Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/cSMc-zeZSLu72NMf2YBI7D9kt5g.roa
File:                     cSMc-zeZSLu72NMf2YBI7D9kt5g.roa (raw, json)
Hash identifier:          W+B5nrpfgcdUnTPeX/Q+YMMF6OIbFgtEq1jo/TlnIjE=
Subject key identifier:   71:23:1C:FB:37:99:48:BB:BB:D8:D3:1F:D9:80:48:EC:3F:64:B7:98
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC50047A5216DEEB0A77A77677D72892B
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/cSMc-zeZSLu72NMf2YBI7D9kt5g.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50250
IP address blocks:        45.159.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:47:a5:21:6d:ee:b0:a7:7a:77:67:7d:72:89:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71231cfb379948bbbbd8d31fd98048ec3f64b798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:44:bb:50:6d:f5:fb:bf:c6:dd:5a:0b:5d:2b:
                    b8:11:10:ec:e9:1e:3a:58:3d:db:45:47:5c:5c:98:
                    6e:e7:30:b4:81:0a:bd:3d:e5:6a:fd:3c:cc:ae:fa:
                    cb:8e:bb:91:4b:e1:52:f1:6a:87:cf:2b:fe:8c:f6:
                    07:a1:d3:29:fd:1d:d3:d3:22:3c:1d:aa:e1:7b:a8:
                    f1:c8:b3:18:0d:80:8b:c9:fa:2d:46:62:0d:9e:7c:
                    13:d8:8d:1d:e2:35:02:00:c8:bc:89:a1:33:0b:19:
                    86:f8:aa:b6:f8:4f:f3:ec:00:6f:81:53:63:b7:9e:
                    32:2e:66:b7:13:52:2e:28:ad:52:b5:93:6f:2c:c1:
                    02:1c:f1:fe:60:35:01:cf:e9:d5:7d:03:1d:fc:50:
                    91:e6:6f:70:69:3d:46:f8:7c:af:0c:7a:52:c5:9f:
                    65:df:62:f6:d8:c7:42:fd:91:72:af:bd:47:29:f3:
                    a4:3b:f8:55:1a:28:16:37:01:9f:6b:41:20:e7:1c:
                    7f:1b:39:3e:c4:66:44:f3:e8:31:10:f9:5a:da:8d:
                    2c:98:fa:f7:68:47:31:b3:2c:3b:a4:67:1c:e6:32:
                    83:ae:2c:74:48:d2:64:2c:fa:b9:cb:7e:29:cd:30:
                    24:00:87:ce:a1:a5:df:12:2e:f2:ce:56:f2:3f:29:
                    7b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:23:1C:FB:37:99:48:BB:BB:D8:D3:1F:D9:80:48:EC:3F:64:B7:98
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/cSMc-zeZSLu72NMf2YBI7D9kt5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:bf:66:4f:ab:91:32:08:65:ea:c9:55:41:70:32:42:9a:69:
         3f:a9:14:8e:e7:c5:d7:68:fa:b0:3e:f4:6b:99:bb:2f:fc:ac:
         02:0c:5a:93:fc:bd:44:d6:78:76:3c:81:dd:86:11:95:33:85:
         5a:33:c6:12:e5:59:a3:64:c6:39:9b:2f:b2:23:0d:45:0c:c8:
         3b:ea:a9:be:b4:75:41:2d:be:a7:8a:44:d2:31:e2:e8:c0:3d:
         d3:27:dc:de:78:fe:76:f1:25:2e:21:97:2a:e5:b2:5b:50:ff:
         f3:1b:2f:e8:50:99:13:88:1f:93:cd:01:23:9d:9b:db:37:6c:
         10:1d:04:58:10:d1:70:90:b7:95:a5:66:b6:44:78:b6:4a:e2:
         93:d3:69:6a:b8:29:ee:f3:92:97:69:66:8b:54:c6:24:94:fd:
         5a:9a:88:e2:de:b5:b0:1e:66:81:37:0d:54:2e:f5:dc:ae:f0:
         c9:80:3c:3c:8c:f7:c9:0a:f3:b3:28:91:ea:ae:c1:a1:92:dd:
         98:20:20:64:7a:ef:9e:61:4b:94:17:d6:20:38:7f:64:76:1a:
         2b:2c:41:87:37:61:c0:f0:9c:2f:0e:b4:8b:81:de:0e:2a:8f:
         10:4b:fd:3b:5f:d4:a9:22:06:4d:d5:4f:6c:29:fd:7e:68:97:
         e7:fe:6f:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEelIW3usKd6d2d9cokrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTIzMWNmYjM3OTk0OGJiYmJkOGQzMWZkOTgwNDhlYzNmNjRiNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0S7UG31+7/G3VoLXSu4ERDs6R46
WD3bRUdcXJhu5zC0gQq9PeVq/TzMrvrLjruRS+FS8WqHzyv+jPYHodMp/R3T0yI8
Harhe6jxyLMYDYCLyfotRmINnnwT2I0d4jUCAMi8iaEzCxmG+Kq2+E/z7ABvgVNj
t54yLma3E1IuKK1StZNvLMECHPH+YDUBz+nVfQMd/FCR5m9waT1G+HyvDHpSxZ9l
32L22MdC/ZFyr71HKfOkO/hVGigWNwGfa0Eg5xx/Gzk+xGZE8+gxEPla2o0smPr3
aEcxsyw7pGcc5jKDrix0SNJkLPq5y34pzTAkAIfOoaXfEi7yzlbyPyl7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEjHPs3mUi7u9jTH9mASOw/ZLeYMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvY1NNYy16ZVpTTHU3Mk5NZjJZQkk3RDlrdDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ9IMA0G
CSqGSIb3DQEBCwUAA4IBAQCCv2ZPq5EyCGXqyVVBcDJCmmk/qRSO58XXaPqwPvRr
mbsv/KwCDFqT/L1E1nh2PIHdhhGVM4VaM8YS5VmjZMY5my+yIw1FDMg76qm+tHVB
Lb6nikTSMeLowD3TJ9zeeP528SUuIZcq5bJbUP/zGy/oUJkTiB+TzQEjnZvbN2wQ
HQRYENFwkLeVpWa2RHi2SuKT02lquCnu85KXaWaLVMYklP1amoji3rWwHmaBNw1U
LvXcrvDJgDw8jPfJCvOzKJHqrsGhkt2YICBkeu+eYUuUF9YgOH9kdhorLEGHN2HA
8JwvDrSLgd4OKo8QS/07X9SpIgZN1U9sKf1+aJfn/m/D
-----END CERTIFICATE-----