Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/TPIaTxYK1gnNZvsklGYHJul9oYw.roa
File:                     TPIaTxYK1gnNZvsklGYHJul9oYw.roa (raw, json)
Hash identifier:          Aq2lP5Zo4wKqJnsW+Nup3/O3EL2bmZsqHyKX7+lOYaQ=
Subject key identifier:   4C:F2:1A:4F:16:0A:D6:09:CD:66:FB:24:94:66:07:26:E9:7D:A1:8C
Certificate issuer:       /CN=54404da602dab0625be7223d09320b1cd7aafced
Certificate serial:       018CC26D6E48B63C651186AA33B74335BE1A
Authority key identifier: 54:40:4D:A6:02:DA:B0:62:5B:E7:22:3D:09:32:0B:1C:D7:AA:FC:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/TPIaTxYK1gnNZvsklGYHJul9oYw.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45040
IP address blocks:        45.152.76.0/24 maxlen: 24
                          45.152.77.0/24 maxlen: 24
                          45.152.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6e:48:b6:3c:65:11:86:aa:33:b7:43:35:be:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54404da602dab0625be7223d09320b1cd7aafced
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cf21a4f160ad609cd66fb2494660726e97da18c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7b:71:4a:6f:a1:9d:6f:c7:3f:12:23:e4:b6:
                    42:14:87:a3:25:0b:ef:78:83:00:a4:bb:8c:97:4c:
                    3a:ef:51:d7:25:9c:2c:22:c4:51:ac:94:49:f1:e8:
                    22:98:0f:ad:db:54:c9:ce:a9:28:63:09:76:40:61:
                    66:84:af:6c:61:7e:d0:33:18:8d:c1:c8:6d:71:89:
                    0b:a9:ef:72:ea:ed:70:d0:fc:65:06:4b:e6:2d:1e:
                    13:db:f2:43:2d:8a:d8:96:fe:c9:08:6b:2b:26:4f:
                    54:35:66:01:17:84:6a:77:11:01:73:f7:e8:a9:19:
                    2a:32:6f:da:3c:26:90:20:40:03:e4:68:dd:df:33:
                    c5:7e:bb:39:b3:0a:e5:d3:56:f2:16:bf:4b:a4:3f:
                    ca:4d:c3:7d:50:3e:f1:f6:1c:1f:ff:2d:eb:56:81:
                    32:dc:60:ad:f4:db:7a:ed:16:78:fc:2b:11:46:c8:
                    5c:3b:d1:9f:c6:4b:c9:d3:16:58:6e:d6:65:ae:b1:
                    fc:f8:72:ce:7c:82:a1:fe:86:f2:75:18:62:7e:69:
                    a5:0d:b8:cd:0a:fc:50:1e:18:47:63:63:2b:95:ef:
                    62:31:9e:59:47:a1:8b:1b:e5:25:45:72:1f:cb:34:
                    6d:f0:53:70:76:f2:61:fb:fb:a3:14:0c:96:f1:16:
                    d0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F2:1A:4F:16:0A:D6:09:CD:66:FB:24:94:66:07:26:E9:7D:A1:8C
            X509v3 Authority Key Identifier:
                keyid:54:40:4D:A6:02:DA:B0:62:5B:E7:22:3D:09:32:0B:1C:D7:AA:FC:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/TPIaTxYK1gnNZvsklGYHJul9oYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.76.0/23
