Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/9i4SBcAQbbxJJ7-ujFUmRgPdqhg.roa
File:                     9i4SBcAQbbxJJ7-ujFUmRgPdqhg.roa (raw, json)
Hash identifier:          Q4N/uMpu8S735DeNgBOoqsl5y6vL8d/og7CpNy+rFbI=
Subject key identifier:   F6:2E:12:05:C0:10:6D:BC:49:27:BF:AE:8C:55:26:46:03:DD:AA:18
Certificate issuer:       /CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Certificate serial:       018CC26D06A51CD1A23D45BE797CCD51620D
Authority key identifier: 7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/9i4SBcAQbbxJJ7-ujFUmRgPdqhg.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46261
IP address blocks:        45.139.3.0/24 maxlen: 24
                          45.130.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:06:a5:1c:d1:a2:3d:45:be:79:7c:cd:51:62:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f62e1205c0106dbc4927bfae8c55264603ddaa18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ec:f8:f5:08:99:f8:bd:34:18:b1:6a:40:5f:
                    9f:f8:f0:8c:d0:e4:84:0f:2c:0d:24:6a:ba:35:8a:
                    0c:b5:f6:6c:c2:f4:34:d0:0d:5a:64:2e:d1:fe:cb:
                    9e:77:80:2e:ed:71:c2:c1:7d:86:7f:f8:11:90:b3:
                    e9:67:ab:0d:80:3e:8d:31:c6:22:6a:78:80:37:da:
                    99:9b:c3:a4:f7:c7:62:f0:43:e6:40:8f:8f:df:e9:
                    fa:1b:48:f0:1d:5f:d2:21:16:15:fa:43:02:01:5c:
                    61:c3:1b:e5:b6:85:d5:ba:13:60:a3:1b:31:78:ec:
                    aa:63:71:c1:c5:08:48:c7:65:7d:43:f3:6a:db:e0:
                    8d:35:f9:82:23:0e:26:32:f0:8c:dd:b2:ac:87:5e:
                    dc:84:12:e9:05:d3:a2:2e:2e:24:b3:57:0f:7b:8f:
                    36:62:93:3b:a1:a1:00:b6:d4:5a:f2:2c:1d:8f:80:
                    45:2e:64:fc:90:cb:60:d6:27:4c:61:f3:d3:2c:5f:
                    f9:53:db:6d:db:97:cc:94:3e:b0:ed:bf:0d:63:e1:
                    49:48:ca:6b:8d:d4:7a:4f:df:48:29:f7:d3:5f:30:
                    a0:db:84:73:88:b5:d9:8f:d4:68:97:39:b4:91:87:
                    ea:8e:3e:38:bd:13:66:12:06:b4:5c:48:e0:99:1d:
                    64:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:2E:12:05:C0:10:6D:BC:49:27:BF:AE:8C:55:26:46:03:DD:AA:18
            X509v3 Authority Key Identifier:
                keyid:7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/9i4SBcAQbbxJJ7-ujFUmRgPdqhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.64.0/24
                  45.139.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:19:43:d1:f2:15:99:31:bc:21:a1:46:51:58:7b:04:53:11:
         ca:84:df:42:00:62:78:68:56:ca:64:37:50:5f:ea:72:d1:80:
         f3:c2:e9:ec:8a:a6:e1:2c:00:8f:6d:d2:ad:07:21:11:91:2f:
         7f:f3:18:fe:2b:50:51:08:62:44:92:f8:86:c6:b7:26:d3:8e:
         77:e0:16:67:6e:1d:f7:ba:a1:ba:c7:27:68:b6:bf:0a:94:d3:
         3e:cb:33:da:ab:60:b1:0d:13:24:c9:05:b7:49:fc:f1:4b:43:
         ac:d9:47:e3:f8:0c:23:35:ba:5f:53:0b:29:f0:87:a3:a8:04:
         4f:c7:bc:a8:d2:f5:70:55:32:91:ce:61:75:5f:93:8f:8f:1b:
         b8:3e:c0:74:5d:3c:de:a2:77:fa:a4:44:7a:33:38:3d:5c:fc:
         9f:c5:38:0d:48:39:f7:55:4a:c6:a5:e0:8d:4e:15:c6:6e:f5:
         15:a6:cf:32:1a:5b:cf:66:64:d7:9b:c3:cd:50:e0:de:1e:8a:
         14:22:b0:7a:38:84:bd:30:58:15:9d:05:c3:34:f1:37:96:a0:
         de:37:d7:25:df:1c:10:bc:f9:db:29:6e:f1:e8:a2:d2:36:2c:
         2e:35:b2:2f:6a:63:ff:7f:b3:ab:68:b4:a9:04:10:03:d2:f3:
         f8:db:55:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbQalHNGiPUW+eXzNUWINMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTY0M2JiMzk5YzZkODdhZGM0YzdjYmE1ZDJiNzJmYmQw
MGQwNDYwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjJlMTIwNWMwMTA2ZGJjNDkyN2JmYWU4YzU1MjY0NjAzZGRhYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApez49QiZ+L00GLFqQF+f+PCM0OSE
DywNJGq6NYoMtfZswvQ00A1aZC7R/sued4Au7XHCwX2Gf/gRkLPpZ6sNgD6NMcYi
aniAN9qZm8Ok98di8EPmQI+P3+n6G0jwHV/SIRYV+kMCAVxhwxvltoXVuhNgoxsx
eOyqY3HBxQhIx2V9Q/Nq2+CNNfmCIw4mMvCM3bKsh17chBLpBdOiLi4ks1cPe482
YpM7oaEAttRa8iwdj4BFLmT8kMtg1idMYfPTLF/5U9tt25fMlD6w7b8NY+FJSMpr
jdR6T99IKffTXzCg24RziLXZj9Rolzm0kYfqjj44vRNmEga0XEjgmR1kgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPYuEgXAEG28SSe/roxVJkYD3aoYMB8GA1UdIwQY
MBaAFHymQ7s5nG2HrcTHy6XSty+9ANBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMt
NDRlYTY0NzIxYzllLzEvOWk0U0JjQVFiYnhKSjctdWpGVW1SZ1BkcWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMtNDRlYTY0NzIxYzll
LzEvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYJAAwQA
LYsDMA0GCSqGSIb3DQEBCwUAA4IBAQCaGUPR8hWZMbwhoUZRWHsEUxHKhN9CAGJ4
aFbKZDdQX+py0YDzwunsiqbhLACPbdKtByERkS9/8xj+K1BRCGJEkviGxrcm0453
4BZnbh33uqG6xydotr8KlNM+yzPaq2CxDRMkyQW3SfzxS0Os2Ufj+AwjNbpfUwsp
8IejqARPx7yo0vVwVTKRzmF1X5OPjxu4PsB0XTzeonf6pER6Mzg9XPyfxTgNSDn3
VUrGpeCNThXGbvUVps8yGlvPZmTXm8PNUODeHooUIrB6OIS9MFgVnQXDNPE3lqDe
N9cl3xwQvPnbKW7x6KLSNiwuNbIvamP/f7OraLSpBBAD0vP421Vh
-----END CERTIFICATE-----