Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/PbWCcZycQ_m2TKOg6EIHUkmU-RM.roa
File:                     PbWCcZycQ_m2TKOg6EIHUkmU-RM.roa (raw, json)
Hash identifier:          7jkTdTgSAnetBCvDznjJKQy8oMjveE9/9rKisPDxwqI=
Subject key identifier:   3D:B5:82:71:9C:9C:43:F9:B6:4C:A3:A0:E8:42:07:52:49:94:F9:13
Certificate issuer:       /CN=b4d73a6ad77a8f859b403db2ce715e82d1cf32fe
Certificate serial:       018CC64B6DDB0B08C6BDC65E055E67FED692
Authority key identifier: B4:D7:3A:6A:D7:7A:8F:85:9B:40:3D:B2:CE:71:5E:82:D1:CF:32:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tNc6atd6j4WbQD2yznFegtHPMv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/PbWCcZycQ_m2TKOg6EIHUkmU-RM.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        45.146.136.0/22 maxlen: 24
                          2a0f:3000::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/tNc6atd6j4WbQD2yznFegtHPMv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/tNc6atd6j4WbQD2yznFegtHPMv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tNc6atd6j4WbQD2yznFegtHPMv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6d:db:0b:08:c6:bd:c6:5e:05:5e:67:fe:d6:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4d73a6ad77a8f859b403db2ce715e82d1cf32fe
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db582719c9c43f9b64ca3a0e84207524994f913
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f3:2d:3d:d8:21:b7:08:e1:e2:ed:61:88:f6:
                    4f:3e:86:d8:ee:b6:bd:3e:16:57:85:81:1e:3e:e7:
                    b3:64:fa:e4:67:84:be:0c:09:2c:4f:6b:73:e7:ca:
                    52:bd:f0:73:fc:4f:7a:28:f7:2c:45:aa:70:25:cd:
                    9b:c1:01:f5:8d:ba:92:6c:8d:1a:5f:e5:e6:e6:61:
                    e2:1f:76:e5:ba:b3:e5:f0:30:d0:be:2c:59:1b:5b:
                    ea:ca:29:2b:5c:4c:28:c3:33:69:5a:12:69:ad:ec:
                    b2:5b:e9:e6:50:45:a8:42:f1:17:19:62:8f:21:db:
                    47:86:42:5b:cc:31:cd:09:4e:ba:1b:05:93:cd:57:
                    26:71:e4:7c:73:e0:51:94:b5:d0:e3:11:4b:17:7d:
                    2f:e2:3e:94:c2:e9:2b:ba:b3:09:f3:3e:55:50:a7:
                    fa:cc:2b:d2:f0:b6:4d:5f:84:2f:47:97:3f:cf:37:
                    cb:d0:69:eb:db:3c:3f:79:3f:c4:17:88:a4:18:c7:
                    35:c3:87:5f:03:a9:79:03:5a:dd:7f:e2:6d:90:20:
                    61:ec:b5:1e:28:2d:cf:e9:a4:26:2c:5f:28:0b:c5:
                    c7:b3:8f:aa:a8:08:03:39:84:a1:fe:a5:23:bb:69:
                    d8:e0:79:91:3b:f1:a4:72:fa:1e:23:dc:bf:f2:27:
                    23:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B5:82:71:9C:9C:43:F9:B6:4C:A3:A0:E8:42:07:52:49:94:F9:13
            X509v3 Authority Key Identifier:
