Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/4NBrh8F2e2z4lKH1jUc358a92TU.roa
File:                     4NBrh8F2e2z4lKH1jUc358a92TU.roa (raw, json)
Hash identifier:          JVZxJE33rKtSzDWjPx+i2iZOwGlA/wv2eGC5lbzykgM=
Subject key identifier:   E0:D0:6B:87:C1:76:7B:6C:F8:94:A1:F5:8D:47:37:E7:C6:BD:D9:35
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01936910D4E417EB6267F276E5C4F6DCE2A7
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/4NBrh8F2e2z4lKH1jUc358a92TU.roa
Signing time:             Tue 26 Nov 2024 15:22:10 +0000
ROA not before:           Tue 26 Nov 2024 15:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133199
IP address blocks:        45.144.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:69:10:d4:e4:17:eb:62:67:f2:76:e5:c4:f6:dc:e2:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 15:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0d06b87c1767b6cf894a1f58d4737e7c6bdd935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7d:51:3b:f3:88:70:a3:50:62:2f:e9:c4:3a:
                    82:d5:1f:ed:e6:1c:db:ff:2a:31:38:d4:31:70:e8:
                    25:a8:78:9b:d2:5f:ba:f9:09:48:48:fc:fa:0a:19:
                    a5:52:4f:4a:e0:66:01:b0:52:5e:fc:a5:cc:dd:a3:
                    8f:72:7f:69:2f:2d:bc:7b:7e:97:1d:69:aa:01:8b:
                    a2:d8:5b:cf:c9:82:c9:9e:c0:aa:4d:d5:da:b4:0f:
                    14:e5:03:fc:c8:e6:7f:d7:51:92:fe:a0:18:e4:8d:
                    6a:a6:d2:f9:b1:22:64:2d:8b:c4:df:7d:3d:f7:09:
                    52:e8:67:b7:92:0e:66:78:48:46:64:2c:d7:22:49:
                    96:91:b6:20:6e:ff:a4:94:65:80:a2:e5:b2:69:c9:
                    5b:08:52:ac:20:0f:e4:70:c8:0b:2c:70:f1:e3:ef:
                    42:63:b8:cb:6b:78:d0:0b:e4:92:93:3e:e0:86:11:
                    e3:cd:76:dd:c4:4a:bf:fe:61:a9:c8:09:a6:be:86:
                    57:0c:da:05:56:b4:3b:55:7c:64:ce:f2:e3:3b:0f:
                    a9:54:fe:6e:41:f5:8a:c5:48:0a:17:33:b2:47:2d:
                    49:98:66:70:7c:b5:47:57:93:49:cd:64:f7:23:4f:
                    50:f1:98:14:af:2c:e4:b0:78:ca:cf:82:16:c5:d0:
                    8f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D0:6B:87:C1:76:7B:6C:F8:94:A1:F5:8D:47:37:E7:C6:BD:D9:35
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/4NBrh8F2e2z4lKH1jUc358a92TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c0:30:ac:da:48:9c:aa:bd:cc:c7:a8:d4:87:f2:56:84:cd:
         22:14:6a:d2:dd:a9:04:d2:cc:87:be:06:40:b8:19:0e:5a:ca:
         47:9a:db:da:2c:9b:35:c1:2a:98:d2:ea:d9:e1:3d:a4:e2:ff:
         b0:04:bb:39:2a:ab:ec:ea:1e:57:2a:f5:03:08:ca:30:90:a9:
         20:1b:18:dc:df:de:d4:d1:2c:7e:cd:0d:55:f0:5b:fd:b8:42:
         1e:f1:2c:58:3f:12:28:19:45:f2:cd:b6:55:0b:69:b6:a2:14:
         ac:cf:be:25:ec:bc:ef:df:06:bc:b2:a9:18:b0:61:63:a1:89:
         da:e5:f0:7d:08:a1:e6:e5:f4:58:82:c4:f6:b2:23:7d:cc:76:
         19:58:e4:08:60:c1:e5:c3:a6:cb:b3:6c:1c:a8:20:ef:2e:00:
         7b:3f:aa:65:0f:21:31:c2:c9:9d:7f:f3:49:23:5c:be:03:6d:
         95:53:0b:f3:9e:16:70:18:9c:c2:f2:57:0b:4a:ca:77:c4:ca:
         2a:b4:e8:b7:29:75:06:1c:66:34:dd:84:b9:8d:c7:d7:28:bc:
         a6:06:d3:02:13:12:a3:9c:04:db:46:22:10:5b:5a:b9:f3:0f:
         df:24:ff:1f:1a:05:37:6b:ef:c5:c2:46:a5:50:d9:aa:7d:cd:
         50:94:05:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNpENTkF+tiZ/J25cT23OKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTUyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQwNmI4N2MxNzY3YjZjZjg5NGExZjU4ZDQ3MzdlN2M2YmRkOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX1RO/OIcKNQYi/pxDqC1R/t5hzb
/yoxONQxcOglqHib0l+6+QlISPz6ChmlUk9K4GYBsFJe/KXM3aOPcn9pLy28e36X
HWmqAYui2FvPyYLJnsCqTdXatA8U5QP8yOZ/11GS/qAY5I1qptL5sSJkLYvE3309
9wlS6Ge3kg5meEhGZCzXIkmWkbYgbv+klGWAouWyaclbCFKsIA/kcMgLLHDx4+9C
Y7jLa3jQC+SSkz7ghhHjzXbdxEq//mGpyAmmvoZXDNoFVrQ7VXxkzvLjOw+pVP5u
QfWKxUgKFzOyRy1JmGZwfLVHV5NJzWT3I09Q8ZgUryzksHjKz4IWxdCPawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODQa4fBdnts+JSh9Y1HN+fGvdk1MB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvNE5Ccmg4RjJlMno0bEtIMWpVYzM1OGE5MlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZCLMA0G
CSqGSIb3DQEBCwUAA4IBAQCgwDCs2kicqr3Mx6jUh/JWhM0iFGrS3akE0syHvgZA
uBkOWspHmtvaLJs1wSqY0urZ4T2k4v+wBLs5Kqvs6h5XKvUDCMowkKkgGxjc397U
0Sx+zQ1V8Fv9uEIe8SxYPxIoGUXyzbZVC2m2ohSsz74l7Lzv3wa8sqkYsGFjoYna
5fB9CKHm5fRYgsT2siN9zHYZWOQIYMHlw6bLs2wcqCDvLgB7P6plDyExwsmdf/NJ
I1y+A22VUwvznhZwGJzC8lcLSsp3xMoqtOi3KXUGHGY03YS5jcfXKLymBtMCExKj
nATbRiIQW1q58w/fJP8fGgU3a+/FwkalUNmqfc1QlAV5
-----END CERTIFICATE-----