Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a42699-1d3f-4a70-83ce-c564b40eca05/1/KgRUNmHyMLqhY_TSjZW7Q-ZOnlY.roa
File:                     KgRUNmHyMLqhY_TSjZW7Q-ZOnlY.roa (raw, json)
Hash identifier:          UCtShPyONW3/mRXVpID0Z95VJCsf8LTk8IMEqIKPRYs=
Subject key identifier:   2A:04:54:36:61:F2:30:BA:A1:63:F4:D2:8D:95:BB:43:E6:4E:9E:56
Certificate issuer:       /CN=58ee47d32a599341f5ff1a88bf142e1538da40ea
Certificate serial:       018CC6B7A4AD87806841DC644A4A60085249
Authority key identifier: 58:EE:47:D3:2A:59:93:41:F5:FF:1A:88:BF:14:2E:15:38:DA:40:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WO5H0ypZk0H1_xqIvxQuFTjaQOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a42699-1d3f-4a70-83ce-c564b40eca05/1/KgRUNmHyMLqhY_TSjZW7Q-ZOnlY.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        45.15.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a42699-1d3f-4a70-83ce-c564b40eca05/1/WO5H0ypZk0H1_xqIvxQuFTjaQOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a42699-1d3f-4a70-83ce-c564b40eca05/1/WO5H0ypZk0H1_xqIvxQuFTjaQOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WO5H0ypZk0H1_xqIvxQuFTjaQOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a4:ad:87:80:68:41:dc:64:4a:4a:60:08:52:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ee47d32a599341f5ff1a88bf142e1538da40ea
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a04543661f230baa163f4d28d95bb43e64e9e56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ee:7d:00:bc:f3:96:7a:f7:21:9b:a9:ca:29:
                    f5:6f:4a:ee:49:3c:8d:fb:7b:e5:91:3a:67:3c:09:
                    fd:5b:54:74:87:18:27:e2:59:bb:7b:17:d1:29:37:
                    73:5a:bf:9b:46:2a:be:64:3b:16:a4:2b:f3:02:d2:
                    17:cd:41:28:cc:f2:c7:08:4a:84:4e:2f:56:03:cb:
                    8a:30:0f:9a:9f:50:06:99:7d:f5:f4:51:02:20:b2:
                    ae:ef:7b:9b:7a:4a:ed:1e:14:ff:76:2b:73:aa:0f:
                    f2:6a:18:f1:1b:e2:70:43:95:a0:55:1d:43:9e:22:
                    a6:39:0a:cb:02:59:e8:40:a6:e5:8e:a2:2c:3a:de:
                    7f:df:c2:c1:df:19:3d:86:fe:9e:67:a2:76:b2:d5:
                    8f:1d:24:46:69:7c:07:2d:50:4c:8c:43:75:fd:15:
                    f0:47:b8:92:27:f0:9a:99:70:d0:a0:ad:eb:a3:92:
                    36:cd:cb:57:a3:2c:58:5b:6d:1b:f2:d7:70:c6:2f:
                    4b:ef:80:c0:71:9e:2a:2e:b5:0d:2f:ad:49:d2:bc:
                    b5:23:4f:b1:ee:4a:44:2e:69:a0:8b:98:2f:b8:f1:
                    63:6c:97:de:f1:02:cd:a0:41:2d:dc:b6:86:94:dd:
                    ee:4f:45:f0:d1:d7:24:43:95:51:c2:4b:f5:6b:db:
                    a2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:04:54:36:61:F2:30:BA:A1:63:F4:D2:8D:95:BB:43:E6:4E:9E:56
            X509v3 Authority Key Identifier:
