Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/4ORe2X1iPPR8WW4U270aGg6m-9w.roa
File:                     4ORe2X1iPPR8WW4U270aGg6m-9w.roa (raw, json)
Hash identifier:          HnmO2+M/L6Bls//+lJ/dqu3Ge7stVfLuPpcOxh6vo7k=
Subject key identifier:   E0:E4:5E:D9:7D:62:3C:F4:7C:59:6E:14:DB:BD:1A:1A:0E:A6:FB:DC
Certificate issuer:       /CN=a39b4943e7d6b4b0e1de85c9bc38b857554dd47d
Certificate serial:       018CC64B88BD50F0E10F2E0A3FA40F6F73D4
Authority key identifier: A3:9B:49:43:E7:D6:B4:B0:E1:DE:85:C9:BC:38:B8:57:55:4D:D4:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/4ORe2X1iPPR8WW4U270aGg6m-9w.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29467
IP address blocks:        45.67.254.0/24 maxlen: 24
                          45.67.255.0/24 maxlen: 24
                          45.67.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:88:bd:50:f0:e1:0f:2e:0a:3f:a4:0f:6f:73:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a39b4943e7d6b4b0e1de85c9bc38b857554dd47d
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0e45ed97d623cf47c596e14dbbd1a1a0ea6fbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:25:0b:5f:04:1f:11:0a:41:3e:26:52:f8:42:
                    03:d8:5e:e7:08:60:3e:f3:dd:d4:14:15:88:83:1a:
                    b3:76:f2:b3:7f:7c:43:ad:1c:cd:ff:10:ee:70:00:
                    66:fc:4b:3e:e1:dd:b4:f9:75:17:75:f1:d0:90:7b:
                    8b:c3:bb:7d:7d:b1:80:1e:5b:86:4f:77:ba:dc:4c:
                    a6:7c:f6:61:71:2e:dc:14:7c:76:21:d2:32:0a:9f:
                    01:87:f8:eb:4e:d3:d7:29:34:f4:a5:4d:ae:44:c0:
                    a5:7a:8d:56:7b:58:72:a5:c2:c3:bf:cf:0f:c0:46:
                    58:2e:20:b3:81:1a:7b:15:d7:bc:6b:1c:15:d0:4e:
                    3d:24:20:ba:74:5e:ed:55:66:fe:d1:2d:f1:bf:d1:
                    cd:5f:4e:c8:8a:59:76:aa:db:3f:4f:16:49:b6:96:
                    73:b5:2b:f8:3e:55:40:79:b1:e4:ec:f3:04:08:e1:
                    75:ad:a2:5e:e9:b4:42:02:c0:51:cb:1e:b9:6f:b5:
                    ae:2a:03:06:7c:5c:0a:da:06:df:a1:d1:95:af:b3:
                    bc:15:cc:39:ca:b5:08:71:96:1c:e1:46:48:4b:c0:
                    69:99:ad:74:2b:3f:0b:f8:94:c4:96:d5:64:1d:9a:
                    f8:54:ca:ad:42:b6:bb:aa:c2:28:da:60:34:79:11:
                    7b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:E4:5E:D9:7D:62:3C:F4:7C:59:6E:14:DB:BD:1A:1A:0E:A6:FB:DC
            X509v3 Authority Key Identifier:
                keyid:A3:9B:49:43:E7:D6:B4:B0:E1:DE:85:C9:BC:38:B8:57:55:4D:D4:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/4ORe2X1iPPR8WW4U270aGg6m-9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.252.0/24
