Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4B3_MshNOWnWjP1BmUx5GXRuYXQ.roa
File:                     4B3_MshNOWnWjP1BmUx5GXRuYXQ.roa (raw, json)
Hash identifier:          vtRq/5g0n/DkAaOADbPmajlUlRSvasZCKPeJT99ypTw=
Subject key identifier:   E0:1D:FF:32:C8:4D:39:69:D6:8C:FD:41:99:4C:79:19:74:6E:61:74
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0195F5AB2867D6E4A70C23BE938C1A9FB1EA
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4B3_MshNOWnWjP1BmUx5GXRuYXQ.roa
Signing time:             Wed 02 Apr 2025 08:43:09 +0000
ROA not before:           Wed 02 Apr 2025 08:43:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        45.141.168.0/23 maxlen: 23
                          148.222.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f5:ab:28:67:d6:e4:a7:0c:23:be:93:8c:1a:9f:b1:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr  2 08:43:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e01dff32c84d3969d68cfd41994c7919746e6174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:ff:02:dd:6c:8b:04:e8:de:4b:5d:4a:be:26:
                    3e:04:e4:81:c4:0f:69:84:7f:02:76:78:67:80:5b:
                    5a:cb:e5:2e:4a:53:b6:18:c7:44:f5:50:51:48:d2:
                    c7:c2:fa:b5:6f:ae:30:f6:91:8a:ec:99:c4:d9:61:
                    6a:ec:22:71:b1:77:62:d0:02:17:30:d0:c9:b2:87:
                    8b:c0:12:83:c6:e2:2a:ee:33:53:e9:5f:2a:5b:18:
                    ce:7d:80:f7:5f:15:e7:e1:3e:df:d1:e8:c0:01:13:
                    a4:3e:97:b9:5b:7b:be:5f:2d:78:fd:66:47:03:bb:
                    4b:e9:54:09:23:ad:01:0b:50:d9:bd:ce:b2:c3:33:
                    c7:34:5f:36:62:89:05:ba:5b:3c:0a:0c:ea:09:b2:
                    7b:36:25:1f:2c:ce:6b:ca:46:59:43:1a:79:c3:9d:
                    e3:6c:c8:79:dd:b2:61:3a:e1:10:22:92:01:52:0a:
                    9e:de:b6:9b:1a:49:70:fe:15:ba:3b:fc:f0:af:c8:
                    4b:d4:e0:ca:b2:1c:6c:3c:33:96:22:92:af:d3:c4:
                    db:fe:e0:a9:dc:ea:d0:d2:f9:d0:08:c1:c0:87:a9:
                    5a:90:1c:70:77:83:9b:1d:19:72:0a:ae:08:bb:de:
                    8b:0b:de:cb:6c:29:dd:ee:5d:10:45:e0:a5:b2:c2:
                    f2:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1D:FF:32:C8:4D:39:69:D6:8C:FD:41:99:4C:79:19:74:6E:61:74
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4B3_MshNOWnWjP1BmUx5GXRuYXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23
                  148.222.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:45:52:f4:6c:7e:5a:82:45:34:9f:68:0e:ba:ea:d1:c3:bf:
         ea:5c:43:09:84:62:0f:07:05:1c:81:08:ac:1a:87:6e:bb:df:
         dd:07:cc:1e:b1:89:0c:6b:84:99:a9:41:5d:f2:c0:eb:77:fd:
         1a:87:c8:ad:1b:0f:f3:e7:ca:29:46:6e:35:e3:6b:8b:fd:85:
         b1:e9:f4:3b:cf:fd:c2:95:00:84:27:e1:98:5e:d4:8a:69:c4:
         4e:1d:06:f8:09:fa:6d:f6:bf:3a:ab:cc:b7:7e:c0:38:34:21:
         b9:a9:b3:f2:2c:6a:05:eb:71:16:63:98:17:f6:e4:b4:23:1b:
         37:97:32:50:dc:f5:0b:a4:5d:2a:5d:b9:01:f1:a4:2a:b2:cc:
         95:1e:0b:34:30:eb:21:f4:28:f6:b0:b0:fd:de:e6:8c:fd:cf:
         ab:cd:31:8c:b8:d7:41:f5:39:59:a2:dc:f3:d2:2f:9e:12:20:
         81:3c:23:42:09:e9:29:a1:3f:f6:1f:19:34:a6:7b:66:45:09:
         bf:f1:c3:af:a0:02:74:f7:3a:5c:97:2f:12:25:92:39:35:54:
         8d:4c:c7:6a:0c:5f:5e:92:82:14:c1:a9:83:b6:cd:e8:39:96:
         70:a4:f9:f6:72:f7:e2:cc:9e:a6:c6:ec:62:0b:59:6e:b6:14:
         9b:48:1e:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZX1qyhn1uSnDCO+k4wan7HqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwNDAyMDg0MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFkZmYzMmM4NGQzOTY5ZDY4Y2ZkNDE5OTRjNzkxOTc0NmU2MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4v8C3WyLBOjeS11KviY+BOSBxA9p
hH8CdnhngFtay+UuSlO2GMdE9VBRSNLHwvq1b64w9pGK7JnE2WFq7CJxsXdi0AIX
MNDJsoeLwBKDxuIq7jNT6V8qWxjOfYD3XxXn4T7f0ejAAROkPpe5W3u+Xy14/WZH
A7tL6VQJI60BC1DZvc6ywzPHNF82YokFuls8CgzqCbJ7NiUfLM5rykZZQxp5w53j
bMh53bJhOuEQIpIBUgqe3rabGklw/hW6O/zwr8hL1ODKshxsPDOWIpKv08Tb/uCp
3OrQ0vnQCMHAh6lakBxwd4ObHRlyCq4Iu96LC97LbCnd7l0QReClssLyjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOAd/zLITTlp1oz9QZlMeRl0bmF0MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvNEIzX01zaE5PV25XalAxQm1VeDVHWFJ1WVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY2oAwQC
lN7wMA0GCSqGSIb3DQEBCwUAA4IBAQAcRVL0bH5agkU0n2gOuurRw7/qXEMJhGIP
BwUcgQisGoduu9/dB8wesYkMa4SZqUFd8sDrd/0ah8itGw/z58opRm4142uL/YWx
6fQ7z/3ClQCEJ+GYXtSKacROHQb4Cfpt9r86q8y3fsA4NCG5qbPyLGoF63EWY5gX
9uS0Ixs3lzJQ3PULpF0qXbkB8aQqssyVHgs0MOsh9Cj2sLD93uaM/c+rzTGMuNdB
9TlZotzz0i+eEiCBPCNCCekpoT/2Hxk0pntmRQm/8cOvoAJ09zpcly8SJZI5NVSN
TMdqDF9ekoIUwamDts3oOZZwpPn2cvfizJ6mxuxiC1luthSbSB6X
-----END CERTIFICATE-----