Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/YiWtRcEv5zXe4kQ3uq9L6TXeEYE.roa
File:                     YiWtRcEv5zXe4kQ3uq9L6TXeEYE.roa (raw, json)
Hash identifier:          dmw7y1MOVd+P5f6JEaTbbILK4uIVEScQxsoDuKeR6Vg=
Subject key identifier:   62:25:AD:45:C1:2F:E7:35:DE:E2:44:37:BA:AF:4B:E9:35:DE:11:81
Certificate issuer:       /CN=b4d73a6ad77a8f859b403db2ce715e82d1cf32fe
Certificate serial:       018CC64B6E0A5A58458A07752A0A98938D36
Authority key identifier: B4:D7:3A:6A:D7:7A:8F:85:9B:40:3D:B2:CE:71:5E:82:D1:CF:32:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tNc6atd6j4WbQD2yznFegtHPMv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/YiWtRcEv5zXe4kQ3uq9L6TXeEYE.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59592
IP address blocks:        45.146.136.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/tNc6atd6j4WbQD2yznFegtHPMv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/tNc6atd6j4WbQD2yznFegtHPMv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tNc6atd6j4WbQD2yznFegtHPMv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6e:0a:5a:58:45:8a:07:75:2a:0a:98:93:8d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4d73a6ad77a8f859b403db2ce715e82d1cf32fe
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6225ad45c12fe735dee24437baaf4be935de1181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6d:36:6f:18:e4:d6:1c:0f:50:73:98:76:a7:
                    ee:0d:e9:eb:fe:87:5c:7e:57:b3:53:3f:92:00:39:
                    1e:1e:e4:43:cd:83:e4:4f:cd:14:b1:78:48:4d:cd:
                    f4:82:a1:e3:fe:ab:8c:f9:4e:c7:f0:4d:5a:90:9f:
                    33:6a:e8:e8:b1:00:ad:4e:d9:05:22:36:5e:37:80:
                    7c:01:2b:d0:4c:44:d9:21:ca:45:50:e8:84:5a:cd:
                    77:cb:dc:98:d7:e8:97:84:1e:e1:4f:60:37:c9:b3:
                    6e:cc:b0:b4:81:71:26:eb:5f:fc:94:86:1e:5a:2f:
                    a7:f0:95:cd:32:04:79:90:45:d9:c9:f2:ac:36:a4:
                    b4:6a:0b:4c:d0:08:6a:e3:e4:34:90:8e:9f:85:9b:
                    7d:c2:bb:81:f7:37:33:b5:42:27:f8:21:a0:28:4c:
                    70:8b:3e:e5:6d:ac:42:8b:f3:f6:be:34:31:92:b1:
                    38:8a:ae:4f:03:c9:9d:74:13:e5:b2:2c:76:ef:86:
                    7e:2c:c3:4c:c4:85:9f:6c:4c:92:2c:80:3c:33:1a:
                    d9:7a:97:7d:9a:d6:88:ca:70:16:e2:1b:9c:a6:be:
                    5e:73:7f:57:12:3e:04:04:f5:67:df:38:5e:e6:1f:
                    d4:4e:78:50:13:9f:18:10:39:7b:68:c3:2d:e6:c0:
                    8a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:25:AD:45:C1:2F:E7:35:DE:E2:44:37:BA:AF:4B:E9:35:DE:11:81
            X509v3 Authority Key Identifier:
