Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/19ddad-c458-441e-984e-573f17d2aef3/1/GYjt7dsqbsOIVWJB0DCShxnbPUA.roa
File:                     GYjt7dsqbsOIVWJB0DCShxnbPUA.roa (raw, json)
Hash identifier:          J4zjYoZtBSBffEWSkTc9XYhJzvexVOl6G38JIscvv5U=
Subject key identifier:   19:88:ED:ED:DB:2A:6E:C3:88:55:62:41:D0:30:92:87:19:DB:3D:40
Certificate issuer:       /CN=b4cd96b27e8843504bb5bd55c329ec02db9f0ffd
Certificate serial:       018CC56E4074BB0B60ABADDD306FCFB4CF27
Authority key identifier: B4:CD:96:B2:7E:88:43:50:4B:B5:BD:55:C3:29:EC:02:DB:9F:0F:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tM2Wsn6IQ1BLtb1VwynsAtufD_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/19ddad-c458-441e-984e-573f17d2aef3/1/GYjt7dsqbsOIVWJB0DCShxnbPUA.roa
Signing time:             Mon 01 Jan 2024 14:29:46 +0000
ROA not before:           Mon 01 Jan 2024 14:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        45.157.236.0/22 maxlen: 22
                          2a0f:4e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/19ddad-c458-441e-984e-573f17d2aef3/1/tM2Wsn6IQ1BLtb1VwynsAtufD_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/19ddad-c458-441e-984e-573f17d2aef3/1/tM2Wsn6IQ1BLtb1VwynsAtufD_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tM2Wsn6IQ1BLtb1VwynsAtufD_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:40:74:bb:0b:60:ab:ad:dd:30:6f:cf:b4:cf:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4cd96b27e8843504bb5bd55c329ec02db9f0ffd
        Validity
            Not Before: Jan  1 14:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1988ededdb2a6ec388556241d030928719db3d40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3e:41:13:72:54:b8:7b:81:fe:bf:c4:5a:d1:
                    fd:cc:ea:ae:58:5a:a6:65:5a:e8:c7:c7:e0:cb:0d:
                    95:7c:b9:d2:41:b3:95:eb:fa:0f:7d:8a:a9:07:b4:
                    a1:64:96:d6:d0:b1:c7:29:7f:5f:4d:78:33:e9:c6:
                    d1:57:39:e3:50:1c:14:4d:b8:06:38:1b:1f:d4:b0:
                    b0:1b:9c:6f:c6:0e:ff:2c:4f:88:39:46:33:79:07:
                    b5:5f:b3:d4:2d:9b:fd:09:88:d5:4e:09:6e:01:70:
                    69:ff:04:cf:10:9d:d0:94:f2:fa:b8:24:a7:10:83:
                    4f:82:89:35:5f:96:d1:c7:60:92:5b:04:40:ea:e9:
                    a8:38:1f:47:c8:36:74:df:8e:5c:e5:06:68:84:f7:
                    55:a5:3a:b7:91:d1:2d:6e:40:ac:f7:d7:8c:bc:90:
                    e6:76:03:c9:d3:72:c2:82:54:bd:b2:bd:71:7e:cb:
                    27:39:0c:89:62:cd:2f:a3:d3:81:a2:60:21:f2:9a:
                    2e:c9:e9:6f:02:59:4d:e7:8e:2b:38:0e:9b:1b:0c:
                    8e:bb:b5:96:c5:ff:7a:0c:04:22:54:93:1c:6b:93:
                    e2:40:58:da:ab:d6:18:e8:7f:c3:cd:f0:4b:5b:f5:
                    ae:a5:50:01:b1:85:c8:cb:e1:97:fb:2b:ab:b0:f9:
                    a0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:88:ED:ED:DB:2A:6E:C3:88:55:62:41:D0:30:92:87:19:DB:3D:40
            X509v3 Authority Key Identifier:
