Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/14b58d-a1a3-46c1-ac62-8eefb952d8c1/1/06jlEgvibq0ceO-SPk5S_lFtcZE.roa
File:                     06jlEgvibq0ceO-SPk5S_lFtcZE.roa (raw, json)
Hash identifier:          wlcN61uyWTJoXEmuKMOlpsL1kcg7OaCl1sj7jrHVkvg=
Subject key identifier:   D3:A8:E5:12:0B:E2:6E:AD:1C:78:EF:92:3E:4E:52:FE:51:6D:71:91
Certificate issuer:       /CN=96124f25246a5409fbee11b5372dd8be24c6e9eb
Certificate serial:       019015FB13960BFACC6EA8D3DDD6A658C9BB
Authority key identifier: 96:12:4F:25:24:6A:54:09:FB:EE:11:B5:37:2D:D8:BE:24:C6:E9:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhJPJSRqVAn77hG1Ny3YviTG6es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/14b58d-a1a3-46c1-ac62-8eefb952d8c1/1/06jlEgvibq0ceO-SPk5S_lFtcZE.roa
Signing time:             Fri 14 Jun 2024 09:01:34 +0000
ROA not before:           Fri 14 Jun 2024 09:01:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209326
IP address blocks:        45.150.228.0/24 maxlen: 24
                          45.150.229.0/24 maxlen: 24
                          45.150.230.0/24 maxlen: 24
                          45.150.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/14b58d-a1a3-46c1-ac62-8eefb952d8c1/1/lhJPJSRqVAn77hG1Ny3YviTG6es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/14b58d-a1a3-46c1-ac62-8eefb952d8c1/1/lhJPJSRqVAn77hG1Ny3YviTG6es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhJPJSRqVAn77hG1Ny3YviTG6es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:fb:13:96:0b:fa:cc:6e:a8:d3:dd:d6:a6:58:c9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96124f25246a5409fbee11b5372dd8be24c6e9eb
        Validity
            Not Before: Jun 14 09:01:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3a8e5120be26ead1c78ef923e4e52fe516d7191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b2:cb:63:58:37:bc:35:7b:1c:f4:29:35:5c:
                    dc:d7:50:26:77:eb:6a:db:6b:99:75:87:83:bd:f4:
                    f4:93:b7:16:da:6d:ec:7e:36:5d:8c:15:c9:18:a1:
                    2c:64:6d:58:4a:80:1a:3d:02:dc:33:e6:ff:33:07:
                    1c:38:e4:f3:f9:c9:c9:3e:d6:7c:3b:af:a2:b3:d1:
                    be:8d:18:26:de:0d:9f:c3:fc:53:d6:05:0b:cd:cb:
                    76:d4:b2:c4:60:6e:27:eb:aa:66:7e:e6:c7:6c:d1:
                    23:70:d5:55:5f:39:3a:d2:62:41:88:f8:af:d9:c8:
                    6e:80:5c:9b:09:1f:40:a9:43:67:6a:05:4c:dd:b0:
                    96:47:2a:69:c7:cc:2e:2d:e6:d6:8a:28:da:16:2b:
                    4e:ba:1c:53:91:9a:f9:bf:74:4b:91:b7:13:c2:9d:
                    ef:0d:22:93:96:b1:20:77:0e:96:6d:b6:90:d5:92:
                    c2:ad:32:58:19:4a:1c:f1:d2:99:1c:14:ee:7c:c5:
                    b4:64:a5:04:90:30:9b:37:d3:71:8b:d3:02:50:ec:
                    06:26:51:8a:3e:8c:16:07:ec:1a:67:90:cb:f6:f0:
                    b8:18:d3:f4:41:c6:b3:37:b8:a0:0c:32:2d:fb:17:
                    b2:d1:59:e5:47:a8:18:b0:3e:d6:23:c8:c0:3d:00:
                    96:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A8:E5:12:0B:E2:6E:AD:1C:78:EF:92:3E:4E:52:FE:51:6D:71:91
