:3b:ac:4f:a5:2a:b9:2b:45:df:
         23:13:ba:e3:3a:91:52:84:65:83:79:0e:00:ae:60:6f:0d:3b:
         65:81:50:c0:c7:9e:97:9c:0a:49:c1:81:b7:c3:3d:9e:91:82:
         04:e0:4c:19:40:4d:c5:28:0a:66:26:51:d2:0a:dd:b7:f1:77:
         97:7a:5e:94:29:5a:cb:40:98:4e:cb:90:09:6c:ec:8d:e6:9b:
         6d:45:51:3a:a9:cf:a6:9b:5f:00:63:7f:33:19:9b:5a:f0:b8:
         26:1c:f8:8e:2c:02:4f:02:a4:41:65:0d:e3:fe:63:c6:39:26:
         9d:a1:24:36:0e:22:ca:d3:e3:c5:ef:51:c7:14:76:33:5b:6d:
         18:c9:f3:69:ff:ca:3b:f5:5b:24:e8:a8:4d:cb:42:36:2e:d4:
         bc:3b:9a:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEgm1M7B349sUHWmBKfyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjllMjQ1M2M1NzNiMmMwYmVlM2IxZTFjY2NhZjIyOGVhYmRiZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5s8mFqWnDN+2e/kDvwYQgVoWJ4oN
usTrXJ/a0Ag6j05gTbPvBuo39MtcpfovKKfS3msk4t8rR0sNPlnsz2HBdkSBjIUv
qdV3jMz/aH1ijFZgrPic+zztvlyfM+qd0vZC9ZneRJwm5/wiMMECOEFDtXHwEK78
2wQ1OI0zO0Q8gsD1G5avz8DYjcCCDitLK5HkMXd2FwraFCqdYK9q0zSUo/kiDu70
aFIOGFfrGN75oJujD4R5iAXeEHyttLuVp3EAWENsPauiAVYahELJynS6rypphIU5
Yv6G3pm+CX34xjNBxz9sf83hzWLHJfqPJsoJLkBfliSmRZA7cwhfg1GIlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+eJFPFc7LAvuOx4czK8ijqvb9eMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvUDU0a1U4Vnpzc0MtNDdIaHpNcnlLT3E5djE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiy3TMA0G
CSqGSIb3DQEBCwUAA4IBAQADUZhgnLUFO/bd4MxXmpCpfAbH3SRdF7/2g8/NEsMZ
MsNtULBxuB1wms/AAUVRpUaiUwBqRUktaLX+NdDNH47hK8+jnVMKIU7y6pmKlWHh
RhWOQa7ddgy43XTD8dCqkvFtaiw7rE+lKrkrRd8jE7rjOpFShGWDeQ4ArmBvDTtl
gVDAx56XnApJwYG3wz2ekYIE4EwZQE3FKApmJlHSCt238XeXel6UKVrLQJhOy5AJ
bOyN5pttRVE6qc+mm18AY38zGZta8LgmHPiOLAJPAqRBZQ3j/mPGOSadoSQ2DiLK
0+PF71HHFHYzW20YyfNp/8o79Vsk6KhNy0I2LtS8O5o+
-----END CERTIFICATE-----