Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/jNZCsv44lK47pMaZxcFgHYlzSP4.roa
File:                     jNZCsv44lK47pMaZxcFgHYlzSP4.roa (raw, json)
Hash identifier:          +DEn7cT2lnHzGggz4xKZVbt00ADHzGe9rZagwRUYsew=
Subject key identifier:   8C:D6:42:B2:FE:38:94:AE:3B:A4:C6:99:C5:C1:60:1D:89:73:48:FE
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       018EC4E170FF16EB05D604B83010DE834207
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/jNZCsv44lK47pMaZxcFgHYlzSP4.roa
Signing time:             Tue 09 Apr 2024 22:01:32 +0000
ROA not before:           Tue 09 Apr 2024 22:01:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.82.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:e1:70:ff:16:eb:05:d6:04:b8:30:10:de:83:42:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Apr  9 22:01:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cd642b2fe3894ae3ba4c699c5c1601d897348fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a1:3a:b7:2c:15:2b:dd:b0:74:d8:ee:00:87:
                    41:33:66:ff:21:f0:8a:82:d6:0b:85:8d:c5:c5:a8:
                    8d:30:b6:2f:c7:d9:72:85:b0:99:f0:e2:e9:78:d0:
                    d4:e4:cc:db:d2:e0:2a:ba:48:d8:e6:e7:7b:7c:aa:
                    9e:b8:5d:15:e8:92:02:44:30:66:8c:0b:07:93:1d:
                    74:5e:7c:66:eb:e8:d8:14:f6:1f:aa:af:55:b6:1b:
                    61:5e:b2:97:94:46:75:25:4c:68:1d:89:3b:b0:7e:
                    b1:81:1f:23:06:2c:30:6a:a9:9f:d7:84:e4:8e:7e:
                    fb:ff:88:9e:d2:44:a5:4b:f6:e8:72:91:91:91:be:
                    4c:6f:10:9c:57:66:f2:c1:f5:1d:3c:2d:d0:2a:ed:
                    23:c5:14:f4:3b:5d:80:2c:e8:d9:8c:c2:93:82:5c:
                    9c:dd:f4:14:66:06:ca:36:16:ae:e3:c9:2f:94:de:
                    ca:77:a7:55:3d:37:8a:4b:80:68:10:f6:f2:ad:c0:
                    4c:2d:89:f8:18:12:98:fd:30:c2:cc:e4:5a:41:86:
                    c6:b1:63:2b:25:8e:95:e8:2e:ff:2d:fa:3b:41:62:
                    ab:b9:64:33:29:1e:e0:29:9a:d4:6c:cf:5f:73:bf:
                    40:22:6c:0d:af:85:a2:d7:f7:b2:7b:d5:c1:b4:e3:
                    1d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D6:42:B2:FE:38:94:AE:3B:A4:C6:99:C5:C1:60:1D:89:73:48:FE
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/jNZCsv44lK47pMaZxcFgHYlzSP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:3f:2f:af:83:81:de:99:31:f1:28:0e:0e:85:8a:75:3b:c1:
         00:c7:91:d6:37:c5:2a:00:94:af:df:22:2a:e2:3f:85:d0:cf:
         ac:46:b3:83:f3:77:1e:6b:80:34:d1:25:c9:0b:cd:da:3c:bf:
         8f:2b:94:59:d3:81:8f:05:92:28:8f:5f:c3:9f:9e:b0:1d:b2:
         6a:2c:8f:c3:f3:6c:36:98:01:61:33:29:4f:3e:fb:3c:bc:90:
         1e:95:8f:3b:93:0e:3f:04:11:d0:92:23:cc:e4:a2:ed:ff:29:
         a3:57:32:48:7b:21:be:d0:42:63:96:84:9e:5c:7f:92:13:30:
         39:07:97:75:f6:16:90:45:3a:76:bf:52:e4:c3:07:9c:60:d5:
         99:7e:a6:ff:fc:6c:b2:55:cc:d7:c5:25:37:7e:f6:3a:10:73:
         d0:96:2f:ee:7b:47:bf:94:b4:cb:ac:e3:46:ed:68:1b:02:2e:
         d3:d0:63:f0:6c:da:2f:a3:7c:f6:38:20:28:6d:0f:07:1e:36:
         31:c0:20:f3:7b:99:b0:10:85:ef:43:b6:1e:90:39:19:d1:15:
         9c:62:84:47:25:eb:97:88:12:d5:15:ae:4c:f8:19:4f:29:9a:
         b7:75:07:89:56:f4:a7:1d:38:ae:bf:63:bb:91:5d:7a:3d:a5:
         63:72:79:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7E4XD/FusF1gS4MBDeg0IHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjQwNDA5MjIwMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Q2NDJiMmZlMzg5NGFlM2JhNGM2OTljNWMxNjAxZDg5NzM0OGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6E6tywVK92wdNjuAIdBM2b/IfCK
gtYLhY3FxaiNMLYvx9lyhbCZ8OLpeNDU5Mzb0uAqukjY5ud7fKqeuF0V6JICRDBm
jAsHkx10Xnxm6+jYFPYfqq9VththXrKXlEZ1JUxoHYk7sH6xgR8jBiwwaqmf14Tk
jn77/4ie0kSlS/bocpGRkb5MbxCcV2bywfUdPC3QKu0jxRT0O12ALOjZjMKTglyc
3fQUZgbKNhau48kvlN7Kd6dVPTeKS4BoEPbyrcBMLYn4GBKY/TDCzORaQYbGsWMr
JY6V6C7/Lfo7QWKruWQzKR7gKZrUbM9fc79AImwNr4Wi1/eye9XBtOMdJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzWQrL+OJSuO6TGmcXBYB2Jc0j+MB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvak5aQ3N2NDRsSzQ3cE1hWnhjRmdIWWx6U1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVJSMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Py+vg4HemTHxKA4OhYp1O8EAx5HWN8UqAJSv3yIq
4j+F0M+sRrOD83cea4A00SXJC83aPL+PK5RZ04GPBZIoj1/Dn56wHbJqLI/D82w2
mAFhMylPPvs8vJAelY87kw4/BBHQkiPM5KLt/ymjVzJIeyG+0EJjloSeXH+SEzA5
B5d19haQRTp2v1LkwwecYNWZfqb//GyyVczXxSU3fvY6EHPQli/ue0e/lLTLrONG
7WgbAi7T0GPwbNovo3z2OCAobQ8HHjYxwCDze5mwEIXvQ7YekDkZ0RWcYoRHJeuX
iBLVFa5M+BlPKZq3dQeJVvSnHTiuv2O7kV16PaVjcnkQ
-----END CERTIFICATE-----