Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/kT-0l0PX5TuvNmGWWiT1H6owEIM.roa
File:                     kT-0l0PX5TuvNmGWWiT1H6owEIM.roa (raw, json)
Hash identifier:          QOqPafbI0L704QBMjphtJxS5gh3ziJypSYxN7tM/KoY=
Subject key identifier:   91:3F:B4:97:43:D7:E5:3B:AF:36:61:96:5A:24:F5:1F:AA:30:10:83
Certificate issuer:       /CN=7c4b917dc9046a065678ae0df4d3e30369c59c69
Certificate serial:       018CC64AB68901EB012CBA9A5DAD00FCCF22
Authority key identifier: 7C:4B:91:7D:C9:04:6A:06:56:78:AE:0D:F4:D3:E3:03:69:C5:9C:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/kT-0l0PX5TuvNmGWWiT1H6owEIM.roa
Signing time:             Mon 01 Jan 2024 18:30:34 +0000
ROA not before:           Mon 01 Jan 2024 18:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48550
IP address blocks:        45.12.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b6:89:01:eb:01:2c:ba:9a:5d:ad:00:fc:cf:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c4b917dc9046a065678ae0df4d3e30369c59c69
        Validity
            Not Before: Jan  1 18:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=913fb49743d7e53baf3661965a24f51faa301083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:93:82:76:b2:05:11:86:39:ba:f5:69:fd:64:
                    86:d9:14:01:c2:2c:2f:3c:4f:18:da:20:38:fc:55:
                    b3:39:58:2a:59:11:be:23:01:58:1d:96:c8:2c:10:
                    d0:14:05:f4:ab:53:39:7b:de:b8:e5:57:07:ca:29:
                    e2:77:8a:5f:dd:dc:78:e0:83:97:08:9e:41:b3:e0:
                    cf:46:40:1e:91:c2:2f:83:26:1c:4b:53:37:c3:e9:
                    1e:cd:18:28:99:99:cd:d6:72:03:8f:cf:05:0e:59:
                    99:04:2b:82:61:1b:fe:34:b7:d5:e6:46:ff:63:ea:
                    4e:42:42:3e:be:c8:cc:8e:3e:98:c6:f4:f8:42:1f:
                    0a:c7:80:d0:90:e8:f9:1e:52:60:96:8b:63:25:0d:
                    1a:78:87:1f:a6:c5:a9:3a:dc:48:16:88:68:77:0e:
                    be:dc:b8:2c:d6:74:a6:4a:4c:05:fa:83:f6:66:3d:
                    85:4f:fd:fc:3e:a1:6a:9c:6e:e9:ad:25:89:5e:91:
                    ff:88:61:a2:0f:d9:9b:d1:1a:c8:31:5f:d0:f1:7e:
                    34:4a:70:9f:29:28:8e:69:be:b3:dd:88:f8:15:e9:
                    a3:49:70:5b:bf:fd:f6:bf:0f:89:97:d2:b2:36:22:
                    5b:f3:4c:de:3c:f6:1a:fd:ac:d6:42:12:8a:59:a3:
                    45:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3F:B4:97:43:D7:E5:3B:AF:36:61:96:5A:24:F5:1F:AA:30:10:83
            X509v3 Authority Key Identifier:
                keyid:7C:4B:91:7D:C9:04:6A:06:56:78:AE:0D:F4:D3:E3:03:69:C5:9C:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/kT-0l0PX5TuvNmGWWiT1H6owEIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:4b:fa:cb:23:79:37:f0:32:90:43:1e:b7:b5:3b:fc:1a:83:
