Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/3-mfhji3K30To5cmP_y3PLXIgXk.roa
File:                     3-mfhji3K30To5cmP_y3PLXIgXk.roa (raw, json)
Hash identifier:          1REF9InTeB96yx/pDRI5YfSCFQN96qYq4bIoD1fjpxY=
Subject key identifier:   DF:E9:9F:86:38:B7:2B:7D:13:A3:97:26:3F:FC:B7:3C:B5:C8:81:79
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018FE2F35084FE630142E5887E0C7E766EDD
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/3-mfhji3K30To5cmP_y3PLXIgXk.roa
Signing time:             Tue 04 Jun 2024 11:12:27 +0000
ROA not before:           Tue 04 Jun 2024 11:12:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.141.48.0/24 maxlen: 24
                          45.141.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:f3:50:84:fe:63:01:42:e5:88:7e:0c:7e:76:6e:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jun  4 11:12:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfe99f8638b72b7d13a397263ffcb73cb5c88179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7c:51:81:ab:a3:49:3d:ba:e9:12:af:3a:e4:
                    28:eb:56:17:70:71:43:c4:47:c8:05:be:98:23:72:
                    c3:28:86:f6:20:f4:b7:d6:b6:7f:f5:26:4b:3c:ad:
                    7e:36:21:24:39:ce:d1:70:8f:7f:7b:e6:d8:45:82:
                    5b:b9:2f:e5:1b:f2:4b:9d:e5:ff:08:aa:68:fe:51:
                    f1:9f:b1:da:d9:e8:d2:9d:a6:dd:d0:e6:e6:d0:95:
                    e7:56:c7:b5:28:99:3e:10:fb:45:3f:81:8a:d0:38:
                    90:8d:91:b2:df:75:d0:e9:a9:0b:b0:e0:c9:bf:da:
                    78:db:42:12:fc:6f:21:0e:55:a9:51:96:b5:70:17:
                    69:08:f5:c6:56:53:b3:aa:c3:03:91:05:02:80:c3:
                    f1:28:10:1d:ad:e9:86:87:36:6f:e8:f6:c9:68:80:
                    db:de:e1:a9:4f:49:6a:2a:61:d5:52:3a:35:a2:aa:
                    5c:1e:0d:45:4b:7a:1e:10:59:98:ad:45:d9:89:98:
                    a2:77:02:96:6c:d5:4c:2a:90:66:3c:cb:03:e5:a0:
                    75:d6:8d:be:33:2e:9a:3e:d7:6a:45:a6:77:5e:84:
                    d3:0f:4d:17:1e:75:d6:35:29:12:37:d7:03:51:fd:
                    0f:46:6a:35:7d:0a:91:f3:0f:13:e8:62:92:2e:67:
                    ae:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E9:9F:86:38:B7:2B:7D:13:A3:97:26:3F:FC:B7:3C:B5:C8:81:79
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/3-mfhji3K30To5cmP_y3PLXIgXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.48.0/24
                  45.141.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:13:6f:8e:cf:a5:a4:bf:75:fc:52:be:cc:de:e5:4d:ec:4f:
         5d:0f:e3:1d:01:5a:67:a6:09:8a:7f:c0:57:89:93:85:16:2f:
         6b:83:dd:66:67:52:a1:8b:60:21:13:4a:0a:38:d5:11:9e:8c:
         6e:91:a2:22:7a:51:88:4c:6a:a2:15:75:a0:84:54:9c:fc:6d:
         4a:1d:94:21:c6:01:d4:d6:ec:e7:e1:8a:75:ac:4f:15:34:ee:
         f8:40:14:92:59:01:7f:c1:73:db:e3:99:ad:80:42:65:59:ef:
         59:da:d4:15:d4:ad:2b:33:7c:f7:1f:b8:32:5e:a2:bd:ba:83:
         a7:db:ab:3e:c4:42:d3:e7:78:68:99:a4:cf:02:0d:d3:e9:b6:
         8f:ec:ff:9f:de:39:07:e3:83:a7:89:cf:8b:60:65:2f:76:c7:
         88:79:60:f9:f5:dd:eb:01:8f:88:26:1f:00:a7:fb:d4:57:ed:
         23:ee:ce:91:6b:48:d3:8c:b1:0e:b9:e2:29:79:d4:09:49:db:
         a8:60:5c:57:b9:ec:81:87:84:93:b6:61:a5:7a:3d:29:28:05:
         a9:a1:b2:32:5d:a3:29:9a:78:e8:65:0a:25:b7:27:6f:93:4a:
         37:eb:ca:89:35:73:47:f0:ef:a5:60:c0:19:a4:65:ce:37:9d:
         63:ab:0d:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/i81CE/mMBQuWIfgx+dm7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwNjA0MTExMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmU5OWY4NjM4YjcyYjdkMTNhMzk3MjYzZmZjYjczY2I1Yzg4MTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33xRgaujST266RKvOuQo61YXcHFD
xEfIBb6YI3LDKIb2IPS31rZ/9SZLPK1+NiEkOc7RcI9/e+bYRYJbuS/lG/JLneX/
CKpo/lHxn7Ha2ejSnabd0Obm0JXnVse1KJk+EPtFP4GK0DiQjZGy33XQ6akLsODJ
v9p420IS/G8hDlWpUZa1cBdpCPXGVlOzqsMDkQUCgMPxKBAdremGhzZv6PbJaIDb
3uGpT0lqKmHVUjo1oqpcHg1FS3oeEFmYrUXZiZiidwKWbNVMKpBmPMsD5aB11o2+
My6aPtdqRaZ3XoTTD00XHnXWNSkSN9cDUf0PRmo1fQqR8w8T6GKSLmeu8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/pn4Y4tyt9E6OXJj/8tzy1yIF5MB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvMy1tZmhqaTNLMzBUbzVjbVBfeTNQTFhJZ1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY0wAwQA
LY0yMA0GCSqGSIb3DQEBCwUAA4IBAQCJE2+Oz6Wkv3X8Ur7M3uVN7E9dD+MdAVpn
pgmKf8BXiZOFFi9rg91mZ1Khi2AhE0oKONURnoxukaIielGITGqiFXWghFSc/G1K
HZQhxgHU1uzn4Yp1rE8VNO74QBSSWQF/wXPb45mtgEJlWe9Z2tQV1K0rM3z3H7gy
XqK9uoOn26s+xELT53homaTPAg3T6baP7P+f3jkH44Onic+LYGUvdseIeWD59d3r
AY+IJh8Ap/vUV+0j7s6Ra0jTjLEOueIpedQJSduoYFxXueyBh4STtmGlej0pKAWp
obIyXaMpmnjoZQoltydvk0o368qJNXNH8O+lYMAZpGXON51jqw1p
-----END CERTIFICATE-----