                  45.152.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:1b:2d:67:bd:c2:13:8c:1b:01:50:02:c0:83:f4:03:7c:07:
         f9:5c:ff:9a:6b:9c:26:91:2b:a0:e7:66:90:3c:ab:eb:ce:9a:
         19:e1:8d:96:8d:b6:2f:e9:f2:0a:b3:be:24:5c:5c:05:d0:05:
         67:92:7b:0e:01:9b:0e:df:97:55:82:3f:48:86:43:09:28:13:
         4b:22:cf:d5:00:93:c5:f8:b6:43:62:c0:88:50:01:a5:71:fe:
         6b:40:35:c5:73:9b:cb:59:25:a8:a8:01:16:ff:92:f9:5f:76:
         8c:6d:4c:27:fa:40:2a:70:7b:54:0e:39:8e:09:0f:2c:3f:c6:
         1a:dd:aa:57:d3:74:44:d6:2e:aa:74:16:9a:c4:57:84:3a:85:
         97:95:e0:40:b1:77:3e:03:80:7a:c6:5a:af:7f:6f:88:45:4e:
         de:10:ec:47:53:4d:7b:42:85:48:6f:19:67:99:3b:cc:69:e1:
         00:eb:49:a9:c3:45:3a:82:18:7e:12:75:ae:c1:70:32:ba:ac:
         93:d0:4b:84:af:75:51:db:9f:e4:28:ec:1f:1d:9d:df:24:53:
         87:b7:41:41:34:e2:92:b9:8b:07:29:e0:db:0e:ff:f2:e7:7c:
         b5:7d:fb:a1:b8:ca:e8:39:92:2d:22:80:eb:84:88:41:d0:86:
         af:a9:ce:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbW5ItjxlEYaqM7dDNb4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDA0ZGE2MDJkYWIwNjI1YmU3MjIzZDA5MzIwYjFjZDdh
YWZjZWQwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2YyMWE0ZjE2MGFkNjA5Y2Q2NmZiMjQ5NDY2MDcyNmU5N2RhMThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHtxSm+hnW/HPxIj5LZCFIejJQvv
eIMApLuMl0w671HXJZwsIsRRrJRJ8egimA+t21TJzqkoYwl2QGFmhK9sYX7QMxiN
wchtcYkLqe9y6u1w0PxlBkvmLR4T2/JDLYrYlv7JCGsrJk9UNWYBF4RqdxEBc/fo
qRkqMm/aPCaQIEAD5Gjd3zPFfrs5swrl01byFr9LpD/KTcN9UD7x9hwf/y3rVoEy
3GCt9Nt67RZ4/CsRRshcO9GfxkvJ0xZYbtZlrrH8+HLOfIKh/obydRhifmmlDbjN
CvxQHhhHY2Mrle9iMZ5ZR6GLG+UlRXIfyzRt8FNwdvJh+/ujFAyW8RbQ7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEzyGk8WCtYJzWb7JJRmBybpfaGMMB8GA1UdIwQY
MBaAFFRATaYC2rBiW+ciPQkyCxzXqvztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVCTnBnTGFzR0piNXlJOUNUSUxITmVxX08wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny83ZDJjYjUtYmRkZi00MjAxLWJhZjgt
MWIyNDQ4NGU1NWVjLzEvVFBJYVR4WUsxZ25OWnZza2xHWUhKdWw5b1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny83ZDJjYjUtYmRkZi00MjAxLWJhZjgtMWIyNDQ4NGU1NWVj
LzEvVkVCTnBnTGFzR0piNXlJOUNUSUxITmVxX08wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZhMAwQA
LZhPMA0GCSqGSIb3DQEBCwUAA4IBAQA8Gy1nvcITjBsBUALAg/QDfAf5XP+aa5wm
kSug52aQPKvrzpoZ4Y2WjbYv6fIKs74kXFwF0AVnknsOAZsO35dVgj9IhkMJKBNL
Is/VAJPF+LZDYsCIUAGlcf5rQDXFc5vLWSWoqAEW/5L5X3aMbUwn+kAqcHtUDjmO
CQ8sP8Ya3apX03RE1i6qdBaaxFeEOoWXleBAsXc+A4B6xlqvf2+IRU7eEOxHU017
QoVIbxlnmTvMaeEA60mpw0U6ghh+EnWuwXAyuqyT0EuEr3VR25/kKOwfHZ3fJFOH
t0FBNOKSuYsHKeDbDv/y53y1ffuhuMroOZItIoDrhIhB0Iavqc5A
-----END CERTIFICATE-----