Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/mE_KA_jdB4_skqw-gHcsKxBJ__k.roa
File:                     mE_KA_jdB4_skqw-gHcsKxBJ__k.roa (raw, json)
Hash identifier:          aVDfF4QyvH7VRxVvAebgWj8xqPRpJ2gNOlHcl1ocO/M=
Subject key identifier:   98:4F:CA:03:F8:DD:07:8F:EC:92:AC:3E:80:77:2C:2B:10:49:FF:F9
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       018E03AF101AB2C2CF8C87BF82F2B0BD0AF4
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/mE_KA_jdB4_skqw-gHcsKxBJ__k.roa
Signing time:             Sun 03 Mar 2024 09:39:48 +0000
ROA not before:           Sun 03 Mar 2024 09:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215512
IP address blocks:        45.113.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:03:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:03:af:10:1a:b2:c2:cf:8c:87:bf:82:f2:b0:bd:0a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Mar  3 09:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=984fca03f8dd078fec92ac3e80772c2b1049fff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:07:da:71:b1:f4:d7:5f:ec:f8:f9:e6:3d:9b:
                    ca:23:00:65:5d:f5:d8:44:4a:41:4e:35:29:b3:db:
                    4a:78:77:16:d3:32:9c:87:ce:dd:92:36:93:7b:39:
                    5f:9b:df:53:7a:bc:de:92:a0:a7:af:8b:b7:8c:8d:
                    00:68:df:17:38:b8:1e:7a:a4:88:18:ce:00:2c:ee:
                    6c:21:a1:e7:78:dc:e7:8c:00:fa:56:d4:1d:51:bd:
                    49:cd:12:8f:ed:be:4e:8a:d3:ea:c9:0d:f2:38:f8:
                    5e:3b:89:33:56:fe:c2:6a:5f:6a:b7:c8:bd:1e:19:
                    04:1b:1f:ea:63:5b:3c:71:c1:84:55:66:c1:82:92:
                    77:96:fb:7e:dc:c1:f3:6a:35:ca:41:fa:e0:58:7c:
                    5d:25:af:46:0c:d7:9b:ef:fc:26:e7:ce:48:7b:b4:
                    fc:5f:3d:3d:45:4f:4e:95:75:66:0b:eb:7d:85:ba:
                    c1:d6:5b:7b:ab:d8:2a:04:b6:6b:f7:04:09:b0:1e:
                    fc:21:31:12:35:f8:b0:90:3f:27:d2:d4:e8:d4:63:
                    68:5d:ed:80:e8:c1:20:e7:dc:bf:40:49:77:51:b6:
                    96:0d:09:88:76:e1:ea:fd:d4:36:87:a3:52:5b:63:
                    18:d0:1a:06:91:34:12:85:c4:5a:ee:35:42:75:16:
                    78:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4F:CA:03:F8:DD:07:8F:EC:92:AC:3E:80:77:2C:2B:10:49:FF:F9
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/mE_KA_jdB4_skqw-gHcsKxBJ__k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.113.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:94:dc:fd:b8:0b:6c:e9:94:fc:16:c4:38:77:db:b4:8f:66:
         08:a6:46:39:c1:8a:9b:b6:5e:74:41:b6:01:e8:c2:3a:fd:81:
         0a:bd:e9:d0:2a:15:be:ce:64:83:e7:82:9b:cd:db:b0:67:a5:
         b5:88:56:6e:e7:37:45:1d:85:92:9e:35:3a:cc:62:47:e7:92:
         fa:3b:b9:d9:a7:17:85:c3:d1:98:98:62:c3:dd:42:d1:1b:c8:
         cf:33:7c:22:1f:69:80:b4:5f:72:86:ce:56:93:97:b7:f4:05:
         bf:57:b8:83:5a:39:b6:27:85:d5:8a:cd:2a:66:3d:ad:80:51:
         2a:67:fb:37:d1:35:dd:39:a2:bb:56:4c:d3:36:cc:76:77:29:
         40:0c:eb:ba:2e:44:6e:81:7a:0b:4e:e1:76:81:ac:26:cc:96:
         0c:e6:97:b4:b7:8d:3d:08:f4:41:96:95:e7:57:a7:47:80:92:
         9b:2d:98:0b:c7:e1:82:24:1e:fd:1d:f2:17:c8:36:3f:e1:12:
         1f:1f:d0:0e:48:cc:4d:ec:c7:5b:38:b0:6a:14:0d:2d:e0:5c:
         e7:39:f7:32:01:5e:71:cd:37:45:59:67:bf:08:9c:b1:d0:6e:
         89:7b:1f:0f:bb:77:76:6b:fb:a0:40:9c:f7:3e:d8:15:59:e7:
         ac:16:a0:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4DrxAassLPjIe/gvKwvQr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjQwMzAzMDkzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODRmY2EwM2Y4ZGQwNzhmZWM5MmFjM2U4MDc3MmMyYjEwNDlmZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswfacbH011/s+PnmPZvKIwBlXfXY
REpBTjUps9tKeHcW0zKch87dkjaTezlfm99TerzekqCnr4u3jI0AaN8XOLgeeqSI
GM4ALO5sIaHneNznjAD6VtQdUb1JzRKP7b5OitPqyQ3yOPheO4kzVv7Cal9qt8i9
HhkEGx/qY1s8ccGEVWbBgpJ3lvt+3MHzajXKQfrgWHxdJa9GDNeb7/wm585Ie7T8
Xz09RU9OlXVmC+t9hbrB1lt7q9gqBLZr9wQJsB78ITESNfiwkD8n0tTo1GNoXe2A
6MEg59y/QEl3UbaWDQmIduHq/dQ2h6NSW2MY0BoGkTQShcRa7jVCdRZ4QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhPygP43QeP7JKsPoB3LCsQSf/5MB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvbUVfS0FfamRCNF9za3F3LWdIY3NLeEJKX19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXHtMA0G
CSqGSIb3DQEBCwUAA4IBAQAplNz9uAts6ZT8FsQ4d9u0j2YIpkY5wYqbtl50QbYB
6MI6/YEKvenQKhW+zmSD54KbzduwZ6W1iFZu5zdFHYWSnjU6zGJH55L6O7nZpxeF
w9GYmGLD3ULRG8jPM3wiH2mAtF9yhs5Wk5e39AW/V7iDWjm2J4XVis0qZj2tgFEq
Z/s30TXdOaK7VkzTNsx2dylADOu6LkRugXoLTuF2gawmzJYM5pe0t409CPRBlpXn
V6dHgJKbLZgLx+GCJB79HfIXyDY/4RIfH9AOSMxN7MdbOLBqFA0t4FznOfcyAV5x
zTdFWWe/CJyx0G6Jex8Pu3d2a/ugQJz3PtgVWeesFqC9
-----END CERTIFICATE-----