Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jrLfLf0nnGDjlSTPzRiCdWx8U1c.roa
File:                     jrLfLf0nnGDjlSTPzRiCdWx8U1c.roa (raw, json)
Hash identifier:          XTNYcwsN8k9gQNaVWPPiGMXZFCQCakVa1rVCLGAq2ak=
Subject key identifier:   8E:B2:DF:2D:FD:27:9C:60:E3:95:24:CF:CD:18:82:75:6C:7C:53:57
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC5004EB1E880AFBECB934B94212E818D
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jrLfLf0nnGDjlSTPzRiCdWx8U1c.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216086
IP address blocks:        45.133.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4e:b1:e8:80:af:be:cb:93:4b:94:21:2e:81:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eb2df2dfd279c60e39524cfcd1882756c7c5357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:61:1e:36:7d:e9:8f:25:92:24:66:c7:c6:30:
                    ad:8a:61:4d:7f:02:fc:4d:16:4d:3d:b0:ff:01:8b:
                    35:fd:ef:ab:ef:71:c0:2e:5d:0f:c4:01:8a:e9:0c:
                    22:ac:1c:2b:f8:ac:74:3a:fd:17:a7:57:84:c6:b4:
                    19:dd:95:a8:4a:09:6c:78:b8:7d:ff:cc:23:6a:34:
                    29:4c:b6:20:db:39:b9:fa:7c:78:bb:a9:dd:03:c0:
                    e4:dd:d9:23:9d:ad:8d:ca:a5:2a:31:40:15:3a:82:
                    ac:68:c4:bf:ad:06:4f:32:99:d9:a7:3b:30:39:34:
                    05:c5:c2:53:e5:a6:7c:4d:5c:26:9b:62:0c:86:0a:
                    33:cb:f8:3f:2f:32:b7:1c:0f:e9:91:87:cd:32:cf:
                    54:29:45:81:88:2e:f8:c1:b2:a0:11:f4:a6:cb:24:
                    e2:b1:2f:1f:1e:13:88:1c:ac:8b:45:06:3f:d3:f0:
                    3d:6c:c8:e7:8e:8e:30:3d:be:73:0b:94:59:9f:57:
                    a7:09:a3:6a:6c:e7:2d:99:e3:09:c6:0e:85:72:82:
                    99:76:0c:ab:e1:cb:4d:be:81:26:e6:ec:01:61:41:
                    3e:6f:85:92:d2:2b:5e:19:8e:45:3a:91:d2:26:58:
                    01:ce:ec:6c:74:f2:5e:5b:fc:8e:39:62:73:de:63:
                    7a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B2:DF:2D:FD:27:9C:60:E3:95:24:CF:CD:18:82:75:6C:7C:53:57
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jrLfLf0nnGDjlSTPzRiCdWx8U1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b2:6e:e6:2a:1a:e8:6d:2f:d9:c3:8f:70:02:47:f4:eb:c2:
         68:36:1a:f5:29:5c:12:b7:17:a4:89:67:70:03:9b:59:84:a8:
         99:f8:b6:54:62:49:dd:9d:69:e7:46:28:b0:89:c1:67:7d:45:
         77:2f:b6:17:12:97:80:8d:7f:48:ac:8d:35:38:a6:c5:2a:d7:
         b2:ab:91:58:5f:f8:a3:57:e9:82:57:76:ee:33:45:20:10:24:
         19:f5:9e:53:6b:1f:b8:86:72:54:ea:7d:ad:63:0b:80:54:2a:
         14:4a:51:45:b4:e4:bf:4e:53:2c:84:09:47:98:22:5c:09:2d:
         0e:f7:13:61:3b:e3:2a:85:78:90:a4:81:a7:3e:a0:7e:82:e2:
         a9:82:72:8b:e0:4a:26:52:db:b7:fc:62:52:86:34:f1:51:ce:
         87:ce:e3:7c:8f:9e:08:f6:f8:e6:21:64:8c:be:96:a6:90:8a:
         6f:fe:cb:8f:f7:e9:73:de:e7:2b:bf:c0:33:9f:5b:21:7e:03:
         c2:83:49:e0:f6:ac:5c:f4:73:a1:39:e8:04:16:d3:f0:86:05:
         24:72:fc:3d:4b:27:ac:0b:c8:32:10:af:74:d7:d5:a8:82:50:
         a7:80:e0:f3:24:03:b0:2f:12:e4:1a:de:75:42:55:32:00:25:
         dd:0a:23:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAE6x6ICvvsuTS5QhLoGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWIyZGYyZGZkMjc5YzYwZTM5NTI0Y2ZjZDE4ODI3NTZjN2M1MzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimEeNn3pjyWSJGbHxjCtimFNfwL8
TRZNPbD/AYs1/e+r73HALl0PxAGK6QwirBwr+Kx0Ov0Xp1eExrQZ3ZWoSglseLh9
/8wjajQpTLYg2zm5+nx4u6ndA8Dk3dkjna2NyqUqMUAVOoKsaMS/rQZPMpnZpzsw
OTQFxcJT5aZ8TVwmm2IMhgozy/g/LzK3HA/pkYfNMs9UKUWBiC74wbKgEfSmyyTi
sS8fHhOIHKyLRQY/0/A9bMjnjo4wPb5zC5RZn1enCaNqbOctmeMJxg6FcoKZdgyr
4ctNvoEm5uwBYUE+b4WS0iteGY5FOpHSJlgBzuxsdPJeW/yOOWJz3mN6FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6y3y39J5xg45Ukz80YgnVsfFNXMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvanJMZkxmMG5uR0RqbFNUUHpSaUNkV3g4VTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYVrMA0G
CSqGSIb3DQEBCwUAA4IBAQAQsm7mKhrobS/Zw49wAkf068JoNhr1KVwStxekiWdw
A5tZhKiZ+LZUYkndnWnnRiiwicFnfUV3L7YXEpeAjX9IrI01OKbFKteyq5FYX/ij
V+mCV3buM0UgECQZ9Z5Tax+4hnJU6n2tYwuAVCoUSlFFtOS/TlMshAlHmCJcCS0O
9xNhO+MqhXiQpIGnPqB+guKpgnKL4EomUtu3/GJShjTxUc6HzuN8j54I9vjmIWSM
vpamkIpv/suP9+lz3ucrv8Azn1shfgPCg0ng9qxc9HOhOegEFtPwhgUkcvw9Syes
C8gyEK9019WoglCngODzJAOwLxLkGt51QlUyACXdCiPM
-----END CERTIFICATE-----