                keyid:B4:D7:3A:6A:D7:7A:8F:85:9B:40:3D:B2:CE:71:5E:82:D1:CF:32:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNc6atd6j4WbQD2yznFegtHPMv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/YiWtRcEv5zXe4kQ3uq9L6TXeEYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/7e7ee7-1bd4-4435-871f-6cf8e567ff1c/1/tNc6atd6j4WbQD2yznFegtHPMv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:4f:6e:04:88:d1:46:b5:e6:5b:62:d7:06:aa:d5:30:f6:24:
         84:48:5d:f1:79:46:b1:f7:68:fc:26:e8:08:b4:f9:21:fb:0c:
         aa:d1:99:69:87:40:84:3a:37:76:60:f7:21:fe:f2:a6:28:a3:
         ec:f9:d0:6e:6b:1c:12:f6:b4:5d:8a:82:24:82:1f:b2:96:1a:
         e0:4e:48:12:31:39:2c:b0:f6:38:70:3b:15:e8:a2:4e:21:d5:
         1a:20:45:a8:d8:84:a1:be:8c:da:15:ce:81:41:3c:6c:28:4d:
         b3:be:9e:ae:47:69:3a:98:64:2e:0a:a3:29:e5:00:7c:5b:70:
         80:ea:f6:54:9a:8e:d3:3f:5b:8b:4e:9a:d9:63:d6:83:8b:4a:
         53:6e:b1:e2:c2:e5:ff:5f:99:f2:48:7a:5b:6b:d3:36:fd:b9:
         f7:59:cb:7b:73:40:77:c4:9d:50:e7:53:32:6f:2a:91:6d:71:
         2e:ce:85:c1:ff:93:07:f3:79:e1:c9:03:ce:c4:e3:4b:49:0b:
         5d:26:0d:a4:1c:5f:46:98:09:fa:a1:ce:a5:60:ff:19:6a:b8:
         f0:63:4b:25:d2:38:15:09:92:63:9e:49:34:59:b5:f5:49:76:
         a4:f5:83:05:f3:e8:f9:37:9b:66:b9:9f:73:17:c2:97:26:e8:
         08:75:bc:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS24KWlhFigd1KgqYk402MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDczYTZhZDc3YThmODU5YjQwM2RiMmNlNzE1ZTgyZDFj
ZjMyZmUwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjI1YWQ0NWMxMmZlNzM1ZGVlMjQ0MzdiYWFmNGJlOTM1ZGUxMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAym02bxjk1hwPUHOYdqfuDenr/odc
flezUz+SADkeHuRDzYPkT80UsXhITc30gqHj/quM+U7H8E1akJ8zaujosQCtTtkF
IjZeN4B8ASvQTETZIcpFUOiEWs13y9yY1+iXhB7hT2A3ybNuzLC0gXEm61/8lIYe
Wi+n8JXNMgR5kEXZyfKsNqS0agtM0Ahq4+Q0kI6fhZt9wruB9zcztUIn+CGgKExw
iz7lbaxCi/P2vjQxkrE4iq5PA8mddBPlsix274Z+LMNMxIWfbEySLIA8MxrZepd9
mtaIynAW4hucpr5ec39XEj4EBPVn3zhe5h/UTnhQE58YEDl7aMMt5sCKRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIlrUXBL+c13uJEN7qvS+k13hGBMB8GA1UdIwQY
MBaAFLTXOmrXeo+Fm0A9ss5xXoLRzzL+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5jNmF0ZDZqNFdiUUQyeXpuRmVndEhQTXY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83ZTdlZTctMWJkNC00NDM1LTg3MWYt
NmNmOGU1NjdmZjFjLzEvWWlXdFJjRXY1elhlNGtRM3VxOUw2VFhlRVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83ZTdlZTctMWJkNC00NDM1LTg3MWYtNmNmOGU1NjdmZjFj
LzEvdE5jNmF0ZDZqNFdiUUQyeXpuRmVndEhQTXY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZKIMA0G
CSqGSIb3DQEBCwUAA4IBAQBxT24EiNFGteZbYtcGqtUw9iSESF3xeUax92j8JugI
tPkh+wyq0Zlph0CEOjd2YPch/vKmKKPs+dBuaxwS9rRdioIkgh+ylhrgTkgSMTks
sPY4cDsV6KJOIdUaIEWo2IShvozaFc6BQTxsKE2zvp6uR2k6mGQuCqMp5QB8W3CA
6vZUmo7TP1uLTprZY9aDi0pTbrHiwuX/X5nySHpba9M2/bn3Wct7c0B3xJ1Q51My
byqRbXEuzoXB/5MH83nhyQPOxONLSQtdJg2kHF9GmAn6oc6lYP8ZarjwY0sl0jgV
CZJjnkk0WbX1SXak9YMF8+j5N5tmuZ9zF8KXJugIdbwL
-----END CERTIFICATE-----