Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/TE3cmJCNAO_NcAq1R6Quq6CmcCQ.roa
File:                     TE3cmJCNAO_NcAq1R6Quq6CmcCQ.roa (raw, json)
Hash identifier:          o7ddhSb3rsha9ohbabzQ2f21vlRvSCRKgtkCi32aLPo=
Subject key identifier:   4C:4D:DC:98:90:8D:00:EF:CD:70:0A:B5:47:A4:2E:AB:A0:A6:70:24
Certificate issuer:       /CN=c4add5ba7662b731dd08bcf8738f135d93aed451
Certificate serial:       018CC56E4B9DF645B96905796E4F19D285AB
Authority key identifier: C4:AD:D5:BA:76:62:B7:31:DD:08:BC:F8:73:8F:13:5D:93:AE:D4:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xK3VunZitzHdCLz4c48TXZOu1FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/TE3cmJCNAO_NcAq1R6Quq6CmcCQ.roa
Signing time:             Mon 01 Jan 2024 14:29:48 +0000
ROA not before:           Mon 01 Jan 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.149.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/xK3VunZitzHdCLz4c48TXZOu1FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/xK3VunZitzHdCLz4c48TXZOu1FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xK3VunZitzHdCLz4c48TXZOu1FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4b:9d:f6:45:b9:69:05:79:6e:4f:19:d2:85:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4add5ba7662b731dd08bcf8738f135d93aed451
        Validity
            Not Before: Jan  1 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c4ddc98908d00efcd700ab547a42eaba0a67024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ed:f0:75:10:20:6e:d5:0a:00:2b:c7:a4:da:
                    c0:a8:be:23:a4:30:e8:a8:15:94:db:3e:3b:26:7b:
                    ed:9a:a8:23:46:43:ae:4e:0c:4c:ea:c8:ae:0a:b9:
                    0e:77:21:ed:5f:2f:d8:b0:85:20:18:92:66:c6:3b:
                    6f:a2:ef:f1:da:23:ca:cf:86:08:f4:88:5b:dd:e4:
                    5a:fe:88:e1:9a:db:09:8c:59:af:3a:40:0a:17:17:
                    b5:ca:9e:03:d4:17:70:45:ba:71:66:10:ac:16:2d:
                    ba:40:4a:af:14:16:df:ba:7e:d6:1c:50:c9:76:a8:
                    6f:27:f1:a4:6e:3e:1d:c8:4b:a0:75:31:ca:88:29:
                    fb:1c:53:79:9c:a7:f8:7f:d1:59:1d:b1:bb:ab:0f:
                    64:c5:aa:1d:36:2b:b7:f4:78:80:2c:f4:7f:70:43:
                    de:c1:76:51:ff:74:c8:20:6d:12:8a:3d:03:26:b7:
                    9f:b6:81:3f:23:75:b1:62:8c:08:1f:90:e8:02:15:
                    da:b0:9b:de:46:14:25:11:00:67:dc:23:b0:8b:28:
                    0e:c9:53:8f:42:10:3d:88:ae:10:85:14:90:34:88:
                    08:11:95:dc:45:67:95:af:5b:0a:85:69:08:18:82:
                    aa:8f:3d:bd:e7:0a:7c:8d:4f:7f:84:97:1e:01:09:
                    66:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4D:DC:98:90:8D:00:EF:CD:70:0A:B5:47:A4:2E:AB:A0:A6:70:24
            X509v3 Authority Key Identifier:
