Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/4R4mKusC50a0PIgabKy4IKss2fU.roa
File:                     4R4mKusC50a0PIgabKy4IKss2fU.roa (raw, json)
Hash identifier:          AFj0A3THQoJ2AWADlDwOwMryMNfFdBzA4MGNl6zwiBc=
Subject key identifier:   E1:1E:26:2A:EB:02:E7:46:B4:3C:88:1A:6C:AC:B8:20:AB:2C:D9:F5
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019099190E488153B47752F524DD7FADF4B2
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/4R4mKusC50a0PIgabKy4IKss2fU.roa
Signing time:             Tue 09 Jul 2024 20:04:34 +0000
ROA not before:           Tue 09 Jul 2024 20:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        62.169.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:99:19:0e:48:81:53:b4:77:52:f5:24:dd:7f:ad:f4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Jul  9 20:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e11e262aeb02e746b43c881a6cacb820ab2cd9f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9c:dc:17:c5:6c:dc:44:78:6c:b8:04:b4:1d:
                    cc:51:cb:95:f0:ff:e5:a1:65:7a:fd:43:e2:59:21:
                    d6:7f:b0:ba:de:c0:28:d7:dd:bd:2d:bb:5f:ef:b4:
                    2f:20:e8:c1:fa:e2:63:b6:c4:2e:d5:77:9a:b2:dd:
                    58:5d:bb:4e:85:4e:75:f3:c1:a9:c2:74:44:13:57:
                    2e:97:cc:c2:76:f5:30:92:cf:9f:ea:c1:ae:dd:c0:
                    96:9c:14:41:4e:31:a5:d7:17:b0:69:e1:0f:c8:c1:
                    d4:13:46:14:47:a8:bf:b6:1e:14:d3:57:23:54:65:
                    71:74:36:c3:f9:a5:df:2d:71:b5:90:e2:76:0f:88:
                    50:86:ce:1d:12:0e:d3:0b:20:7c:a7:ef:6b:2f:3a:
                    6e:a2:1d:65:32:f0:38:15:6e:5a:8d:66:f0:7a:7d:
                    6b:a0:c6:36:33:66:6e:53:16:4c:00:2c:d2:4b:0e:
                    a6:34:d4:20:b2:16:24:33:69:fb:6f:62:af:4f:e3:
                    a9:0d:11:51:fb:4b:e9:48:18:69:50:2a:d9:38:91:
                    c0:f8:3d:7f:cd:a7:3d:0f:15:aa:fd:78:6b:be:2c:
                    e2:8e:b9:4f:c2:68:4b:a1:25:78:5c:55:f5:11:07:
                    80:43:b7:dd:a9:3b:ec:53:b8:84:c0:aa:14:c0:f7:
                    01:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1E:26:2A:EB:02:E7:46:B4:3C:88:1A:6C:AC:B8:20:AB:2C:D9:F5
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/4R4mKusC50a0PIgabKy4IKss2fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:4e:91:4f:a5:ba:c4:ee:94:8c:df:55:c6:11:5e:9b:63:4d:
         c5:63:e6:d9:b1:83:a7:7c:e7:b0:c6:2c:90:0d:4f:86:cc:a4:
         01:27:26:1f:32:f7:d1:dc:16:31:e3:d1:0d:41:91:94:73:d6:
         3d:a9:5c:ab:62:8e:8a:00:ed:5f:ec:71:e1:be:87:d4:8e:99:
         59:1e:39:ab:ec:bf:fb:33:74:7e:fd:6e:0e:4e:4b:7e:2a:b1:
         0e:7b:7b:71:55:7f:60:d6:c4:45:b3:a8:91:52:6a:c0:43:4f:
         a9:fa:74:9e:89:4f:2a:bf:ab:63:6b:12:fc:c7:9c:c0:a7:7f:
         33:aa:df:cb:82:64:f0:10:90:d1:dd:75:a9:7c:e8:f0:1c:39:
         8c:d9:71:ce:87:0c:f9:b7:4c:bf:92:3f:a6:41:aa:58:bb:b6:
         6e:b7:c0:73:0d:3e:3a:08:e4:fb:b8:47:e5:87:37:cb:af:11:
         4a:ae:af:47:d2:9e:c2:4b:11:da:c0:83:ba:81:56:87:a4:04:
         4e:d7:eb:26:4d:eb:ce:c2:cc:c8:f3:1c:92:77:39:e2:ad:71:
         88:14:36:f7:9a:e8:65:76:8a:5b:f2:b0:a2:3d:da:83:b6:8a:
         d4:21:7f:d8:2b:0c:3d:71:2e:6e:82:0f:6f:92:5e:6f:74:c6:
         86:97:0a:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCZGQ5IgVO0d1L1JN1/rfSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQwNzA5MjAwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTFlMjYyYWViMDJlNzQ2YjQzYzg4MWE2Y2FjYjgyMGFiMmNkOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJzcF8Vs3ER4bLgEtB3MUcuV8P/l
oWV6/UPiWSHWf7C63sAo1929Lbtf77QvIOjB+uJjtsQu1Xeast1YXbtOhU5188Gp
wnREE1cul8zCdvUwks+f6sGu3cCWnBRBTjGl1xewaeEPyMHUE0YUR6i/th4U01cj
VGVxdDbD+aXfLXG1kOJ2D4hQhs4dEg7TCyB8p+9rLzpuoh1lMvA4FW5ajWbwen1r
oMY2M2ZuUxZMACzSSw6mNNQgshYkM2n7b2KvT+OpDRFR+0vpSBhpUCrZOJHA+D1/
zac9DxWq/XhrvizijrlPwmhLoSV4XFX1EQeAQ7fdqTvsU7iEwKoUwPcBcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEeJirrAudGtDyIGmysuCCrLNn1MB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvNFI0bUt1c0M1MGEwUElnYWJLeTRJS3NzMmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmZMA0G
CSqGSIb3DQEBCwUAA4IBAQBDTpFPpbrE7pSM31XGEV6bY03FY+bZsYOnfOewxiyQ
DU+GzKQBJyYfMvfR3BYx49ENQZGUc9Y9qVyrYo6KAO1f7HHhvofUjplZHjmr7L/7
M3R+/W4OTkt+KrEOe3txVX9g1sRFs6iRUmrAQ0+p+nSeiU8qv6tjaxL8x5zAp38z
qt/LgmTwEJDR3XWpfOjwHDmM2XHOhwz5t0y/kj+mQapYu7Zut8BzDT46COT7uEfl
hzfLrxFKrq9H0p7CSxHawIO6gVaHpARO1+smTevOwszI8xySdznirXGIFDb3muhl
dopb8rCiPdqDtorUIX/YKww9cS5ugg9vkl5vdMaGlwpR
-----END CERTIFICATE-----