         30:bd:6f:c9:dd:47:be:8f:41:97:86:81:8a:96:ef:3d:10:a6:
         47:05:4c:c6:f3:8e:b5:b0:ea:52:ee:8a:d3:e0:c2:28:cb:f8:
         05:a1:39:c1:44:15:e3:c9:91:6c:1b:8f:89:5f:9c:9b:1b:d3:
         3e:72:14:e6:87:1c:d0:e7:f2:22:a9:66:c7:fb:15:e2:70:b0:
         4a:07:f8:56:98:f8:ef:94:30:13:e1:3e:f5:7c:c3:1f:db:fa:
         ac:af:79:a2:64:21:25:46:3e:29:48:02:9d:f2:63:89:60:11:
         7e:d1:07:ac:ad:df:f5:6e:2f:b5:b3:ca:54:96:40:43:f6:85:
         b5:33:ba:99:73:b9:d7:9f:8e:38:e4:49:b5:33:8d:67:5a:ab:
         1a:47:25:21:16:55:96:0a:7b:6e:6b:8e:db:2f:d4:71:2f:ad:
         b5:31:80:c7:b7:09:5f:59:e6:b1:48:ad:d4:63:dd:78:88:b5:
         03:14:6a:7b:a9:1c:ec:1c:a3:30:61:9b:82:d6:75:d1:a4:85:
         97:14:df:a6:c7:88:dc:57:32:79:af:51:14:1b:4e:1a:a3:d0:
         77:bf:eb:31:17:ce:74:fb:0a:9b:31:70:6f:89:cb:52:4c:c9:
         4b:e1:48:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSraJAesBLLqaXa0A/M8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNGI5MTdkYzkwNDZhMDY1Njc4YWUwZGY0ZDNlMzAzNjlj
NTljNjkwHhcNMjQwMTAxMTgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTNmYjQ5NzQzZDdlNTNiYWYzNjYxOTY1YTI0ZjUxZmFhMzAxMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5OCdrIFEYY5uvVp/WSG2RQBwiwv
PE8Y2iA4/FWzOVgqWRG+IwFYHZbILBDQFAX0q1M5e9645VcHyinid4pf3dx44IOX
CJ5Bs+DPRkAekcIvgyYcS1M3w+kezRgomZnN1nIDj88FDlmZBCuCYRv+NLfV5kb/
Y+pOQkI+vsjMjj6YxvT4Qh8Kx4DQkOj5HlJglotjJQ0aeIcfpsWpOtxIFohodw6+
3Lgs1nSmSkwF+oP2Zj2FT/38PqFqnG7prSWJXpH/iGGiD9mb0RrIMV/Q8X40SnCf
KSiOab6z3Yj4FemjSXBbv/32vw+Jl9KyNiJb80zePPYa/azWQhKKWaNFxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJE/tJdD1+U7rzZhllok9R+qMBCDMB8GA1UdIwQY
MBaAFHxLkX3JBGoGVniuDfTT4wNpxZxpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkV1UmZja0VhZ1pXZUs0TjlOUGpBMm5GbkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84ZDg1ZDctNDA0OS00YjVhLTliZjct
OTFjNzBmNjFhMDY3LzEva1QtMGwwUFg1VHV2Tm1HV1dpVDFINm93RUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84ZDg1ZDctNDA0OS00YjVhLTliZjctOTFjNzBmNjFhMDY3
LzEvZkV1UmZja0VhZ1pXZUs0TjlOUGpBMm5GbkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQx5MA0G
CSqGSIb3DQEBCwUAA4IBAQBmS/rLI3k38DKQQx63tTv8GoMwvW/J3Ue+j0GXhoGK
lu89EKZHBUzG8461sOpS7orT4MIoy/gFoTnBRBXjyZFsG4+JX5ybG9M+chTmhxzQ
5/IiqWbH+xXicLBKB/hWmPjvlDAT4T71fMMf2/qsr3miZCElRj4pSAKd8mOJYBF+
0Qesrd/1bi+1s8pUlkBD9oW1M7qZc7nXn4445Em1M41nWqsaRyUhFlWWCntua47b
L9RxL621MYDHtwlfWeaxSK3UY914iLUDFGp7qRzsHKMwYZuC1nXRpIWXFN+mx4jc
VzJ5r1EUG04ao9B3v+sxF850+wqbMXBvictSTMlL4Ugw
-----END CERTIFICATE-----