Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/TiLCFd1Yd1T8XvoRu2zvGFTgdtM.roa
File:                     TiLCFd1Yd1T8XvoRu2zvGFTgdtM.roa (raw, json)
Hash identifier:          pR6X/4lKqbLD+0l8Wb9hqItHZd4n3YBYBbuizEoqpcY=
Subject key identifier:   4E:22:C2:15:DD:58:77:54:FC:5E:FA:11:BB:6C:EF:18:54:E0:76:D3
Certificate issuer:       /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial:       018CC3B67E171C871B53446D81BF2783DAA0
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/TiLCFd1Yd1T8XvoRu2zvGFTgdtM.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198521
IP address blocks:        45.15.52.0/24 maxlen: 32
                          45.15.54.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7e:17:1c:87:1b:53:44:6d:81:bf:27:83:da:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e22c215dd587754fc5efa11bb6cef1854e076d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:92:73:ff:82:91:e5:69:42:3c:84:08:25:15:
                    34:a6:54:b4:2c:c2:f7:15:6b:7e:69:02:f1:dd:61:
                    77:56:66:d2:f4:5b:81:fd:0e:fc:f8:a6:e8:d4:12:
                    69:f0:86:0b:2b:56:f9:19:5d:18:6c:4b:50:6c:2c:
                    7e:1d:a5:59:0e:89:2d:bb:92:c2:b0:be:81:79:5b:
                    db:8d:6d:29:88:72:91:ee:b6:59:66:f4:c3:9d:95:
                    a3:e0:bb:c4:8a:f7:ef:85:31:64:02:0e:72:8f:92:
                    11:a7:18:2b:f1:0b:a0:cb:29:8b:ec:ea:1b:18:bb:
                    97:6f:96:2e:07:b2:f0:e0:4e:36:3f:2f:fb:a4:a8:
                    99:a4:38:7f:1c:8b:1a:04:d7:19:58:ad:84:29:70:
                    d9:4d:b7:a9:54:ed:99:77:f7:03:4e:5f:bd:3d:4c:
                    da:4b:17:48:e8:79:46:70:3f:43:c4:05:d2:3e:92:
                    c2:e8:82:2d:48:cf:b9:2e:00:b7:75:ab:5f:16:ea:
                    d3:53:5e:10:cf:f6:fe:79:b6:10:e4:d7:8f:9b:cd:
                    30:c4:67:af:9e:bb:05:d8:e0:05:49:94:4b:97:c1:
                    8c:07:0e:8a:14:9e:ba:93:48:ab:14:83:29:1c:3c:
                    88:38:31:76:11:2f:89:a2:94:22:6a:ab:14:4a:f6:
                    52:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:22:C2:15:DD:58:77:54:FC:5E:FA:11:BB:6C:EF:18:54:E0:76:D3
            X509v3 Authority Key Identifier:
                keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/TiLCFd1Yd1T8XvoRu2zvGFTgdtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.52.0/24
                  45.15.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:c7:81:78:c8:96:5e:ae:be:64:6c:6a:78:69:49:fc:5f:8a:
         f2:3a:9b:4b:3a:51:05:6c:d9:13:73:3f:0a:53:0d:c2:63:d1:
         13:b3:f9:2e:23:60:8b:b4:42:08:4b:c4:ca:5b:cc:61:0d:e3:
         cb:20:22:52:77:2d:74:33:80:a0:d6:64:0b:4b:1c:31:b7:a9:
         99:1f:8d:16:f2:2a:52:c1:84:09:0e:59:12:04:6f:3e:4c:92:
         44:26:36:8b:83:42:ed:b9:2a:9a:14:68:97:f7:32:4c:0b:0f:
         c8:a5:c7:7a:0e:3d:15:95:de:c5:20:3b:ae:c8:be:3d:41:d8:
         e7:78:38:73:b2:f4:e7:80:03:d1:e1:6d:99:b4:17:8d:ca:5b:
         7c:a5:ee:b1:83:14:1b:c9:5f:bc:39:7b:93:10:73:3c:73:c4:
         9e:7e:a8:0d:c7:e7:96:23:36:10:9a:fe:05:bf:ad:c6:32:b1:
         83:43:f0:35:cd:13:97:28:43:8a:bb:67:af:91:e5:19:81:c4:
         40:52:40:1c:4e:1e:1c:0e:43:f3:91:a1:ec:5e:6d:c1:e2:11:
         8e:c4:2a:be:3a:10:2a:60:bb:1f:c3:6f:2f:8c:a9:f5:1c:3d:
         05:d6:34:b0:76:61:09:f5:47:3e:46:e3:eb:80:1b:13:a6:c1:
         02:eb:dc:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtn4XHIcbU0Rtgb8ng9qgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIyYzIxNWRkNTg3NzU0ZmM1ZWZhMTFiYjZjZWYxODU0ZTA3NmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35Jz/4KR5WlCPIQIJRU0plS0LML3
FWt+aQLx3WF3VmbS9FuB/Q78+Kbo1BJp8IYLK1b5GV0YbEtQbCx+HaVZDoktu5LC
sL6BeVvbjW0piHKR7rZZZvTDnZWj4LvEivfvhTFkAg5yj5IRpxgr8QugyymL7Oob
GLuXb5YuB7Lw4E42Py/7pKiZpDh/HIsaBNcZWK2EKXDZTbepVO2Zd/cDTl+9PUza
SxdI6HlGcD9DxAXSPpLC6IItSM+5LgC3datfFurTU14Qz/b+ebYQ5NePm80wxGev
nrsF2OAFSZRLl8GMBw6KFJ66k0irFIMpHDyIODF2ES+JopQiaqsUSvZSUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE4iwhXdWHdU/F76Ebts7xhU4HbTMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvVGlMQ0ZkMVlkMVQ4WHZvUnUyenZHRlRnZHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ80AwQB
LQ82MA0GCSqGSIb3DQEBCwUAA4IBAQArx4F4yJZerr5kbGp4aUn8X4ryOptLOlEF
bNkTcz8KUw3CY9ETs/kuI2CLtEIIS8TKW8xhDePLICJSdy10M4Cg1mQLSxwxt6mZ
H40W8ipSwYQJDlkSBG8+TJJEJjaLg0LtuSqaFGiX9zJMCw/Ipcd6Dj0Vld7FIDuu
yL49QdjneDhzsvTngAPR4W2ZtBeNylt8pe6xgxQbyV+8OXuTEHM8c8SefqgNx+eW
IzYQmv4Fv63GMrGDQ/A1zROXKEOKu2evkeUZgcRAUkAcTh4cDkPzkaHsXm3B4hGO
xCq+OhAqYLsfw28vjKn1HD0F1jSwdmEJ9Uc+RuPrgBsTpsEC69xF
-----END CERTIFICATE-----