            X509v3 Authority Key Identifier:
                keyid:96:12:4F:25:24:6A:54:09:FB:EE:11:B5:37:2D:D8:BE:24:C6:E9:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhJPJSRqVAn77hG1Ny3YviTG6es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/14b58d-a1a3-46c1-ac62-8eefb952d8c1/1/06jlEgvibq0ceO-SPk5S_lFtcZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/14b58d-a1a3-46c1-ac62-8eefb952d8c1/1/lhJPJSRqVAn77hG1Ny3YviTG6es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:23:67:29:70:25:3d:3a:bc:28:12:6d:0e:da:8e:02:d2:79:
         de:f1:07:8c:3a:d3:2e:12:28:7e:6f:ce:47:cf:19:1a:85:23:
         93:7b:b3:fd:20:30:96:c8:f2:91:19:e9:da:df:cc:92:b0:1b:
         58:24:d7:47:9b:f1:a7:6b:41:ea:85:4e:6f:64:6e:44:5a:7b:
         96:ec:3a:d0:17:42:3b:90:3a:d8:fd:ec:3a:bd:12:ac:96:1c:
         1c:bc:15:5d:18:9e:84:bf:80:31:a6:26:2e:27:e2:c3:72:ea:
         30:c4:5d:04:e7:77:fb:69:93:81:8a:35:a4:2e:8c:9a:6d:ec:
         ed:ae:98:f4:0f:b3:d3:ff:60:42:a7:93:78:03:05:00:64:2d:
         ab:84:2f:bb:5c:9e:85:2a:68:fc:6e:bc:a0:8a:e1:3d:a8:ca:
         8b:ac:53:e3:82:42:fe:3e:fe:c2:b5:81:79:8b:52:cc:c7:40:
         c3:33:80:2d:f6:6a:7d:af:d8:68:83:cb:02:95:fe:df:ac:f0:
         62:5c:51:bd:7a:6c:d4:ad:b3:38:6e:e7:a6:7c:8f:5e:3b:e5:
         8d:21:ec:33:17:f0:a5:ac:43:af:21:16:80:0d:5b:82:d5:af:
         22:87:aa:aa:9b:9d:83:92:80:27:e1:ab:02:87:e6:1a:6f:12:
         8a:3e:64:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAV+xOWC/rMbqjT3damWMm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MTI0ZjI1MjQ2YTU0MDlmYmVlMTFiNTM3MmRkOGJlMjRj
NmU5ZWIwHhcNMjQwNjE0MDkwMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2E4ZTUxMjBiZTI2ZWFkMWM3OGVmOTIzZTRlNTJmZTUxNmQ3MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7LLY1g3vDV7HPQpNVzc11Amd+tq
22uZdYeDvfT0k7cW2m3sfjZdjBXJGKEsZG1YSoAaPQLcM+b/MwccOOTz+cnJPtZ8
O6+is9G+jRgm3g2fw/xT1gULzct21LLEYG4n66pmfubHbNEjcNVVXzk60mJBiPiv
2chugFybCR9AqUNnagVM3bCWRyppx8wuLebWiijaFitOuhxTkZr5v3RLkbcTwp3v
DSKTlrEgdw6WbbaQ1ZLCrTJYGUoc8dKZHBTufMW0ZKUEkDCbN9Nxi9MCUOwGJlGK
PowWB+waZ5DL9vC4GNP0QcazN7igDDIt+xey0VnlR6gYsD7WI8jAPQCWuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOo5RIL4m6tHHjvkj5OUv5RbXGRMB8GA1UdIwQY
MBaAFJYSTyUkalQJ++4RtTct2L4kxunrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGhKUEpTUnFWQW43N2hHMU55M1l2aVRHNmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8xNGI1OGQtYTFhMy00NmMxLWFjNjIt
OGVlZmI5NTJkOGMxLzEvMDZqbEVndmlicTBjZU8tU1BrNVNfbEZ0Y1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8xNGI1OGQtYTFhMy00NmMxLWFjNjItOGVlZmI5NTJkOGMx
LzEvbGhKUEpTUnFWQW43N2hHMU55M1l2aVRHNmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZbkMA0G
CSqGSIb3DQEBCwUAA4IBAQARI2cpcCU9OrwoEm0O2o4C0nne8QeMOtMuEih+b85H
zxkahSOTe7P9IDCWyPKRGena38ySsBtYJNdHm/Gna0HqhU5vZG5EWnuW7DrQF0I7
kDrY/ew6vRKslhwcvBVdGJ6Ev4AxpiYuJ+LDcuowxF0E53f7aZOBijWkLoyabezt
rpj0D7PT/2BCp5N4AwUAZC2rhC+7XJ6FKmj8brygiuE9qMqLrFPjgkL+Pv7CtYF5
i1LMx0DDM4At9mp9r9hog8sClf7frPBiXFG9emzUrbM4buemfI9eO+WNIewzF/Cl
rEOvIRaADVuC1a8ih6qqm52DkoAn4asCh+YabxKKPmRW
-----END CERTIFICATE-----