                keyid:58:EE:47:D3:2A:59:93:41:F5:FF:1A:88:BF:14:2E:15:38:DA:40:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WO5H0ypZk0H1_xqIvxQuFTjaQOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a42699-1d3f-4a70-83ce-c564b40eca05/1/KgRUNmHyMLqhY_TSjZW7Q-ZOnlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a42699-1d3f-4a70-83ce-c564b40eca05/1/WO5H0ypZk0H1_xqIvxQuFTjaQOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:74:19:de:de:31:f5:2d:01:a6:f1:6f:d3:c8:0d:34:2e:6b:
         f6:36:3f:4c:22:d2:b2:b0:24:12:a9:34:cc:dc:1c:85:1d:68:
         47:8f:f2:3c:98:2a:1c:fc:b2:a1:3b:c3:53:b8:f4:ae:c4:90:
         5e:25:cb:ce:97:34:05:44:02:30:47:b8:32:8e:b8:1c:ac:46:
         2e:3d:8e:51:12:28:1a:4d:6a:22:b6:13:a8:98:8f:b1:21:64:
         58:45:7a:70:a4:e9:ed:77:a7:df:af:97:e8:4a:97:c8:e0:ea:
         08:d0:40:d6:2b:d1:08:4b:7b:33:27:34:64:a0:0e:eb:54:15:
         c7:7f:20:74:f5:b8:00:be:f5:01:19:24:27:75:8c:ca:b6:ba:
         67:09:de:de:9e:1c:12:50:76:67:ea:bc:34:92:82:f6:94:e2:
         e3:f5:5c:53:ba:71:fa:c0:ad:8a:03:7f:0f:bc:cf:99:60:41:
         75:01:cb:23:c9:c2:5e:8d:8a:6d:87:49:ba:9e:fe:51:84:51:
         77:5b:ab:f3:19:15:78:86:21:d5:48:0f:fb:ff:ce:e3:4e:7a:
         e1:77:f3:72:b1:3c:4a:1c:3f:12:c9:0c:ac:9c:f2:1a:e5:fe:
         3a:6f:5b:76:8b:9e:4e:52:6b:63:8b:cc:da:02:02:b5:ee:13:
         a1:78:8c:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6Sth4BoQdxkSkpgCFJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZWU0N2QzMmE1OTkzNDFmNWZmMWE4OGJmMTQyZTE1Mzhk
YTQwZWEwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA0NTQzNjYxZjIzMGJhYTE2M2Y0ZDI4ZDk1YmI0M2U2NGU5ZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiO59ALzzlnr3IZupyin1b0ruSTyN
+3vlkTpnPAn9W1R0hxgn4lm7exfRKTdzWr+bRiq+ZDsWpCvzAtIXzUEozPLHCEqE
Ti9WA8uKMA+an1AGmX319FECILKu73ubekrtHhT/ditzqg/yahjxG+JwQ5WgVR1D
niKmOQrLAlnoQKbljqIsOt5/38LB3xk9hv6eZ6J2stWPHSRGaXwHLVBMjEN1/RXw
R7iSJ/CamXDQoK3ro5I2zctXoyxYW20b8tdwxi9L74DAcZ4qLrUNL61J0ry1I0+x
7kpELmmgi5gvuPFjbJfe8QLNoEEt3LaGlN3uT0Xw0dckQ5VRwkv1a9uiVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoEVDZh8jC6oWP00o2Vu0PmTp5WMB8GA1UdIwQY
MBaAFFjuR9MqWZNB9f8aiL8ULhU42kDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV081SDB5cFprMEgxX3hxSXZ4UXVGVGphUU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNDI2OTktMWQzZi00YTcwLTgzY2Ut
YzU2NGI0MGVjYTA1LzEvS2dSVU5tSHlNTHFoWV9UU2paVzdRLVpPbmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNDI2OTktMWQzZi00YTcwLTgzY2UtYzU2NGI0MGVjYTA1
LzEvV081SDB5cFprMEgxX3hxSXZ4UXVGVGphUU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ8EMA0G
CSqGSIb3DQEBCwUAA4IBAQAkdBne3jH1LQGm8W/TyA00Lmv2Nj9MItKysCQSqTTM
3ByFHWhHj/I8mCoc/LKhO8NTuPSuxJBeJcvOlzQFRAIwR7gyjrgcrEYuPY5REiga
TWoithOomI+xIWRYRXpwpOntd6ffr5foSpfI4OoI0EDWK9EIS3szJzRkoA7rVBXH
fyB09bgAvvUBGSQndYzKtrpnCd7enhwSUHZn6rw0koL2lOLj9VxTunH6wK2KA38P
vM+ZYEF1AcsjycJejYpth0m6nv5RhFF3W6vzGRV4hiHVSA/7/87jTnrhd/NysTxK
HD8SyQysnPIa5f46b1t2i55OUmtji8zaAgK17hOheIy1
-----END CERTIFICATE-----