Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/LQa8IoHW0dU6Q14-RNUQVEkB_28.roa
File:                     LQa8IoHW0dU6Q14-RNUQVEkB_28.roa (raw, json)
Hash identifier:          +frmke3f8r+aTY035plKDH8i+yr95ckPiaCtf3qIMBk=
Subject key identifier:   2D:06:BC:22:81:D6:D1:D5:3A:43:5E:3E:44:D5:10:54:49:01:FF:6F
Certificate issuer:       /CN=9e42ca46688a837b575234ce6a1a326587d6c204
Certificate serial:       018CC4937F1F38460F4B17F56CD25C1CA563
Authority key identifier: 9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/LQa8IoHW0dU6Q14-RNUQVEkB_28.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        45.13.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7f:1f:38:46:0f:4b:17:f5:6c:d2:5c:1c:a5:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d06bc2281d6d1d53a435e3e44d510544901ff6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ae:95:48:59:ef:90:f0:94:fa:17:45:1f:81:
                    e6:fb:74:8b:88:14:22:f5:6e:61:7c:5e:e8:13:c4:
                    8f:8e:40:90:d2:18:17:3a:65:a3:9c:cc:0f:c1:6a:
                    70:15:d5:ca:7a:d7:74:7b:cd:7a:08:61:32:17:6d:
                    f8:cc:45:81:2c:e4:9c:81:97:9e:d1:78:ec:e0:3b:
                    8d:56:7c:2d:22:fc:97:16:2b:ec:64:bc:2a:d2:a2:
                    66:de:55:a0:27:5c:94:ab:eb:33:13:cf:3c:d7:8a:
                    79:01:96:5d:cf:a2:d0:c3:ec:86:d8:a2:3b:43:60:
                    01:cb:3b:ba:fd:db:ad:95:92:df:91:a6:d3:75:84:
                    b2:51:d7:12:90:46:5c:81:44:b2:12:ee:33:d4:30:
                    9c:f5:02:b7:8d:4a:0e:19:10:5e:34:47:b9:f1:65:
                    70:39:f0:ca:d4:88:43:f4:6b:de:a8:12:eb:a7:ae:
                    8c:f6:cb:d5:bf:ce:9e:a6:c4:94:e1:2c:f3:93:7d:
                    6c:31:a4:79:52:cb:8c:03:29:1a:5e:fd:a6:92:dc:
                    04:89:a7:23:aa:ff:79:75:87:27:b3:4c:84:ff:78:
                    43:66:22:3a:b1:ce:bd:ca:43:41:82:3a:03:a1:01:
                    aa:06:a6:e4:89:ac:a3:41:03:f7:59:8a:04:06:3d:
                    ec:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:06:BC:22:81:D6:D1:D5:3A:43:5E:3E:44:D5:10:54:49:01:FF:6F
            X509v3 Authority Key Identifier:
                keyid:9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/LQa8IoHW0dU6Q14-RNUQVEkB_28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:5f:4b:76:58:d1:03:46:1d:31:28:46:a3:b2:17:52:7c:04:
         78:8b:fd:2e:20:8f:9c:59:32:61:12:bb:48:04:25:46:53:44:
         27:c4:19:0e:7d:eb:54:74:dd:4f:ca:4d:50:c5:b4:04:9a:29:
         6a:b9:72:84:07:a0:b5:37:a2:61:01:a9:e6:f2:84:02:a0:fc:
         31:56:cd:ba:e0:b4:9a:f0:21:cf:e1:4a:7b:b7:6b:a2:b2:68:
         c1:70:ef:de:d0:6d:eb:1f:4c:11:7f:f4:b2:14:96:db:c8:04:
         a9:dc:83:c5:94:75:fa:95:7b:3a:32:8a:e6:94:6b:de:e3:54:
         dc:3b:3b:ee:8b:dc:12:3e:c5:7d:d4:79:1e:8b:fb:ad:36:f5:
         1d:86:df:e9:8e:57:18:67:02:58:04:f7:28:76:a7:3b:35:1e:
         28:06:e7:08:8a:82:95:17:2f:58:7f:20:a0:ab:98:4f:87:45:
         e2:b2:06:22:27:5e:b2:a4:06:89:c0:cf:75:69:6b:20:e2:23:
         70:a4:68:5a:9b:5a:26:13:5e:b5:25:0f:08:7c:c6:a9:b0:26:
         36:66:cb:12:98:88:36:bd:c3:5c:ec:9a:57:33:08:7a:e1:ec:
         bd:b4:2e:c3:89:6c:5d:16:3a:31:6f:0b:69:50:a8:db:c9:15:
         26:f8:40:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk38fOEYPSxf1bNJcHKVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDJjYTQ2Njg4YTgzN2I1NzUyMzRjZTZhMWEzMjY1ODdk
NmMyMDQwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDA2YmMyMjgxZDZkMWQ1M2E0MzVlM2U0NGQ1MTA1NDQ5MDFmZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK6VSFnvkPCU+hdFH4Hm+3SLiBQi
9W5hfF7oE8SPjkCQ0hgXOmWjnMwPwWpwFdXKetd0e816CGEyF234zEWBLOScgZee
0Xjs4DuNVnwtIvyXFivsZLwq0qJm3lWgJ1yUq+szE88814p5AZZdz6LQw+yG2KI7
Q2AByzu6/dutlZLfkabTdYSyUdcSkEZcgUSyEu4z1DCc9QK3jUoOGRBeNEe58WVw
OfDK1IhD9GveqBLrp66M9svVv86epsSU4Szzk31sMaR5UsuMAykaXv2mktwEiacj
qv95dYcns0yE/3hDZiI6sc69ykNBgjoDoQGqBqbkiayjQQP3WYoEBj3srQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0GvCKB1tHVOkNePkTVEFRJAf9vMB8GA1UdIwQY
MBaAFJ5CykZoioN7V1I0zmoaMmWH1sIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTIt
MzI5YmEzODhiN2NmLzEvTFFhOElvSFcwZFU2UTE0LVJOVVFWRWtCXzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTItMzI5YmEzODhiN2Nm
LzEvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ0PMA0G
CSqGSIb3DQEBCwUAA4IBAQATX0t2WNEDRh0xKEajshdSfAR4i/0uII+cWTJhErtI
BCVGU0QnxBkOfetUdN1Pyk1QxbQEmilquXKEB6C1N6JhAanm8oQCoPwxVs264LSa
8CHP4Up7t2uismjBcO/e0G3rH0wRf/SyFJbbyASp3IPFlHX6lXs6MormlGve41Tc
Ozvui9wSPsV91Hkei/utNvUdht/pjlcYZwJYBPcodqc7NR4oBucIioKVFy9YfyCg
q5hPh0XisgYiJ16ypAaJwM91aWsg4iNwpGham1omE161JQ8IfMapsCY2ZssSmIg2
vcNc7JpXMwh64ey9tC7DiWxdFjoxbwtpUKjbyRUm+EDi
-----END CERTIFICATE-----