Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/bCsy1qKV5lNyQl34SdHI5QHUBIc.roa
File:                     bCsy1qKV5lNyQl34SdHI5QHUBIc.roa (raw, json)
Hash identifier:          PgFjROYzgXre9BBuqctNrb5oFklUv8Zu3nHPRlfGHxY=
Subject key identifier:   6C:2B:32:D6:A2:95:E6:53:72:42:5D:F8:49:D1:C8:E5:01:D4:04:87
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       018F9B8B8BB8BF6F44C33FB65617D4174021
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/bCsy1qKV5lNyQl34SdHI5QHUBIc.roa
Signing time:             Tue 21 May 2024 14:26:04 +0000
ROA not before:           Tue 21 May 2024 14:26:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47516
IP address blocks:        45.143.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9b:8b:8b:b8:bf:6f:44:c3:3f:b6:56:17:d4:17:40:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: May 21 14:26:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c2b32d6a295e65372425df849d1c8e501d40487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0e:e9:8e:99:5a:1d:53:68:f6:1c:81:b2:38:
                    05:0b:a0:44:67:f2:16:75:f8:7e:16:ad:d1:aa:97:
                    76:d3:f5:b0:96:a3:b1:da:f6:c2:75:5a:b4:e4:39:
                    1d:77:e5:a4:09:5e:54:0b:8c:f0:db:78:8b:c1:ee:
                    bc:b1:1e:6f:d8:07:68:16:23:5b:c7:ea:d3:20:19:
                    98:a9:77:b9:13:0a:07:5e:67:27:db:85:24:5d:1c:
                    b3:f1:8b:25:d5:07:e3:e9:9d:a6:ba:6f:28:b5:ae:
                    13:5b:06:af:d5:9c:e2:43:94:bd:5a:0e:6e:ed:e6:
                    5d:3f:c7:31:cc:51:f7:83:5e:a5:d1:96:ad:32:05:
                    93:5f:9e:11:26:5a:1f:33:ea:45:2f:96:98:d1:0d:
                    ff:b2:8c:fb:2e:0c:e8:d2:07:ac:5f:80:3d:33:f1:
                    34:f9:05:4a:1e:c5:3c:08:3e:26:3e:97:91:60:c3:
                    dd:be:ff:d7:6a:88:d3:92:37:34:ac:82:67:66:27:
                    57:c4:82:d3:1e:2e:58:c0:89:1a:f7:c3:50:b6:be:
                    8a:96:03:f5:ab:db:ac:8a:05:bf:a5:05:36:c7:c2:
                    35:11:ac:26:42:1e:cb:dc:56:46:32:f2:90:d3:04:
                    b2:5e:41:6a:19:be:07:b2:ba:a1:c0:44:2e:5d:d9:
                    f3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2B:32:D6:A2:95:E6:53:72:42:5D:F8:49:D1:C8:E5:01:D4:04:87
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/bCsy1qKV5lNyQl34SdHI5QHUBIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b6:36:aa:1c:ad:ce:58:8d:78:41:b6:77:13:76:a1:fa:b9:
         81:4e:4b:9d:7f:b5:fe:87:b3:e6:a5:69:75:f3:ee:46:18:a2:
         f7:18:1c:ae:1e:d2:9c:ce:dc:53:ae:81:23:c4:52:e8:26:42:
         4c:7f:ee:57:15:18:26:ec:64:35:17:c0:ee:8a:c6:35:49:d3:
         72:98:7d:41:05:af:c7:3c:72:95:0b:3c:31:40:c4:92:92:7c:
         63:18:a1:eb:1c:cf:fd:a9:2b:fe:53:b2:93:7c:28:40:c7:6e:
         70:f9:0c:27:f1:b4:19:bf:35:8b:90:39:d3:16:f3:79:0b:c2:
         3e:5b:6b:22:be:62:10:91:b8:12:ab:0b:81:a6:30:aa:ce:a7:
         f3:92:1e:8c:55:81:f6:12:7b:d3:55:5c:04:8d:fd:3e:52:ef:
         15:2e:2d:08:ce:4c:00:bf:6d:50:13:ab:59:e0:5d:05:2a:7d:
         0f:b1:f4:bc:d6:04:63:4b:48:ec:86:6a:a8:cc:2c:da:29:3a:
         75:8d:1a:8c:58:86:cc:97:28:13:10:27:b5:f3:8d:0c:2f:9a:
         14:c3:70:3b:1e:d8:76:cc:97:ef:e6:c9:8a:87:45:70:78:38:
         9a:4e:4f:b0:44:43:8b:4e:90:00:80:3f:8a:c2:b5:9c:13:3e:
         92:29:45:f8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY+bi4u4v29Ewz+2VhfUF0AhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjQwNTIxMTQyNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzJiMzJkNmEyOTVlNjUzNzI0MjVkZjg0OWQxYzhlNTAxZDQwNDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmA7pjplaHVNo9hyBsjgFC6BEZ/IW
dfh+Fq3Rqpd20/WwlqOx2vbCdVq05Dkdd+WkCV5UC4zw23iLwe68sR5v2AdoFiNb
x+rTIBmYqXe5EwoHXmcn24UkXRyz8Ysl1Qfj6Z2mum8ota4TWwav1ZziQ5S9Wg5u
7eZdP8cxzFH3g16l0ZatMgWTX54RJlofM+pFL5aY0Q3/soz7Lgzo0gesX4A9M/E0
+QVKHsU8CD4mPpeRYMPdvv/XaojTkjc0rIJnZidXxILTHi5YwIka98NQtr6KlgP1
q9usigW/pQU2x8I1EawmQh7L3FZGMvKQ0wSyXkFqGb4HsrqhwEQuXdnzNwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGwrMtaileZTckJd+EnRyOUB1ASHMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL2JDc3kxcUtWNWxOeVFsMzRTZEhJNVFIVUJJYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjwQw
DQYJKoZIhvcNAQELBQADggEBAGu2Nqocrc5YjXhBtncTdqH6uYFOS51/tf6Hs+al
aXXz7kYYovcYHK4e0pzO3FOugSPEUugmQkx/7lcVGCbsZDUXwO6KxjVJ03KYfUEF
r8c8cpULPDFAxJKSfGMYoescz/2pK/5TspN8KEDHbnD5DCfxtBm/NYuQOdMW83kL
wj5bayK+YhCRuBKrC4GmMKrOp/OSHoxVgfYSe9NVXASN/T5S7xUuLQjOTAC/bVAT
q1ngXQUqfQ+x9LzWBGNLSOyGaqjMLNopOnWNGoxYhsyXKBMQJ7XzjQwvmhTDcDse
2HbMl+/myYqHRXB4OJpOT7BEQ4tOkACAP4rCtZwTPpIpRfg=
-----END CERTIFICATE-----