                  45.67.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:ce:95:16:61:7b:ee:4e:bf:c9:8c:58:45:5b:85:ff:1a:b8:
         5a:75:12:05:b1:b1:94:63:af:e5:8f:0f:c9:52:96:6e:57:75:
         9e:53:4a:8b:85:a8:57:96:94:9d:dc:53:d8:56:29:17:64:29:
         8d:1e:ae:6e:b0:cb:84:5d:f9:fd:ce:45:d9:02:3f:ab:72:71:
         2c:7a:74:b6:76:6f:b9:e3:21:42:01:19:ea:9a:7e:ea:3a:08:
         8f:4d:60:30:0d:8f:28:08:e8:6f:fd:6b:e6:09:2d:60:cb:cd:
         42:ff:c3:d4:ff:d5:84:54:ae:cc:70:e6:9f:9e:18:ed:8a:c8:
         38:22:cb:38:60:49:16:4f:97:0d:f9:57:e2:f1:47:90:66:34:
         d5:1f:3c:13:8f:e4:bd:76:35:14:d6:04:2f:60:33:2c:96:85:
         22:9b:b2:25:1f:ad:85:6f:27:e7:24:01:01:42:25:c7:46:96:
         64:c5:d1:55:c1:eb:bd:4f:f8:0a:fc:ff:3e:4c:77:30:2c:04:
         16:02:d3:ac:0a:d3:b6:b5:b7:14:e7:91:a4:e1:fc:4c:40:34:
         f2:03:2c:1c:1f:ad:ca:77:93:b0:f6:4c:20:58:13:13:cf:24:
         6b:02:7b:b5:28:3e:98:d8:5d:e5:56:cb:f2:55:d3:7c:33:e4:
         03:31:ed:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS4i9UPDhDy4KP6QPb3PUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOWI0OTQzZTdkNmI0YjBlMWRlODVjOWJjMzhiODU3NTU0
ZGQ0N2QwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGU0NWVkOTdkNjIzY2Y0N2M1OTZlMTRkYmJkMWExYTBlYTZmYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSULXwQfEQpBPiZS+EID2F7nCGA+
893UFBWIgxqzdvKzf3xDrRzN/xDucABm/Es+4d20+XUXdfHQkHuLw7t9fbGAHluG
T3e63EymfPZhcS7cFHx2IdIyCp8Bh/jrTtPXKTT0pU2uRMCleo1We1hypcLDv88P
wEZYLiCzgRp7Fde8axwV0E49JCC6dF7tVWb+0S3xv9HNX07Iill2qts/TxZJtpZz
tSv4PlVAebHk7PMECOF1raJe6bRCAsBRyx65b7WuKgMGfFwK2gbfodGVr7O8Fcw5
yrUIcZYc4UZIS8Bpma10Kz8L+JTEltVkHZr4VMqtQra7qsIo2mA0eRF7dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFODkXtl9Yjz0fFluFNu9GhoOpvvcMB8GA1UdIwQY
MBaAFKObSUPn1rSw4d6Fybw4uFdVTdR9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzV0SlEtZld0TERoM29YSnZEaTRWMVZOMUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS82Y2Y3MTItZGQwYi00YTkwLTk1OGUt
NjkzYmY2N2U2MWYzLzEvNE9SZTJYMWlQUFI4V1c0VTI3MGFHZzZtLTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS82Y2Y3MTItZGQwYi00YTkwLTk1OGUtNjkzYmY2N2U2MWYz
LzEvbzV0SlEtZld0TERoM29YSnZEaTRWMVZOMUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUP8AwQB
LUP+MA0GCSqGSIb3DQEBCwUAA4IBAQBpzpUWYXvuTr/JjFhFW4X/GrhadRIFsbGU
Y6/ljw/JUpZuV3WeU0qLhahXlpSd3FPYVikXZCmNHq5usMuEXfn9zkXZAj+rcnEs
enS2dm+54yFCARnqmn7qOgiPTWAwDY8oCOhv/WvmCS1gy81C/8PU/9WEVK7McOaf
nhjtisg4Iss4YEkWT5cN+Vfi8UeQZjTVHzwTj+S9djUU1gQvYDMsloUim7IlH62F
byfnJAEBQiXHRpZkxdFVweu9T/gK/P8+THcwLAQWAtOsCtO2tbcU55Gk4fxMQDTy
AywcH63Kd5Ow9kwgWBMTzyRrAnu1KD6Y2F3lVsvyVdN8M+QDMe0M
-----END CERTIFICATE-----