                keyid:C4:AD:D5:BA:76:62:B7:31:DD:08:BC:F8:73:8F:13:5D:93:AE:D4:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xK3VunZitzHdCLz4c48TXZOu1FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/TE3cmJCNAO_NcAq1R6Quq6CmcCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/xK3VunZitzHdCLz4c48TXZOu1FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:0a:ea:43:3c:6c:9b:cd:cb:68:4b:2d:0b:5e:da:7c:8c:6c:
         10:06:d3:e5:c4:c4:f8:c5:49:35:59:93:53:15:a2:fe:1d:f4:
         ce:02:2e:86:3f:e7:26:73:a1:ad:4e:a9:39:a2:e9:fa:44:4e:
         d8:6a:56:0b:9a:57:13:e0:0c:96:37:73:dc:63:28:cd:06:71:
         49:4a:35:15:39:92:e2:64:c1:6e:80:25:1a:a7:1a:61:af:79:
         2d:19:92:61:69:31:aa:e4:94:d7:82:6d:e8:3d:9c:dc:1d:91:
         e0:dd:e6:bf:ef:bc:e1:d0:22:ac:2f:9e:00:bb:93:27:87:9b:
         1e:2f:b1:90:5c:ca:26:f0:ab:7e:1b:2a:4e:e4:29:a7:92:89:
         c9:96:62:55:f0:19:96:4b:a8:ee:58:bb:7b:cd:ea:cf:ac:de:
         f5:b2:b3:00:ff:25:55:85:f9:b7:f0:7c:46:4d:4f:25:3b:9b:
         2a:47:bb:a4:c4:52:fc:cc:05:fb:cd:de:a6:23:57:83:6e:cf:
         11:d7:d6:36:b2:a7:0d:9d:e4:5b:77:7f:0c:59:ac:ed:e2:c0:
         bb:1f:35:5c:3d:32:f8:59:83:06:44:b9:a5:24:71:52:81:7d:
         cf:7f:b2:08:8d:e3:81:67:93:8b:ad:d6:81:9a:c9:54:80:f5:
         c3:41:27:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbkud9kW5aQV5bk8Z0oWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YWRkNWJhNzY2MmI3MzFkZDA4YmNmODczOGYxMzVkOTNh
ZWQ0NTEwHhcNMjQwMTAxMTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzRkZGM5ODkwOGQwMGVmY2Q3MDBhYjU0N2E0MmVhYmEwYTY3MDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju3wdRAgbtUKACvHpNrAqL4jpDDo
qBWU2z47JnvtmqgjRkOuTgxM6siuCrkOdyHtXy/YsIUgGJJmxjtvou/x2iPKz4YI
9Ihb3eRa/ojhmtsJjFmvOkAKFxe1yp4D1BdwRbpxZhCsFi26QEqvFBbfun7WHFDJ
dqhvJ/Gkbj4dyEugdTHKiCn7HFN5nKf4f9FZHbG7qw9kxaodNiu39HiALPR/cEPe
wXZR/3TIIG0Sij0DJreftoE/I3WxYowIH5DoAhXasJveRhQlEQBn3COwiygOyVOP
QhA9iK4QhRSQNIgIEZXcRWeVr1sKhWkIGIKqjz295wp8jU9/hJceAQlmrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExN3JiQjQDvzXAKtUekLqugpnAkMB8GA1UdIwQY
MBaAFMSt1bp2Yrcx3Qi8+HOPE12TrtRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEszVnVuWml0ekhkQ0x6NGM0OFRYWk91MUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8zNDZhMjMtMTE4MS00YTgwLTlmNTUt
ZGQ3ZDQ3Y2Y1YzE4LzEvVEUzY21KQ05BT19OY0FxMVI2UXVxNkNtY0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8zNDZhMjMtMTE4MS00YTgwLTlmNTUtZGQ3ZDQ3Y2Y1YzE4
LzEveEszVnVuWml0ekhkQ0x6NGM0OFRYWk91MUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZVsMA0G
CSqGSIb3DQEBCwUAA4IBAQBDCupDPGybzctoSy0LXtp8jGwQBtPlxMT4xUk1WZNT
FaL+HfTOAi6GP+cmc6GtTqk5oun6RE7YalYLmlcT4AyWN3PcYyjNBnFJSjUVOZLi
ZMFugCUapxphr3ktGZJhaTGq5JTXgm3oPZzcHZHg3ea/77zh0CKsL54Au5Mnh5se
L7GQXMom8Kt+GypO5CmnkonJlmJV8BmWS6juWLt7zerPrN71srMA/yVVhfm38HxG
TU8lO5sqR7ukxFL8zAX7zd6mI1eDbs8R19Y2sqcNneRbd38MWazt4sC7HzVcPTL4
WYMGRLmlJHFSgX3Pf7IIjeOBZ5OLrdaBmslUgPXDQScT
-----END CERTIFICATE-----