                keyid:B4:CD:96:B2:7E:88:43:50:4B:B5:BD:55:C3:29:EC:02:DB:9F:0F:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tM2Wsn6IQ1BLtb1VwynsAtufD_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/19ddad-c458-441e-984e-573f17d2aef3/1/GYjt7dsqbsOIVWJB0DCShxnbPUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/19ddad-c458-441e-984e-573f17d2aef3/1/tM2Wsn6IQ1BLtb1VwynsAtufD_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.236.0/22
                IPv6:
                  2a0f:4e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:67:69:e1:1a:6c:39:13:9a:b0:cd:9f:4f:76:ef:33:c3:7c:
         84:ca:d1:cf:30:88:5c:4e:6f:8e:97:a0:e5:f0:89:89:09:21:
         c6:3b:93:35:7c:4f:77:f7:e9:aa:5c:db:22:ac:31:ab:6d:3b:
         95:03:06:d0:15:5a:e7:1f:02:87:a9:7a:0f:4e:a2:5b:49:08:
         36:32:0c:f8:0d:f2:a8:0b:3f:f5:91:43:35:e3:45:5e:71:54:
         97:7c:12:ed:e7:39:bd:21:7d:fd:4c:16:cd:2d:16:55:db:18:
         f0:22:70:69:9a:a1:a6:5d:8c:c7:3c:48:50:5b:90:88:cb:65:
         35:cc:ab:2e:e2:09:35:e5:4a:9e:e0:81:2f:69:dd:a4:c0:91:
         60:0c:82:5e:bd:ed:7f:42:f5:e5:93:62:08:cb:21:37:fa:c5:
         6c:67:38:20:af:fe:48:d6:a1:a1:b5:48:da:c1:2f:77:6d:12:
         48:15:72:e0:4c:2f:54:4d:57:47:bb:a9:c6:40:0c:61:f3:a9:
         15:0f:17:9f:95:b4:97:b1:c7:fd:ea:d8:64:d8:44:b5:42:32:
         15:78:e5:36:0d:9e:98:da:0e:81:69:9b:29:6a:b6:30:6a:25:
         80:b7:0f:bd:fc:52:81:44:fc:07:8b:2a:69:1c:60:2b:42:58:
         6d:3c:b0:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbkB0uwtgq63dMG/PtM8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Y2Q5NmIyN2U4ODQzNTA0YmI1YmQ1NWMzMjllYzAyZGI5
ZjBmZmQwHhcNMjQwMTAxMTQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg4ZWRlZGRiMmE2ZWMzODg1NTYyNDFkMDMwOTI4NzE5ZGIzZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlD5BE3JUuHuB/r/EWtH9zOquWFqm
ZVrox8fgyw2VfLnSQbOV6/oPfYqpB7ShZJbW0LHHKX9fTXgz6cbRVznjUBwUTbgG
OBsf1LCwG5xvxg7/LE+IOUYzeQe1X7PULZv9CYjVTgluAXBp/wTPEJ3QlPL6uCSn
EINPgok1X5bRx2CSWwRA6umoOB9HyDZ0345c5QZohPdVpTq3kdEtbkCs99eMvJDm
dgPJ03LCglS9sr1xfssnOQyJYs0vo9OBomAh8pouyelvAllN544rOA6bGwyOu7WW
xf96DAQiVJMca5PiQFjaq9YY6H/DzfBLW/WupVABsYXIy+GX+yursPmgZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBmI7e3bKm7DiFViQdAwkocZ2z1AMB8GA1UdIwQY
MBaAFLTNlrJ+iENQS7W9VcMp7ALbnw/9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE0yV3NuNklRMUJMdGIxVnd5bnNBdHVmRF8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8xOWRkYWQtYzQ1OC00NDFlLTk4NGUt
NTczZjE3ZDJhZWYzLzEvR1lqdDdkc3Fic09JVldKQjBEQ1NoeG5iUFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8xOWRkYWQtYzQ1OC00NDFlLTk4NGUtNTczZjE3ZDJhZWYz
LzEvdE0yV3NuNklRMUJMdGIxVnd5bnNBdHVmRF8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ3sMA0E
AgACMAcDBQMqD06AMA0GCSqGSIb3DQEBCwUAA4IBAQBxZ2nhGmw5E5qwzZ9Pdu8z
w3yEytHPMIhcTm+Ol6Dl8ImJCSHGO5M1fE939+mqXNsirDGrbTuVAwbQFVrnHwKH
qXoPTqJbSQg2Mgz4DfKoCz/1kUM140VecVSXfBLt5zm9IX39TBbNLRZV2xjwInBp
mqGmXYzHPEhQW5CIy2U1zKsu4gk15Uqe4IEvad2kwJFgDIJeve1/QvXlk2IIyyE3
+sVsZzggr/5I1qGhtUjawS93bRJIFXLgTC9UTVdHu6nGQAxh86kVDxeflbSXscf9
6thk2ES1QjIVeOU2DZ6Y2g6BaZsparYwaiWAtw+9/FKBRPwHiyppHGArQlhtPLAG
-----END CERTIFICATE-----