Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/wK_oDmvQI0bsQF7OUQK98Z5kR_4.roa
File:                     wK_oDmvQI0bsQF7OUQK98Z5kR_4.roa (raw, json)
Hash identifier:          W8yAf96xxhZbVLFnDqtClYNkau1ibL7YiLD4BB2aSxU=
Subject key identifier:   C0:AF:E8:0E:6B:D0:23:46:EC:40:5E:CE:51:02:BD:F1:9E:64:47:FE
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCA2A4813B2708CE0F913275DDD6A453F
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/wK_oDmvQI0bsQF7OUQK98Z5kR_4.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209408
IP address blocks:        45.66.224.0/22 maxlen: 22
                          2a09:6c40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:48:13:b2:70:8c:e0:f9:13:27:5d:dd:6a:45:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0afe80e6bd02346ec405ece5102bdf19e6447fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:14:69:54:33:01:f4:c3:0b:56:a9:2d:30:23:
                    3c:d2:9c:f2:51:9c:de:b2:81:ad:87:58:d8:2f:f0:
                    fa:a0:36:ac:5a:22:9a:50:88:25:e4:51:be:75:36:
                    9f:66:bb:78:e9:ab:b2:db:d8:c0:2d:a3:9a:13:a1:
                    f5:4f:ff:d2:9a:cf:72:36:99:02:31:7c:d9:f3:03:
                    58:0d:29:9e:39:93:a5:57:8d:ed:8c:96:de:64:52:
                    fb:0b:ee:7d:c6:32:33:5e:35:49:1a:59:1c:ae:b6:
                    33:dd:97:c5:3a:86:66:b7:42:20:c6:91:e9:fb:56:
                    30:e8:cd:2b:fa:16:f0:26:aa:0f:7d:29:a3:df:47:
                    b9:99:68:b2:ba:07:a5:6f:e2:d6:f7:e4:bc:5c:3e:
                    3d:9e:68:d2:79:29:92:fa:53:db:8a:fd:b3:b4:79:
                    6e:38:c2:68:5f:07:20:8b:1d:27:52:fe:83:aa:d8:
                    38:5a:f4:53:6b:7d:fc:e2:9a:5f:b9:40:cb:15:7b:
                    0c:fd:c4:25:07:bb:8c:ad:95:bf:a3:4e:91:ab:c6:
                    e0:4e:8b:7a:b6:5e:b3:30:b0:c1:4e:a1:0b:ed:59:
                    9c:53:2a:eb:88:24:f3:f0:f6:cb:9e:ed:8f:ca:67:
                    16:1c:8f:a8:87:58:c6:9b:70:55:f8:c0:f5:2a:26:
                    32:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:AF:E8:0E:6B:D0:23:46:EC:40:5E:CE:51:02:BD:F1:9E:64:47:FE
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/wK_oDmvQI0bsQF7OUQK98Z5kR_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:50:f7:80:70:cd:fe:f8:21:7d:62:2c:5f:78:93:9b:ac:d4:
         f4:91:f7:c0:d5:7d:2d:b2:2f:7d:49:56:d5:1b:5c:c4:73:20:
         e0:17:58:32:1a:91:c5:b3:53:97:49:4e:e9:dd:65:60:fb:6f:
         30:54:2e:6d:85:ee:cd:94:9a:0e:2a:83:d4:0b:98:c5:e5:2a:
         99:c5:2d:f5:ea:47:86:3e:fe:c6:d2:c8:1c:45:a9:57:26:bf:
         43:17:88:0d:2f:fb:f8:bc:49:da:2a:25:f8:ba:5c:a1:92:0c:
         ec:70:1c:ce:07:09:00:ee:3a:0d:25:ef:d5:70:f4:36:c7:76:
         de:51:8b:5e:b6:0d:84:e9:cc:7a:88:53:54:b8:7f:94:35:c8:
         91:e6:aa:69:d3:11:b6:47:17:3f:28:30:bd:25:b1:8a:cc:4c:
         73:30:61:02:f6:d3:82:31:f9:d5:e5:ee:9c:3d:1f:d7:45:78:
         6f:2a:d0:e8:d3:b8:b6:d9:bf:37:27:2e:32:85:41:1b:ae:0a:
         a5:50:87:4b:cc:5d:c2:c6:e7:5a:04:f3:b1:e9:fb:cc:a8:63:
         bf:ba:68:4e:cb:c0:5f:45:a4:9e:8f:79:e5:40:2d:9c:6d:19:
         ce:c8:b3:a7:e4:bc:bc:cc:03:0b:b2:dd:b6:b5:82:9f:8f:44:
         c9:5e:43:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKkgTsnCM4PkTJ13dakU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGFmZTgwZTZiZDAyMzQ2ZWM0MDVlY2U1MTAyYmRmMTllNjQ0N2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhRpVDMB9MMLVqktMCM80pzyUZze
soGth1jYL/D6oDasWiKaUIgl5FG+dTafZrt46auy29jALaOaE6H1T//Sms9yNpkC
MXzZ8wNYDSmeOZOlV43tjJbeZFL7C+59xjIzXjVJGlkcrrYz3ZfFOoZmt0IgxpHp
+1Yw6M0r+hbwJqoPfSmj30e5mWiyugelb+LW9+S8XD49nmjSeSmS+lPbiv2ztHlu
OMJoXwcgix0nUv6Dqtg4WvRTa3384ppfuUDLFXsM/cQlB7uMrZW/o06Rq8bgTot6
tl6zMLDBTqEL7VmcUyrriCTz8PbLnu2PymcWHI+oh1jGm3BV+MD1KiYylwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMCv6A5r0CNG7EBezlECvfGeZEf+MB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvd0tfb0RtdlFJMGJzUUY3T1VRSzk4WjVrUl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLULgMA0E
AgACMAcDBQMqCWxAMA0GCSqGSIb3DQEBCwUAA4IBAQBpUPeAcM3++CF9YixfeJOb
rNT0kffA1X0tsi99SVbVG1zEcyDgF1gyGpHFs1OXSU7p3WVg+28wVC5the7NlJoO
KoPUC5jF5SqZxS316keGPv7G0sgcRalXJr9DF4gNL/v4vEnaKiX4ulyhkgzscBzO
BwkA7joNJe/VcPQ2x3beUYtetg2E6cx6iFNUuH+UNciR5qpp0xG2Rxc/KDC9JbGK
zExzMGEC9tOCMfnV5e6cPR/XRXhvKtDo07i22b83Jy4yhUEbrgqlUIdLzF3Cxuda
BPOx6fvMqGO/umhOy8BfRaSej3nlQC2cbRnOyLOn5Ly8zAMLst22tYKfj0TJXkO5
-----END CERTIFICATE-----