                keyid:B4:D7:3A:6A:D7:7A:8F:85:9B:40:3D:B2:CE:71:5E:82:D1:CF:32:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNc6atd6j4WbQD2yznFegtHPMv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/PbWCcZycQ_m2TKOg6EIHUkmU-RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/tNc6atd6j4WbQD2yznFegtHPMv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.136.0/22
                IPv6:
                  2a0f:3000::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:7e:3c:b2:47:40:bf:86:d3:ff:bd:fc:dd:64:a2:9a:82:26:
         a5:bb:cc:f2:d8:23:e1:00:14:9a:f8:0a:c0:ff:05:f2:48:67:
         40:1c:8e:c3:ab:3c:08:e4:17:d5:d0:4e:18:55:6a:5e:82:3b:
         ed:34:d5:b7:74:c9:a4:de:c6:a6:7e:5b:f0:82:fe:14:06:d5:
         49:3a:9d:03:80:51:7f:84:72:8c:51:31:02:9b:e5:67:fa:1c:
         02:34:12:92:ce:d2:60:60:17:02:88:15:5c:5f:88:ff:e0:d3:
         09:4a:52:0f:d8:53:2f:92:2a:b2:cc:96:0d:25:f4:76:26:42:
         91:cf:ad:7f:9d:87:c8:ad:62:ec:62:92:a1:34:be:87:d6:8c:
         33:fe:a4:4f:57:23:c1:9e:c7:3c:5e:33:ff:85:e6:cd:fc:3b:
         ff:29:2c:1a:8d:ad:ff:ec:31:f9:89:16:11:3d:2c:cb:f7:02:
         59:b2:60:97:ef:e2:12:37:24:84:a3:1b:70:f9:d1:2b:19:62:
         5e:c8:32:86:70:6c:61:60:34:01:a6:ab:aa:df:9a:49:b3:6b:
         ee:c2:a4:2d:31:72:45:62:bd:c7:89:57:75:77:60:a8:9a:50:
         28:d7:8a:0d:cc:a3:2e:5b:92:e3:72:20:73:c7:b6:54:32:92:
         d6:48:d8:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS23bCwjGvcZeBV5n/taSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDczYTZhZDc3YThmODU5YjQwM2RiMmNlNzE1ZTgyZDFj
ZjMyZmUwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI1ODI3MTljOWM0M2Y5YjY0Y2EzYTBlODQyMDc1MjQ5OTRmOTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPMtPdghtwjh4u1hiPZPPobY7ra9
PhZXhYEePuezZPrkZ4S+DAksT2tz58pSvfBz/E96KPcsRapwJc2bwQH1jbqSbI0a
X+Xm5mHiH3blurPl8DDQvixZG1vqyikrXEwowzNpWhJpreyyW+nmUEWoQvEXGWKP
IdtHhkJbzDHNCU66GwWTzVcmceR8c+BRlLXQ4xFLF30v4j6UwukrurMJ8z5VUKf6
zCvS8LZNX4QvR5c/zzfL0Gnr2zw/eT/EF4ikGMc1w4dfA6l5A1rdf+JtkCBh7LUe
KC3P6aQmLF8oC8XHs4+qqAgDOYSh/qUju2nY4HmRO/GkcvoeI9y/8icjzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD21gnGcnEP5tkyjoOhCB1JJlPkTMB8GA1UdIwQY
MBaAFLTXOmrXeo+Fm0A9ss5xXoLRzzL+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5jNmF0ZDZqNFdiUUQyeXpuRmVndEhQTXY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83ZTdlZTctMWJkNC00NDM1LTg3MWYt
NmNmOGU1NjdmZjFjLzEvUGJXQ2NaeWNRX20yVEtPZzZFSUhVa21VLVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83ZTdlZTctMWJkNC00NDM1LTg3MWYtNmNmOGU1NjdmZjFj
LzEvdE5jNmF0ZDZqNFdiUUQyeXpuRmVndEhQTXY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZKIMA0E
AgACMAcDBQMqDzAAMA0GCSqGSIb3DQEBCwUAA4IBAQB7fjyyR0C/htP/vfzdZKKa
gialu8zy2CPhABSa+ArA/wXySGdAHI7DqzwI5BfV0E4YVWpegjvtNNW3dMmk3sam
flvwgv4UBtVJOp0DgFF/hHKMUTECm+Vn+hwCNBKSztJgYBcCiBVcX4j/4NMJSlIP
2FMvkiqyzJYNJfR2JkKRz61/nYfIrWLsYpKhNL6H1owz/qRPVyPBnsc8XjP/hebN
/Dv/KSwaja3/7DH5iRYRPSzL9wJZsmCX7+ISNySEoxtw+dErGWJeyDKGcGxhYDQB
pquq35pJs2vuwqQtMXJFYr3HiVd1d2ComlAo14oNzKMuW5LjciBzx7ZUMpLWSNh0
-----END CERTIFICATE-----