Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4lwVG1bD2QCCuymLdKICzqk5Xh0.roa
File:                     4lwVG1bD2QCCuymLdKICzqk5Xh0.roa (raw, json)
Hash identifier:          x3JEQC6BlkPD/39Y4KcmG1Qb7J6NIhxPRPtkXVEUKXo=
Subject key identifier:   E2:5C:15:1B:56:C3:D9:00:82:BB:29:8B:74:A2:02:CE:A9:39:5E:1D
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       01906F04B8D0584E12D4D60461940AFF7D7E
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4lwVG1bD2QCCuymLdKICzqk5Xh0.roa
Signing time:             Mon 01 Jul 2024 15:58:18 +0000
ROA not before:           Mon 01 Jul 2024 15:58:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        45.141.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:04:b8:d0:58:4e:12:d4:d6:04:61:94:0a:ff:7d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jul  1 15:58:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e25c151b56c3d90082bb298b74a202cea9395e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:20:70:9e:34:83:17:36:c3:0d:9a:db:ca:98:
                    4d:17:ff:50:db:91:22:47:93:04:4b:b7:bd:61:94:
                    f7:f9:43:cf:d6:13:b2:5b:d8:5c:84:9b:10:67:4c:
                    db:03:99:bf:4a:9d:16:f7:29:95:3a:91:be:83:ef:
                    81:8b:f7:7d:18:d9:d1:05:c5:d1:e2:6a:44:21:d3:
                    5c:33:95:94:31:08:f3:ac:aa:7a:b2:c7:1a:d4:53:
                    f8:69:cb:38:7b:e5:f4:20:2c:fe:91:32:ab:cc:b1:
                    cb:4a:47:ea:3a:cc:5d:b6:32:63:18:ca:f8:86:07:
                    cd:cd:db:f7:95:5d:21:d4:30:4c:3a:9d:ab:a2:64:
                    59:06:c7:e0:14:6d:7c:04:2d:02:74:df:64:9c:84:
                    07:07:fb:bc:63:33:cd:40:b9:f5:d9:d8:6d:75:a2:
                    61:cd:86:19:64:40:e6:42:0b:86:ab:3c:34:5f:57:
                    c7:29:df:04:98:e2:9f:cb:c0:14:cf:44:ea:b8:f8:
                    c8:63:11:62:61:8e:86:ce:13:25:f0:7a:61:1f:33:
                    b6:21:0d:d8:e2:1d:7e:57:bd:8a:45:eb:20:56:93:
                    a8:1a:39:86:c3:4c:63:58:af:af:53:ee:49:80:8c:
                    7b:97:14:85:35:04:14:2c:8b:3e:bd:52:17:1f:cf:
                    ae:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:5C:15:1B:56:C3:D9:00:82:BB:29:8B:74:A2:02:CE:A9:39:5E:1D
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4lwVG1bD2QCCuymLdKICzqk5Xh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:b0:b0:af:d5:24:8d:d1:c6:da:b8:76:52:f4:da:32:c9:44:
         3e:69:d5:b2:44:fc:3a:14:b1:6c:fd:af:55:d8:57:13:5a:9a:
         3f:79:db:64:aa:6b:d7:7e:5f:cb:ad:e1:86:58:32:0e:3e:d4:
         45:1f:fe:b1:d8:a2:39:43:d2:aa:0b:47:25:f0:69:26:1d:2c:
         8b:e3:41:cf:61:5b:f6:94:fc:83:3e:3f:df:a9:97:75:fd:c3:
         71:b0:2d:5c:59:1c:a1:1e:60:da:37:e1:69:99:05:7c:9b:6f:
         fa:4b:79:7d:cf:e2:8d:f9:24:71:95:28:3b:cb:d6:8d:d5:55:
         2d:d7:81:99:23:ff:16:0f:e5:6d:a8:10:fa:27:97:81:11:cb:
         45:3c:6f:75:20:03:52:a9:8e:07:30:cf:95:40:72:75:e5:36:
         d4:cc:17:bd:79:2f:4b:50:a6:8c:ae:bd:96:4b:c1:c2:75:2a:
         27:d7:81:3c:2f:ff:cb:0b:b7:34:f7:9b:e8:eb:e8:4d:2f:68:
         8d:80:c5:02:6a:14:f9:2e:42:4c:62:ca:02:9a:5d:cf:cf:8c:
         d9:dd:a9:17:f3:6a:9e:af:41:73:ef:51:61:e8:9c:4f:48:b7:
         69:91:58:ca:8b:52:53:e6:77:2d:fc:c8:17:59:94:a5:cf:5d:
         69:e0:f7:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBvBLjQWE4S1NYEYZQK/31+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNzAxMTU1ODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjVjMTUxYjU2YzNkOTAwODJiYjI5OGI3NGEyMDJjZWE5Mzk1ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSBwnjSDFzbDDZrbyphNF/9Q25Ei
R5MES7e9YZT3+UPP1hOyW9hchJsQZ0zbA5m/Sp0W9ymVOpG+g++Bi/d9GNnRBcXR
4mpEIdNcM5WUMQjzrKp6ssca1FP4acs4e+X0ICz+kTKrzLHLSkfqOsxdtjJjGMr4
hgfNzdv3lV0h1DBMOp2romRZBsfgFG18BC0CdN9knIQHB/u8YzPNQLn12dhtdaJh
zYYZZEDmQguGqzw0X1fHKd8EmOKfy8AUz0TquPjIYxFiYY6GzhMl8HphHzO2IQ3Y
4h1+V72KResgVpOoGjmGw0xjWK+vU+5JgIx7lxSFNQQULIs+vVIXH8+upwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJcFRtWw9kAgrspi3SiAs6pOV4dMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvNGx3VkcxYkQyUUNDdXltTGRLSUN6cWs1WGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY2oMA0G
CSqGSIb3DQEBCwUAA4IBAQCBsLCv1SSN0cbauHZS9NoyyUQ+adWyRPw6FLFs/a9V
2FcTWpo/edtkqmvXfl/LreGGWDIOPtRFH/6x2KI5Q9KqC0cl8GkmHSyL40HPYVv2
lPyDPj/fqZd1/cNxsC1cWRyhHmDaN+FpmQV8m2/6S3l9z+KN+SRxlSg7y9aN1VUt
14GZI/8WD+VtqBD6J5eBEctFPG91IANSqY4HMM+VQHJ15TbUzBe9eS9LUKaMrr2W
S8HCdSon14E8L//LC7c095vo6+hNL2iNgMUCahT5LkJMYsoCml3Pz4zZ3akX82qe
r0Fz71Fh6JxPSLdpkVjKi1JT5nct/MgXWZSlz11p4Pdj
-----END CERTIFICATE-----