Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/461Y9y958Bhw06ciZIL7gvVuFCo.roa
File:                     461Y9y958Bhw06ciZIL7gvVuFCo.roa (raw, json)
Hash identifier:          uSpmPyatT2O83fxnpJk/WL7j11hGSOALKAXWXjJ2LWY=
Subject key identifier:   E3:AD:58:F7:2F:79:F0:18:70:D3:A7:22:64:82:FB:82:F5:6E:14:2A
Certificate issuer:       /CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
Certificate serial:       018CC94DF82B153CEB26400A5D8048CBE262
Authority key identifier: 5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/461Y9y958Bhw06ciZIL7gvVuFCo.roa
Signing time:             Tue 02 Jan 2024 08:32:59 +0000
ROA not before:           Tue 02 Jan 2024 08:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211215
IP address blocks:        45.128.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:f8:2b:15:3c:eb:26:40:0a:5d:80:48:cb:e2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
        Validity
            Not Before: Jan  2 08:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3ad58f72f79f01870d3a7226482fb82f56e142a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d6:ba:7c:d4:ac:fc:69:74:81:81:87:de:e6:
                    17:ec:b3:25:c8:a0:68:07:cf:95:4a:58:88:ed:37:
                    c6:b9:48:11:33:87:52:db:b4:e0:fa:b9:19:34:84:
                    70:32:d6:6f:0b:ef:2f:83:19:a0:c3:43:15:37:fb:
                    d4:eb:4d:8c:66:df:f5:ff:5e:e9:0f:85:24:16:8c:
                    68:d7:ae:a5:40:a5:4e:b9:4a:66:ce:c8:29:b3:44:
                    22:49:1c:65:5b:30:a6:b3:96:ba:51:83:ca:97:f5:
                    8d:69:24:32:6d:b5:d8:df:28:99:fe:34:6a:56:3a:
                    59:a3:14:06:9d:c1:a6:95:cd:f1:e8:51:1f:47:56:
                    b4:f0:ba:68:1c:40:d1:cf:fa:61:df:12:c9:e4:cc:
                    a0:73:12:0e:6f:f8:9c:70:c4:3a:8f:d5:fa:5e:44:
                    9d:c3:7c:b2:5a:a8:4c:73:a3:06:8a:e9:82:aa:11:
                    dc:50:7b:cd:52:73:80:6d:93:58:64:1e:01:34:f8:
                    b2:4c:3f:fd:2d:e6:cd:78:60:ee:69:b7:7e:6a:91:
                    23:d4:a1:4b:cf:48:6f:11:63:4d:b7:2b:d7:46:a3:
                    f8:69:d2:45:b8:05:d9:58:0e:ce:9e:61:08:f7:92:
                    72:57:b3:1c:a3:8d:34:d0:b4:ff:49:49:4b:c4:68:
                    99:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:AD:58:F7:2F:79:F0:18:70:D3:A7:22:64:82:FB:82:F5:6E:14:2A
            X509v3 Authority Key Identifier:
                keyid:5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/461Y9y958Bhw06ciZIL7gvVuFCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:f5:d5:bf:a3:6a:84:78:c3:d4:86:ed:15:b5:a1:dc:df:e3:
         67:19:62:8d:4f:fd:28:1a:30:78:4d:67:ed:54:b0:64:44:d9:
         9c:5f:ba:c7:38:af:70:5a:ce:cf:28:c2:b4:b7:9e:7b:6f:db:
         39:07:01:4b:e3:3b:f3:18:b1:6b:fe:08:6d:cf:8e:6a:d4:20:
         95:1b:66:14:86:d2:5b:3b:07:71:48:4a:cc:7f:8a:54:07:ff:
         b3:38:a5:e7:68:24:cf:be:8c:a5:8b:c0:f5:f0:82:e9:a6:b8:
         1f:48:7e:d4:22:1e:1f:0c:7e:df:5e:27:94:21:e6:94:1c:9a:
         75:c3:23:9b:7e:52:b5:57:fa:e6:c0:4b:ca:25:46:01:24:a0:
         6b:28:e2:7a:b2:df:e8:e3:75:e9:78:6c:2d:82:ba:ef:17:9f:
         4e:2a:ac:41:3f:0e:09:2e:80:88:9c:d5:44:2a:15:dd:8a:69:
         fd:e5:66:99:42:36:95:5f:6f:82:0b:c6:d7:6a:8d:46:17:c7:
         40:db:f1:21:89:25:06:fa:48:ff:59:d2:cd:7d:93:e4:06:d2:
         f8:4b:65:02:3d:26:04:bd:3f:80:98:01:28:d8:45:28:39:a8:
         4d:dc:fe:d8:ad:7a:32:47:e2:73:58:79:14:d7:e6:ad:91:fe:
         43:2b:ea:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTfgrFTzrJkAKXYBIy+JiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWUwNTFhOTM5MDFlY2MwMTc0NDA3OWFhNGFjMmZiMDc3
YjlmYzEwHhcNMjQwMTAyMDgzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2FkNThmNzJmNzlmMDE4NzBkM2E3MjI2NDgyZmI4MmY1NmUxNDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArta6fNSs/Gl0gYGH3uYX7LMlyKBo
B8+VSliI7TfGuUgRM4dS27Tg+rkZNIRwMtZvC+8vgxmgw0MVN/vU602MZt/1/17p
D4UkFoxo166lQKVOuUpmzsgps0QiSRxlWzCms5a6UYPKl/WNaSQybbXY3yiZ/jRq
VjpZoxQGncGmlc3x6FEfR1a08LpoHEDRz/ph3xLJ5MygcxIOb/iccMQ6j9X6XkSd
w3yyWqhMc6MGiumCqhHcUHvNUnOAbZNYZB4BNPiyTD/9LebNeGDuabd+apEj1KFL
z0hvEWNNtyvXRqP4adJFuAXZWA7OnmEI95JyV7Mco4000LT/SUlLxGiZ8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOtWPcvefAYcNOnImSC+4L1bhQqMB8GA1UdIwQY
MBaAFFvuBRqTkB7MAXRAeapKwvsHe5/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjIt
YTUyYTg3OTVkOTU2LzEvNDYxWTl5OTU4Qmh3MDZjaVpJTDdndlZ1RkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjItYTUyYTg3OTVkOTU2
LzEvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYDgMA0G
CSqGSIb3DQEBCwUAA4IBAQCy9dW/o2qEeMPUhu0VtaHc3+NnGWKNT/0oGjB4TWft
VLBkRNmcX7rHOK9wWs7PKMK0t557b9s5BwFL4zvzGLFr/ghtz45q1CCVG2YUhtJb
OwdxSErMf4pUB/+zOKXnaCTPvoyli8D18ILpprgfSH7UIh4fDH7fXieUIeaUHJp1
wyObflK1V/rmwEvKJUYBJKBrKOJ6st/o43XpeGwtgrrvF59OKqxBPw4JLoCInNVE
KhXdimn95WaZQjaVX2+CC8bXao1GF8dA2/EhiSUG+kj/WdLNfZPkBtL4S2UCPSYE
vT+AmAEo2EUoOahN3P7YrXoyR+JzWHkU1+atkf5DK+pw
-----END CERTIFICATE-----