Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/1Zcsy1tupXNKNd4A1qri2j36_fo.roa
File:                     1Zcsy1tupXNKNd4A1qri2j36_fo.roa (raw, json)
Hash identifier:          x2VniuTUVur72wgqJaBLNLUfRN1fSgUIVHnlKj1aZrM=
Subject key identifier:   D5:97:2C:CB:5B:6E:A5:73:4A:35:DE:00:D6:AA:E2:DA:3D:FA:FD:FA
Certificate issuer:       /CN=948d45cfe3482b8f61dae000b007a467ecdd4ee6
Certificate serial:       018CC8DFA800D5F0F0A606943707F4BD8C59
Authority key identifier: 94:8D:45:CF:E3:48:2B:8F:61:DA:E0:00:B0:07:A4:67:EC:DD:4E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lI1Fz-NIK49h2uAAsAekZ-zdTuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/1Zcsy1tupXNKNd4A1qri2j36_fo.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212745
IP address blocks:        45.81.228.0/22 maxlen: 22
                          2a0e:6080::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/lI1Fz-NIK49h2uAAsAekZ-zdTuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/lI1Fz-NIK49h2uAAsAekZ-zdTuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lI1Fz-NIK49h2uAAsAekZ-zdTuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a8:00:d5:f0:f0:a6:06:94:37:07:f4:bd:8c:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=948d45cfe3482b8f61dae000b007a467ecdd4ee6
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5972ccb5b6ea5734a35de00d6aae2da3dfafdfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:55:c9:f4:68:d8:ae:6b:fd:91:f2:d9:a3:d7:
                    a5:c6:b9:d5:bd:1a:cd:1e:54:44:71:65:d2:ae:08:
                    f6:5b:d1:bf:d0:f9:63:73:31:fc:9d:5e:c0:52:17:
                    a4:4e:b0:5a:14:f6:1b:39:06:6e:80:14:4c:5b:13:
                    4d:be:dd:f6:57:29:c5:2d:45:4c:89:b0:81:1e:ad:
                    aa:1b:f7:41:d1:c6:27:e1:a4:6d:f6:91:fc:45:a5:
                    5c:0b:c9:ae:cd:5e:ba:fc:ae:96:82:f8:65:e1:a0:
                    4a:1f:1e:4f:17:5a:00:55:d6:80:20:6c:92:6a:87:
                    94:44:ed:c1:6e:b7:02:88:8f:b0:4f:c5:bf:e9:98:
                    51:17:4f:17:e5:86:aa:ac:ec:cd:81:0b:84:0b:40:
                    ef:69:9c:99:14:00:7b:de:67:80:de:2e:eb:3b:1d:
                    a6:a1:b2:6f:23:c8:22:f2:2d:19:1a:47:07:8b:39:
                    35:6a:83:ce:d0:1c:65:31:0c:b6:44:c7:9b:a4:01:
                    50:09:c1:66:05:89:0f:24:9c:89:ab:53:bd:55:35:
                    3c:12:cb:68:9f:a9:ec:0a:70:e8:21:bd:c5:2e:80:
                    5f:44:29:37:5d:9d:12:ca:03:45:95:0d:30:d1:f9:
                    f8:19:c1:3b:89:f4:a6:fb:04:9b:b8:6f:ba:a1:b6:
                    ff:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:97:2C:CB:5B:6E:A5:73:4A:35:DE:00:D6:AA:E2:DA:3D:FA:FD:FA
            X509v3 Authority Key Identifier:
