Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/4WlJfsgQPbfrI_K_AHMfDMFlPJU.roa
File:                     4WlJfsgQPbfrI_K_AHMfDMFlPJU.roa (raw, json)
Hash identifier:          dOMmKDVXpCI6bwC6iW18F8c7BhOb6LRqxCKpOecG2Oc=
Subject key identifier:   E1:69:49:7E:C8:10:3D:B7:EB:23:F2:BF:00:73:1F:0C:C1:65:3C:95
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       0191E5890861EDBF86B6EA3375CFAE2B182F
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/4WlJfsgQPbfrI_K_AHMfDMFlPJU.roa
Signing time:             Thu 12 Sep 2024 09:20:48 +0000
ROA not before:           Thu 12 Sep 2024 09:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214766
IP address blocks:        45.132.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:89:08:61:ed:bf:86:b6:ea:33:75:cf:ae:2b:18:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Sep 12 09:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e169497ec8103db7eb23f2bf00731f0cc1653c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:22:32:8e:e0:7f:84:68:6d:94:f8:10:c7:d8:
                    f8:ee:80:91:a9:e9:5e:80:25:61:d4:84:1e:c2:3a:
                    30:2e:b8:58:c2:14:6a:9e:41:c0:d7:b4:ef:5e:b9:
                    35:aa:20:94:d5:57:b4:6e:40:12:27:8d:10:97:a9:
                    c5:94:5c:10:6f:7b:e6:52:fc:24:94:04:cd:ef:3e:
                    7e:91:d0:3a:63:aa:66:a3:a6:94:80:f1:a6:e0:a2:
                    20:17:10:c2:51:81:0e:8b:17:d6:eb:a1:f7:f6:bd:
                    a6:dd:f1:c7:98:ad:2e:12:aa:c7:02:eb:5a:7f:35:
                    b3:53:c5:b4:7e:38:c6:31:3b:0d:6d:f2:2e:6d:06:
                    ca:6f:26:e2:23:64:c8:4d:14:a8:75:ef:02:9c:be:
                    a3:ae:62:44:a0:3a:67:b5:6b:43:4a:44:8c:fd:59:
                    15:e7:f3:3e:da:22:19:50:df:17:20:1f:84:db:b3:
                    35:f8:ff:55:68:87:9d:fd:4d:45:41:0a:fa:65:92:
                    3a:15:0f:37:d1:e4:06:74:95:e4:ab:01:84:c3:6a:
                    c9:f2:f8:bd:ea:b6:56:2e:26:cb:eb:09:2c:6f:c9:
                    0b:10:bf:40:f0:47:3b:b1:d9:42:47:05:b7:02:91:
                    ac:40:e2:de:36:1a:24:12:2d:b6:ef:b0:09:58:84:
                    00:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:69:49:7E:C8:10:3D:B7:EB:23:F2:BF:00:73:1F:0C:C1:65:3C:95
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/4WlJfsgQPbfrI_K_AHMfDMFlPJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:16:35:a2:2a:70:d6:5e:e1:68:4f:9a:04:b2:c8:ab:27:a8:
         83:ab:c3:91:9a:c0:58:34:d6:29:00:ca:5f:34:c4:05:25:84:
         4d:7e:73:da:7b:4e:9e:c8:c6:eb:2d:59:19:45:b6:be:26:d7:
         e3:ed:8b:50:13:e1:ea:1e:05:5d:cc:f2:a5:39:75:13:a2:12:
         9b:1f:88:13:f7:4a:dc:ab:2f:d8:45:ad:e4:0a:57:91:70:a5:
         a8:2d:8f:63:8c:5e:13:b1:21:8d:c3:7c:a9:a2:81:61:e0:a9:
         ba:37:3a:92:be:5e:d8:58:68:27:62:a0:d1:b2:8c:13:7e:04:
         c0:51:41:35:92:f9:aa:df:c9:ce:48:53:22:c7:2d:6c:24:ef:
         55:89:8b:be:0a:08:6a:19:3c:d0:be:70:8c:ef:aa:ca:22:27:
         f6:ce:71:e6:23:15:e5:7d:9a:82:c2:a4:c4:eb:1e:48:66:e4:
         bc:f9:89:8c:6b:35:78:fc:a3:b0:3a:83:4d:3e:cb:82:62:68:
         40:c5:c6:c9:26:68:2e:69:f0:67:a0:7d:d0:4a:94:3f:0d:15:
         91:93:c5:91:fc:79:ec:bf:83:be:89:ae:3b:57:d6:af:82:1d:
         3d:9f:b4:c3:f4:47:d9:06:49:c3:b8:44:09:27:25:b1:ae:c0:
         78:70:34:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHliQhh7b+Gtuozdc+uKxgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjQwOTEyMDkyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTY5NDk3ZWM4MTAzZGI3ZWIyM2YyYmYwMDczMWYwY2MxNjUzYzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiIyjuB/hGhtlPgQx9j47oCRqele
gCVh1IQewjowLrhYwhRqnkHA17TvXrk1qiCU1Ve0bkASJ40Ql6nFlFwQb3vmUvwk
lATN7z5+kdA6Y6pmo6aUgPGm4KIgFxDCUYEOixfW66H39r2m3fHHmK0uEqrHAuta
fzWzU8W0fjjGMTsNbfIubQbKbybiI2TITRSode8CnL6jrmJEoDpntWtDSkSM/VkV
5/M+2iIZUN8XIB+E27M1+P9VaIed/U1FQQr6ZZI6FQ830eQGdJXkqwGEw2rJ8vi9
6rZWLibL6wksb8kLEL9A8Ec7sdlCRwW3ApGsQOLeNhokEi2277AJWIQASQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFpSX7IED236yPyvwBzHwzBZTyVMB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvNFdsSmZzZ1FQYmZySV9LX0FITWZETUZsUEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQbMA0G
CSqGSIb3DQEBCwUAA4IBAQAHFjWiKnDWXuFoT5oEssirJ6iDq8ORmsBYNNYpAMpf
NMQFJYRNfnPae06eyMbrLVkZRba+Jtfj7YtQE+HqHgVdzPKlOXUTohKbH4gT90rc
qy/YRa3kCleRcKWoLY9jjF4TsSGNw3ypooFh4Km6NzqSvl7YWGgnYqDRsowTfgTA
UUE1kvmq38nOSFMixy1sJO9ViYu+CghqGTzQvnCM76rKIif2znHmIxXlfZqCwqTE
6x5IZuS8+YmMazV4/KOwOoNNPsuCYmhAxcbJJmguafBnoH3QSpQ/DRWRk8WR/Hns
v4O+ia47V9avgh09n7TD9EfZBknDuEQJJyWxrsB4cDSk
-----END CERTIFICATE-----