Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/48fo0HUWRAgKiMViKhGdJX7f9C0.roa
File:                     48fo0HUWRAgKiMViKhGdJX7f9C0.roa (raw, json)
Hash identifier:          axjZHGYzerdENb8dUw1Ux23z9tanexEhXjhuS10OMuA=
Subject key identifier:   E3:C7:E8:D0:75:16:44:08:0A:88:C5:62:2A:11:9D:25:7E:DF:F4:2D
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018CC3B6C9F703D374E9ECD71572027FDC7D
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/48fo0HUWRAgKiMViKhGdJX7f9C0.roa
Signing time:             Mon 01 Jan 2024 06:29:45 +0000
ROA not before:           Mon 01 Jan 2024 06:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205007
IP address blocks:        193.57.139.0/24 maxlen: 24
                          45.89.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c9:f7:03:d3:74:e9:ec:d7:15:72:02:7f:dc:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 06:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3c7e8d0751644080a88c5622a119d257edff42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dc:f1:bb:13:6f:98:49:7e:a8:51:2e:cb:0b:
                    3d:77:0d:c9:f4:2b:6c:28:33:4f:84:43:4c:8e:37:
                    6d:cc:0c:e3:58:8a:bc:6b:b8:8e:0e:a5:26:e9:5a:
                    56:8c:a6:d2:fe:c7:1e:aa:c1:2f:44:60:11:62:6f:
                    8d:af:10:63:eb:ac:36:47:24:c8:2f:34:2b:f4:90:
                    93:c7:7a:08:c9:b9:d4:95:4c:1a:09:15:30:5f:12:
                    a9:f5:70:21:ea:29:0c:ea:7d:d6:aa:73:f1:0f:73:
                    bc:a4:0c:0d:a0:68:2e:46:e0:41:36:0e:9f:51:ad:
                    c1:5b:98:da:3c:ae:d0:08:ba:3e:6e:1f:90:0d:a4:
                    17:cf:ab:3e:d0:92:ed:43:b5:f8:9d:c5:69:95:3e:
                    a2:70:90:af:d8:b0:73:61:71:6e:43:8b:70:d7:cf:
                    11:43:dd:10:21:ff:95:42:87:4f:79:19:07:13:cf:
                    62:b3:af:17:bd:63:fe:90:76:2d:79:3b:8a:b3:9b:
                    c0:bf:50:0c:c1:e9:e0:40:08:41:56:d4:f4:98:80:
                    a4:a6:f1:59:9a:4e:03:f5:72:55:5a:8f:b1:b4:cb:
                    7a:0f:82:c4:34:23:b8:0d:8a:54:17:48:8a:98:77:
                    a3:72:7c:01:dd:87:3c:9e:fc:b4:bd:e0:e2:f3:4e:
                    6b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C7:E8:D0:75:16:44:08:0A:88:C5:62:2A:11:9D:25:7E:DF:F4:2D
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/48fo0HUWRAgKiMViKhGdJX7f9C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.55.0/24
                  193.57.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:be:26:ac:17:0b:02:51:80:5d:a8:1a:d2:57:5a:4f:6a:80:
         07:7e:75:3c:01:e5:7f:b0:27:eb:a6:91:8b:36:1a:ec:00:94:
         44:7f:ad:48:b3:86:df:4c:bc:31:48:ff:cc:e9:98:1f:c7:40:
         b6:21:28:70:b6:81:53:9d:50:07:c4:55:e1:81:ee:da:18:db:
         74:54:1d:cb:d2:3e:03:11:89:0b:21:ca:7c:c3:03:64:fc:b3:
         75:c7:e6:cb:4a:de:0c:52:6b:19:32:4a:a0:be:ca:d3:23:e6:
         dd:f8:0e:7d:8f:9a:32:b3:07:b4:c8:3b:2c:80:b6:92:99:c2:
         9d:5b:b8:c1:0a:68:dc:08:bf:d2:b2:1c:ec:85:4f:a7:a8:b3:
         61:3d:7d:55:7e:50:f0:dc:32:2b:fb:8d:7d:91:9f:0b:8b:cb:
         55:b4:cd:f5:2b:ea:4d:f2:4b:ca:c4:9e:79:69:1f:33:62:e2:
         dc:3a:6f:45:1f:d5:97:a9:61:95:b4:ad:d0:fe:dc:be:71:76:
         d0:18:74:e7:0a:64:d3:f0:7e:6a:9b:b5:e0:a9:ed:aa:63:36:
         ff:8d:26:b1:f7:be:af:90:a4:bb:b1:70:e3:df:f0:58:2e:9d:
         62:d6:63:21:0d:de:3d:9d:fb:a4:00:75:d2:7c:bc:f0:5f:67:
         0e:ba:73:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtsn3A9N06ezXFXICf9x9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTAxMDYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M3ZThkMDc1MTY0NDA4MGE4OGM1NjIyYTExOWQyNTdlZGZmNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNzxuxNvmEl+qFEuyws9dw3J9Cts
KDNPhENMjjdtzAzjWIq8a7iODqUm6VpWjKbS/sceqsEvRGARYm+NrxBj66w2RyTI
LzQr9JCTx3oIybnUlUwaCRUwXxKp9XAh6ikM6n3WqnPxD3O8pAwNoGguRuBBNg6f
Ua3BW5jaPK7QCLo+bh+QDaQXz6s+0JLtQ7X4ncVplT6icJCv2LBzYXFuQ4tw188R
Q90QIf+VQodPeRkHE89is68XvWP+kHYteTuKs5vAv1AMwengQAhBVtT0mICkpvFZ
mk4D9XJVWo+xtMt6D4LENCO4DYpUF0iKmHejcnwB3Yc8nvy0veDi805rJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOPH6NB1FkQICojFYioRnSV+3/QtMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvNDhmbzBIVVdSQWdLaU1WaUtoR2RKWDdmOUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVk3AwQA
wTmLMA0GCSqGSIb3DQEBCwUAA4IBAQDeviasFwsCUYBdqBrSV1pPaoAHfnU8AeV/
sCfrppGLNhrsAJREf61Is4bfTLwxSP/M6Zgfx0C2IShwtoFTnVAHxFXhge7aGNt0
VB3L0j4DEYkLIcp8wwNk/LN1x+bLSt4MUmsZMkqgvsrTI+bd+A59j5oyswe0yDss
gLaSmcKdW7jBCmjcCL/SshzshU+nqLNhPX1VflDw3DIr+419kZ8Li8tVtM31K+pN
8kvKxJ55aR8zYuLcOm9FH9WXqWGVtK3Q/ty+cXbQGHTnCmTT8H5qm7Xgqe2qYzb/
jSax976vkKS7sXDj3/BYLp1i1mMhDd49nfukAHXSfLzwX2cOunNM
-----END CERTIFICATE-----