Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/G21gR60F2se-4eDz3JBwJPg39YQ.roa
File:                     G21gR60F2se-4eDz3JBwJPg39YQ.roa (raw, json)
Hash identifier:          T3QSLE//IfLNuiWtUAi8T+4lCn/bq/cQpQHTSFuvMHY=
Subject key identifier:   1B:6D:60:47:AD:05:DA:C7:BE:E1:E0:F3:DC:90:70:24:F8:37:F5:84
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01943106D70BD2750ACB3D3FCE73E70A4EE4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/G21gR60F2se-4eDz3JBwJPg39YQ.roa
Signing time:             Sat 04 Jan 2025 11:15:19 +0000
ROA not before:           Sat 04 Jan 2025 11:15:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        45.148.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:31:06:d7:0b:d2:75:0a:cb:3d:3f:ce:73:e7:0a:4e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  4 11:15:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b6d6047ad05dac7bee1e0f3dc907024f837f584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:0d:80:7d:01:b0:99:fc:91:9b:ce:59:e0:
                    1b:e1:c8:2d:0e:77:1f:82:62:bd:20:b8:6f:cf:dc:
                    b2:06:77:94:61:89:cd:cb:00:6e:7a:22:b1:eb:09:
                    0c:be:34:9e:ee:ff:26:af:a8:89:dd:82:c2:75:c6:
                    f9:99:56:8e:ab:b5:96:64:a9:85:cd:f4:65:bf:9c:
                    54:8c:1e:ee:68:0a:2c:9c:af:cb:00:a3:0b:4a:e9:
                    ba:f7:3d:2e:0c:d6:80:5b:62:9a:17:30:17:a9:34:
                    46:cf:f0:8f:49:07:89:b4:75:f5:35:86:82:1d:40:
                    d8:d6:30:46:77:bf:3e:5a:36:3e:d5:4f:77:23:02:
                    d9:63:e3:80:51:42:b1:d5:35:af:3d:4a:5c:52:95:
                    91:8f:46:ab:6c:d4:65:67:95:e6:93:bf:7e:3a:08:
                    eb:9e:86:3c:b0:82:e2:a0:b8:f7:08:28:ad:05:b0:
                    27:50:a9:dd:2f:76:84:b1:f4:57:ea:e8:ff:97:ac:
                    47:8f:62:10:b6:40:e9:45:29:8f:16:13:ee:4c:2b:
                    b7:75:2c:90:cb:a4:40:6d:45:eb:09:c1:f1:d4:10:
                    9d:98:d0:47:d6:fa:14:06:28:e9:bf:bd:31:34:29:
                    66:57:0f:44:24:c4:46:ba:6b:cb:88:85:87:66:4f:
                    44:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6D:60:47:AD:05:DA:C7:BE:E1:E0:F3:DC:90:70:24:F8:37:F5:84
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/G21gR60F2se-4eDz3JBwJPg39YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:d6:d8:fc:9e:77:0e:02:70:1d:5b:ab:cd:13:ce:85:e9:ef:
         32:ee:a9:b0:13:f1:85:ab:a1:9b:83:6c:99:22:75:38:e9:62:
         37:36:3d:dc:9b:a2:5b:21:d5:12:40:f8:4e:39:16:0a:3e:2d:
         49:cf:e1:c4:90:52:b8:fb:fa:82:c8:82:d8:cb:b5:6e:01:e8:
         9e:09:ed:4b:27:c3:49:bb:9e:ae:0f:9d:6e:14:75:08:63:3f:
         e6:18:1e:a5:29:6a:c7:7a:0e:54:f7:88:52:b7:ea:de:c3:e0:
         fc:b1:59:b1:d7:41:be:73:a4:75:41:ee:1e:ff:4a:ac:d3:b0:
         68:65:52:3b:3b:7b:9f:e7:98:43:9f:7c:52:af:f4:71:dc:3a:
         9b:98:9d:65:22:94:e3:09:53:40:4c:1a:8f:25:df:27:29:d3:
         72:a7:80:53:4b:21:be:88:63:ba:fb:a0:a3:bd:6c:82:13:5e:
         17:e1:51:42:8d:bd:bb:bc:a8:50:8b:c1:cc:fc:82:d9:25:93:
         b3:3a:5b:31:f0:4c:bc:85:51:76:fe:e1:f1:52:1d:d8:8a:e6:
         c1:1e:72:64:58:7f:36:8e:29:eb:04:2b:c1:df:38:71:48:6c:
         34:61:e4:83:02:1f:f2:33:bf:7a:8e:47:be:07:ef:11:7e:66:
         57:92:32:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQxBtcL0nUKyz0/znPnCk7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTA0MTExNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjZkNjA0N2FkMDVkYWM3YmVlMWUwZjNkYzkwNzAyNGY4MzdmNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5YNgH0BsJn8kZvOWeAb4cgtDncf
gmK9ILhvz9yyBneUYYnNywBueiKx6wkMvjSe7v8mr6iJ3YLCdcb5mVaOq7WWZKmF
zfRlv5xUjB7uaAosnK/LAKMLSum69z0uDNaAW2KaFzAXqTRGz/CPSQeJtHX1NYaC
HUDY1jBGd78+WjY+1U93IwLZY+OAUUKx1TWvPUpcUpWRj0arbNRlZ5Xmk79+Ogjr
noY8sILioLj3CCitBbAnUKndL3aEsfRX6uj/l6xHj2IQtkDpRSmPFhPuTCu3dSyQ
y6RAbUXrCcHx1BCdmNBH1voUBijpv70xNClmVw9EJMRGumvLiIWHZk9EwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBttYEetBdrHvuHg89yQcCT4N/WEMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRzIxZ1I2MEYyc2UtNGVEejNKQndKUGczOVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZR2MA0G
CSqGSIb3DQEBCwUAA4IBAQCY1tj8nncOAnAdW6vNE86F6e8y7qmwE/GFq6Gbg2yZ
InU46WI3Nj3cm6JbIdUSQPhOORYKPi1Jz+HEkFK4+/qCyILYy7VuAeieCe1LJ8NJ
u56uD51uFHUIYz/mGB6lKWrHeg5U94hSt+rew+D8sVmx10G+c6R1Qe4e/0qs07Bo
ZVI7O3uf55hDn3xSr/Rx3DqbmJ1lIpTjCVNATBqPJd8nKdNyp4BTSyG+iGO6+6Cj
vWyCE14X4VFCjb27vKhQi8HM/ILZJZOzOlsx8Ey8hVF2/uHxUh3YiubBHnJkWH82
jinrBCvB3zhxSGw0YeSDAh/yM796jke+B+8RfmZXkjKA
-----END CERTIFICATE-----