Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/dl4qd2NxLv2pdTNq0OS-OOlqIBQ.roa
File:                     dl4qd2NxLv2pdTNq0OS-OOlqIBQ.roa (raw, json)
Hash identifier:          R4VZvRsgmGwvVdNYC34Oay7cu6wYCD63hbEHa/PcSQI=
Subject key identifier:   76:5E:2A:77:63:71:2E:FD:A9:75:33:6A:D0:E4:BE:38:E9:6A:20:14
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC794486224BC79E57FCE20F670B8AEAB
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/dl4qd2NxLv2pdTNq0OS-OOlqIBQ.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51327
IP address blocks:        139.45.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:48:62:24:bc:79:e5:7f:ce:20:f6:70:b8:ae:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=765e2a7763712efda975336ad0e4be38e96a2014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:07:73:ff:47:45:c2:65:29:67:32:23:f5:31:
                    ff:bc:a9:0c:15:85:f9:5f:38:3b:5e:e4:d7:37:1f:
                    6d:65:cc:91:5c:b7:79:ce:58:86:45:da:05:70:62:
                    23:26:b6:e3:66:eb:a3:2b:aa:93:3a:6b:bf:f0:d2:
                    89:d3:ea:ea:ea:75:80:69:3a:23:71:8c:c5:fa:eb:
                    b4:01:95:03:22:88:64:95:93:ee:fe:f9:28:d0:01:
                    3b:a3:3d:aa:1a:32:6a:a0:ab:42:f0:f2:75:4c:41:
                    9b:fb:84:29:83:82:90:d5:69:0f:75:4f:83:e6:25:
                    f3:1f:47:34:e3:91:bf:3d:74:9e:57:51:c0:59:06:
                    c6:2f:71:d8:5d:6c:8b:a7:56:14:f3:cf:da:6a:46:
                    50:b6:33:81:47:e2:31:81:d4:19:5e:af:60:6d:3b:
                    66:89:43:f6:8d:6c:98:a2:f5:5d:d5:2d:b3:41:bd:
                    0a:c8:34:aa:d1:38:c4:e5:49:f5:4d:eb:b2:f7:f5:
                    8b:a3:7b:e0:73:22:35:aa:60:d2:87:dd:3e:df:1f:
                    ee:87:5e:9f:60:65:ed:72:6e:c7:3b:87:3a:46:69:
                    d5:4d:43:9f:48:1c:80:1b:3a:c2:a1:0a:14:44:89:
                    3c:f7:d9:f7:77:0a:83:57:ee:35:ca:80:d0:75:b8:
                    57:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5E:2A:77:63:71:2E:FD:A9:75:33:6A:D0:E4:BE:38:E9:6A:20:14
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/dl4qd2NxLv2pdTNq0OS-OOlqIBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:73:33:bd:29:53:45:84:58:ab:91:84:be:da:f2:58:e3:be:
         73:ab:9c:77:9f:38:32:5e:ac:ca:2e:3a:99:87:0c:41:e0:df:
         26:2b:9b:9e:ee:a1:41:df:c4:49:20:ce:41:e9:9b:4f:12:59:
         40:6b:18:fb:7f:99:72:7f:dd:98:b8:0e:b8:b2:bd:83:58:42:
         92:ee:67:01:b4:64:94:3e:b4:d2:61:cc:23:31:7b:06:4a:da:
         b5:2c:5d:11:1d:0f:94:a0:2d:ad:3b:ce:20:6e:c5:13:5d:1b:
         b8:38:60:67:23:9a:45:16:43:d0:c2:c5:37:47:3e:e3:af:67:
         8c:54:42:ce:ee:22:3b:ed:d7:51:22:cf:c8:f7:5a:1f:f8:52:
         93:4a:51:d3:94:87:05:be:cc:27:ee:d7:ae:48:c3:bc:f4:8d:
         62:79:eb:b3:b5:cf:cf:b6:f9:37:cb:8f:7a:de:c2:96:05:0a:
         38:d2:31:d2:e0:51:19:50:1c:c5:f7:d6:b5:09:a7:a3:4a:3f:
         ae:07:02:8e:8c:ef:f0:00:db:16:05:c9:3c:51:7b:75:c5:88:
         e5:1c:33:61:67:f2:fc:7b:8b:88:5e:5c:4c:3e:82:fc:76:ac:
         79:5b:ee:07:c4:8f:0f:27:9e:ed:8b:94:a3:f4:27:d5:e0:92:
         54:fd:67:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEhiJLx55X/OIPZwuK6rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjVlMmE3NzYzNzEyZWZkYTk3NTMzNmFkMGU0YmUzOGU5NmEyMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgdz/0dFwmUpZzIj9TH/vKkMFYX5
Xzg7XuTXNx9tZcyRXLd5zliGRdoFcGIjJrbjZuujK6qTOmu/8NKJ0+rq6nWAaToj
cYzF+uu0AZUDIohklZPu/vko0AE7oz2qGjJqoKtC8PJ1TEGb+4Qpg4KQ1WkPdU+D
5iXzH0c045G/PXSeV1HAWQbGL3HYXWyLp1YU88/aakZQtjOBR+IxgdQZXq9gbTtm
iUP2jWyYovVd1S2zQb0KyDSq0TjE5Un1Teuy9/WLo3vgcyI1qmDSh90+3x/uh16f
YGXtcm7HO4c6RmnVTUOfSByAGzrCoQoURIk899n3dwqDV+41yoDQdbhXkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZeKndjcS79qXUzatDkvjjpaiAUMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvZGw0cWQyTnhMdjJwZFROcTBPUy1PT2xxSUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3WMA0G
CSqGSIb3DQEBCwUAA4IBAQAiczO9KVNFhFirkYS+2vJY475zq5x3nzgyXqzKLjqZ
hwxB4N8mK5ue7qFB38RJIM5B6ZtPEllAaxj7f5lyf92YuA64sr2DWEKS7mcBtGSU
PrTSYcwjMXsGStq1LF0RHQ+UoC2tO84gbsUTXRu4OGBnI5pFFkPQwsU3Rz7jr2eM
VELO7iI77ddRIs/I91of+FKTSlHTlIcFvswn7teuSMO89I1ieeuztc/Ptvk3y496
3sKWBQo40jHS4FEZUBzF99a1CaejSj+uBwKOjO/wANsWBck8UXt1xYjlHDNhZ/L8
e4uIXlxMPoL8dqx5W+4HxI8PJ57ti5Sj9CfV4JJU/Wej
-----END CERTIFICATE-----