Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/g7yGwbxbAtdZTgTXVcUB1gQkYu0.roa
File:                     g7yGwbxbAtdZTgTXVcUB1gQkYu0.roa (raw, json)
Hash identifier:          Antl1Yl/f8Kck9j4xwBFfPslSsJD9ZG4Fwi1aGoiG8E=
Subject key identifier:   83:BC:86:C1:BC:5B:02:D7:59:4E:04:D7:55:C5:01:D6:04:24:62:ED
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A723C3A7B7278CD74AD6F3DE32A92
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/g7yGwbxbAtdZTgTXVcUB1gQkYu0.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        45.139.4.0/23 maxlen: 24
                          45.139.6.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:72:3c:3a:7b:72:78:cd:74:ad:6f:3d:e3:2a:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83bc86c1bc5b02d7594e04d755c501d6042462ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a4:2b:34:7e:01:1c:38:d6:d5:b5:d6:9f:77:
                    a2:81:ac:41:20:50:3d:e5:d5:94:0e:2b:bf:eb:c5:
                    c7:43:43:e4:29:a1:2a:4a:e7:5d:7c:b1:28:7e:4e:
                    9c:e6:88:c0:31:8d:49:b1:93:e2:73:ef:44:2a:af:
                    fc:05:90:ed:05:40:a2:24:0d:2c:4d:65:ad:2e:9a:
                    9f:40:d2:19:9e:c7:b4:a3:3f:b7:f2:60:3b:86:5b:
                    e0:0b:1f:72:6b:6e:9e:de:7e:6d:96:f1:b0:1e:c8:
                    1d:7b:9f:0a:c6:71:d6:91:6b:77:8b:d4:87:68:b9:
                    88:a0:6f:e0:2f:4d:b2:91:34:ea:6f:d9:d5:9a:7e:
                    71:f5:a9:3a:65:b2:61:2c:41:ce:11:a5:c1:e0:96:
                    46:dc:33:73:44:ec:50:90:81:b5:d5:70:0f:c7:c2:
                    12:97:58:7f:e8:11:f0:57:5c:64:af:37:ca:31:0c:
                    8b:f9:5f:12:d9:db:4b:9f:e2:2e:4e:ac:bf:36:b1:
                    e4:34:6f:6b:78:c7:88:d5:25:69:aa:fd:c2:5d:dc:
                    1e:01:1e:6f:dc:8e:28:44:28:ff:2e:2f:38:1e:1d:
                    6b:0d:2b:5b:79:b4:fb:b5:e3:61:7a:80:32:eb:b7:
                    ba:f5:28:7e:c3:f0:11:32:4a:7d:6b:7e:e5:cb:1b:
                    ed:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BC:86:C1:BC:5B:02:D7:59:4E:04:D7:55:C5:01:D6:04:24:62:ED
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/g7yGwbxbAtdZTgTXVcUB1gQkYu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:ba:53:5b:6e:90:ed:55:b1:90:af:f4:17:c5:3d:a7:9c:ef:
         74:a7:fd:2b:06:20:dd:f5:3b:04:b2:6f:04:19:08:0e:01:bc:
         b7:f6:2e:52:24:57:7b:be:75:c5:f9:dd:59:ed:d3:35:ec:94:
         f0:ee:89:47:cb:b3:27:5f:aa:a7:f4:40:f9:4c:a4:af:c0:5a:
         1e:c5:64:c3:eb:43:30:02:12:02:d6:0d:8a:95:b8:24:d6:cd:
         0f:07:36:07:5c:69:14:41:40:78:66:e5:da:2c:e3:cc:74:c9:
         32:a1:c7:2f:ab:58:53:52:0f:1d:72:11:a4:e4:95:0d:e7:0f:
         ba:59:c1:0f:d4:5a:cc:c8:8e:c6:fd:e4:22:f8:ba:29:90:f4:
         c5:d1:b3:ad:54:95:10:e9:dc:db:e2:c1:af:40:c4:b5:fc:d5:
         4a:53:80:89:21:1d:8b:62:15:c8:eb:6a:6c:79:f7:2c:de:6b:
         ee:b6:94:10:2f:cd:0f:a0:9f:a9:f9:e4:b5:fb:6b:29:57:4e:
         74:79:7e:37:87:c1:9f:35:ca:ee:43:11:7a:b5:fe:f7:b4:eb:
         7e:52:42:1a:ec:96:64:ee:36:4a:19:a9:9c:4f:00:ab:17:09:
         c5:18:1c:78:d1:9b:e3:20:30:09:df:cd:38:f4:30:b3:73:ae:
         0b:a2:53:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnI8OntyeM10rW894yqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2JjODZjMWJjNWIwMmQ3NTk0ZTA0ZDc1NWM1MDFkNjA0MjQ2MmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaQrNH4BHDjW1bXWn3eigaxBIFA9
5dWUDiu/68XHQ0PkKaEqSuddfLEofk6c5ojAMY1JsZPic+9EKq/8BZDtBUCiJA0s
TWWtLpqfQNIZnse0oz+38mA7hlvgCx9ya26e3n5tlvGwHsgde58KxnHWkWt3i9SH
aLmIoG/gL02ykTTqb9nVmn5x9ak6ZbJhLEHOEaXB4JZG3DNzROxQkIG11XAPx8IS
l1h/6BHwV1xkrzfKMQyL+V8S2dtLn+IuTqy/NrHkNG9reMeI1SVpqv3CXdweAR5v
3I4oRCj/Li84Hh1rDStbebT7teNheoAy67e69Sh+w/ARMkp9a37lyxvtNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO8hsG8WwLXWU4E11XFAdYEJGLtMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvZzd5R3dieGJBdGRaVGdUWFZjVUIxZ1FrWXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYsEMA0G
CSqGSIb3DQEBCwUAA4IBAQBAulNbbpDtVbGQr/QXxT2nnO90p/0rBiDd9TsEsm8E
GQgOAby39i5SJFd7vnXF+d1Z7dM17JTw7olHy7MnX6qn9ED5TKSvwFoexWTD60Mw
AhIC1g2Klbgk1s0PBzYHXGkUQUB4ZuXaLOPMdMkyoccvq1hTUg8dchGk5JUN5w+6
WcEP1FrMyI7G/eQi+LopkPTF0bOtVJUQ6dzb4sGvQMS1/NVKU4CJIR2LYhXI62ps
efcs3mvutpQQL80PoJ+p+eS1+2spV050eX43h8GfNcruQxF6tf73tOt+UkIa7JZk
7jZKGamcTwCrFwnFGBx40ZvjIDAJ38049DCzc64LolN7
-----END CERTIFICATE-----