                keyid:94:8D:45:CF:E3:48:2B:8F:61:DA:E0:00:B0:07:A4:67:EC:DD:4E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lI1Fz-NIK49h2uAAsAekZ-zdTuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/1Zcsy1tupXNKNd4A1qri2j36_fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/lI1Fz-NIK49h2uAAsAekZ-zdTuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.228.0/22
                IPv6:
                  2a0e:6080::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:41:98:98:05:77:e8:d8:ba:74:94:11:a1:96:ba:db:7a:a2:
         f9:ac:60:40:d4:d6:9d:65:dd:88:f4:0d:76:fa:0c:b8:0f:b3:
         4a:7c:0d:aa:31:87:ac:0c:2a:29:e2:b9:ba:df:62:5e:10:a7:
         70:a3:d1:8f:f5:0a:02:8d:b8:86:f6:60:8a:e1:98:9b:d8:44:
         ee:e4:6d:1f:a6:d1:b8:70:2e:71:b7:86:36:08:05:20:4a:62:
         3e:06:58:da:57:20:38:22:f3:ac:02:f4:b2:ca:58:6e:4b:f2:
         23:ab:a9:79:57:5a:6d:39:22:7f:f2:fd:0f:aa:e5:4d:e4:16:
         e3:29:93:5e:9f:bd:ba:21:34:5c:6f:64:d6:03:eb:48:64:8a:
         f2:6c:14:08:1f:0e:46:a8:04:cf:40:23:29:61:48:08:09:ef:
         93:23:c3:84:8f:26:43:c2:e6:cc:5f:96:1a:4f:1d:ff:48:c0:
         87:d2:dd:e9:e5:5c:d3:df:a3:18:a2:0e:3d:70:d3:c9:8e:78:
         27:80:dd:18:a4:48:9d:af:ec:c4:05:bd:10:9e:a8:9d:45:79:
         9c:5e:e4:98:fd:3b:02:01:6e:8f:99:f0:a7:b5:6a:05:2e:3f:
         b7:f0:24:90:dd:10:69:bb:a1:e6:40:42:64:f3:08:83:9b:d0:
         ec:65:24:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI36gA1fDwpgaUNwf0vYxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OGQ0NWNmZTM0ODJiOGY2MWRhZTAwMGIwMDdhNDY3ZWNk
ZDRlZTYwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk3MmNjYjViNmVhNTczNGEzNWRlMDBkNmFhZTJkYTNkZmFmZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVXJ9GjYrmv9kfLZo9elxrnVvRrN
HlREcWXSrgj2W9G/0PljczH8nV7AUhekTrBaFPYbOQZugBRMWxNNvt32VynFLUVM
ibCBHq2qG/dB0cYn4aRt9pH8RaVcC8muzV66/K6Wgvhl4aBKHx5PF1oAVdaAIGyS
aoeURO3BbrcCiI+wT8W/6ZhRF08X5YaqrOzNgQuEC0DvaZyZFAB73meA3i7rOx2m
obJvI8gi8i0ZGkcHizk1aoPO0BxlMQy2RMebpAFQCcFmBYkPJJyJq1O9VTU8Esto
n6nsCnDoIb3FLoBfRCk3XZ0SygNFlQ0w0fn4GcE7ifSm+wSbuG+6obb/MwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNWXLMtbbqVzSjXeANaq4to9+v36MB8GA1UdIwQY
MBaAFJSNRc/jSCuPYdrgALAHpGfs3U7mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEkxRnotTklLNDloMnVBQXNBZWtaLXpkVHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mODliMmUtNTNhMy00MTU3LWE5NjAt
NDJkYWZiNGI1MWQyLzEvMVpjc3kxdHVwWE5LTmQ0QTFxcmkyajM2X2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mODliMmUtNTNhMy00MTU3LWE5NjAtNDJkYWZiNGI1MWQy
LzEvbEkxRnotTklLNDloMnVBQXNBZWtaLXpkVHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLVHkMA8E
AgACMAkDBwAqDmCAAAAwDQYJKoZIhvcNAQELBQADggEBADlBmJgFd+jYunSUEaGW
utt6ovmsYEDU1p1l3Yj0DXb6DLgPs0p8Daoxh6wMKiniubrfYl4Qp3Cj0Y/1CgKN
uIb2YIrhmJvYRO7kbR+m0bhwLnG3hjYIBSBKYj4GWNpXIDgi86wC9LLKWG5L8iOr
qXlXWm05In/y/Q+q5U3kFuMpk16fvbohNFxvZNYD60hkivJsFAgfDkaoBM9AIylh
SAgJ75Mjw4SPJkPC5sxflhpPHf9IwIfS3enlXNPfoxiiDj1w08mOeCeA3RikSJ2v
7MQFvRCeqJ1FeZxe5Jj9OwIBbo+Z8Ke1agUuP7fwJJDdEGm7oeZAQmTzCIOb0Oxl
JKs=
-----END CERTIFICATE-----