Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/KAjIjPLl1mEkUkLPshebZAkITBY.roa
File:                     KAjIjPLl1mEkUkLPshebZAkITBY.roa (raw, json)
Hash identifier:          /Gqf2qhz7oNuwIiuJ9u+BuZiRkLS1wLNMfRkwey2n3s=
Subject key identifier:   28:08:C8:8C:F2:E5:D6:61:24:52:42:CF:B2:17:9B:64:09:08:4C:16
Certificate issuer:       /CN=9e42ca46688a837b575234ce6a1a326587d6c204
Certificate serial:       018CC4937F8807D8C35B9796B7CC47F349F1
Authority key identifier: 9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/KAjIjPLl1mEkUkLPshebZAkITBY.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207790
IP address blocks:        45.13.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7f:88:07:d8:c3:5b:97:96:b7:cc:47:f3:49:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2808c88cf2e5d661245242cfb2179b6409084c16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:29:86:46:fe:2c:2e:fa:5d:9c:80:fc:0d:01:
                    ca:19:c9:e9:7f:a9:75:88:6d:ea:d8:15:a2:93:78:
                    f4:6d:04:00:8f:7a:52:6f:a9:f2:ff:e4:ea:61:6c:
                    77:87:ef:bf:fd:ed:e1:03:b1:2a:94:8a:68:d5:3f:
                    58:06:72:ef:11:4f:15:cb:03:78:f4:23:3a:6c:7a:
                    ee:7d:33:48:c5:b4:47:66:2a:4c:a4:4f:07:ba:b9:
                    ea:0e:6d:01:d6:7c:b3:66:88:4f:36:45:76:9c:dd:
                    b1:8f:76:3f:0b:6b:2b:1c:42:cc:b2:c9:25:84:91:
                    04:cd:89:bb:4b:7e:3d:b7:d5:33:78:8f:2a:36:67:
                    ef:d3:c1:ae:ae:41:38:e4:0c:c2:f8:0d:c6:dd:41:
                    09:e1:b8:29:57:01:1d:8c:54:18:1f:13:5f:14:b6:
                    e4:9e:b9:65:0f:a6:cb:20:94:2c:a2:6f:80:18:fd:
                    a3:38:d5:62:3a:7e:20:fa:bc:f1:32:19:92:8a:b3:
                    5b:66:8c:77:33:14:19:ee:42:e1:98:7f:e7:88:b4:
                    34:8b:49:62:f0:89:18:50:5a:88:fc:b8:80:ef:dd:
                    43:e7:9c:d2:cc:27:42:f4:ec:1f:85:bf:e3:14:5c:
                    bf:51:cb:5e:8c:a0:c7:aa:c7:f4:a7:d5:a3:9f:d5:
                    fa:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:08:C8:8C:F2:E5:D6:61:24:52:42:CF:B2:17:9B:64:09:08:4C:16
            X509v3 Authority Key Identifier:
                keyid:9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/KAjIjPLl1mEkUkLPshebZAkITBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:db:40:8a:6b:fe:37:03:60:d5:c2:e3:02:bf:59:4b:97:e8:
         66:df:72:ea:ad:76:4f:dc:b5:9e:74:45:26:f1:b3:b8:f7:04:
         e0:10:97:c1:94:cc:6e:0f:19:11:18:13:23:c8:63:e3:e8:d6:
         b5:e0:1e:00:a1:a9:88:8e:40:3f:bc:21:0a:00:6a:0b:13:27:
         d1:e9:27:14:9f:a9:9e:4d:79:5e:34:2b:44:84:ee:a8:cd:04:
         0b:03:7f:97:8b:e5:be:f2:92:35:00:40:41:43:9e:6f:f0:50:
         03:ec:ce:05:3b:be:3c:a7:b4:22:c1:75:3f:f2:82:2c:1b:97:
         5e:2b:68:c2:d9:48:b1:1f:85:e7:2e:b7:9a:55:73:dd:ab:c1:
         a9:d8:43:25:59:26:b4:c2:df:86:a4:f0:07:35:f3:39:fe:08:
         e2:92:26:b7:77:ae:8c:81:3a:69:bd:b1:a3:5e:67:b8:6d:f3:
         bb:67:a5:0c:33:62:0c:10:2f:e4:cf:05:41:b3:f2:de:a1:55:
         15:f4:b7:f6:c9:49:45:72:93:c8:8f:b3:27:4a:c9:31:de:ed:
         e8:72:e8:ae:49:6b:4d:66:01:46:c9:2e:2c:d7:93:83:44:40:
         63:6b:f8:fb:5d:b0:31:f5:f6:68:7d:1c:c6:b3:f7:34:25:5c:
         95:21:e6:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3+IB9jDW5eWt8xH80nxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDJjYTQ2Njg4YTgzN2I1NzUyMzRjZTZhMWEzMjY1ODdk
NmMyMDQwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODA4Yzg4Y2YyZTVkNjYxMjQ1MjQyY2ZiMjE3OWI2NDA5MDg0YzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSmGRv4sLvpdnID8DQHKGcnpf6l1
iG3q2BWik3j0bQQAj3pSb6ny/+TqYWx3h++//e3hA7EqlIpo1T9YBnLvEU8VywN4
9CM6bHrufTNIxbRHZipMpE8HurnqDm0B1nyzZohPNkV2nN2xj3Y/C2srHELMsskl
hJEEzYm7S349t9UzeI8qNmfv08GurkE45AzC+A3G3UEJ4bgpVwEdjFQYHxNfFLbk
nrllD6bLIJQsom+AGP2jONViOn4g+rzxMhmSirNbZox3MxQZ7kLhmH/niLQ0i0li
8IkYUFqI/LiA791D55zSzCdC9Owfhb/jFFy/UctejKDHqsf0p9Wjn9X6QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgIyIzy5dZhJFJCz7IXm2QJCEwWMB8GA1UdIwQY
MBaAFJ5CykZoioN7V1I0zmoaMmWH1sIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTIt
MzI5YmEzODhiN2NmLzEvS0FqSWpQTGwxbUVrVWtMUHNoZWJaQWtJVEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTItMzI5YmEzODhiN2Nm
LzEvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ0MMA0G
CSqGSIb3DQEBCwUAA4IBAQAq20CKa/43A2DVwuMCv1lLl+hm33LqrXZP3LWedEUm
8bO49wTgEJfBlMxuDxkRGBMjyGPj6Na14B4AoamIjkA/vCEKAGoLEyfR6ScUn6me
TXleNCtEhO6ozQQLA3+Xi+W+8pI1AEBBQ55v8FAD7M4FO748p7QiwXU/8oIsG5de
K2jC2UixH4XnLreaVXPdq8Gp2EMlWSa0wt+GpPAHNfM5/gjikia3d66MgTppvbGj
Xme4bfO7Z6UMM2IMEC/kzwVBs/LeoVUV9Lf2yUlFcpPIj7MnSskx3u3ocuiuSWtN
ZgFGyS4s15ODREBja/j7XbAx9fZofRzGs/c0JVyVIeaS
-----END CERTIFICATE-----