Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/4UH7V0wM__QER66W_4MI9Xp-RlQ.roa
File:                     4UH7V0wM__QER66W_4MI9Xp-RlQ.roa (raw, json)
Hash identifier:          HAd3twO0mwrEjIbr0imHTs/cecnXR8gP5KAbVrxfaUg=
Subject key identifier:   E1:41:FB:57:4C:0C:FF:F4:04:47:AE:96:FF:83:08:F5:7A:7E:46:54
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018F5CC9BFCCC1168A16BB079A3D33083BBE
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/4UH7V0wM__QER66W_4MI9Xp-RlQ.roa
Signing time:             Thu 09 May 2024 09:57:56 +0000
ROA not before:           Thu 09 May 2024 09:57:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        45.145.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:c9:bf:cc:c1:16:8a:16:bb:07:9a:3d:33:08:3b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: May  9 09:57:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e141fb574c0cfff40447ae96ff8308f57a7e4654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:93:7f:00:8a:c6:0d:31:48:06:c1:d3:13:53:
                    81:59:eb:69:f9:ab:4b:ee:b5:6e:37:26:95:94:b1:
                    b9:77:b2:08:72:e7:9a:5a:b1:69:7f:e4:67:8a:8b:
                    76:71:d1:91:e2:f0:d2:1c:ee:ad:2d:be:b3:55:74:
                    43:ae:56:06:04:96:bf:6b:5a:4d:9a:b5:3e:72:d6:
                    5d:a1:40:20:fc:18:99:5e:e2:6f:c8:cd:10:97:fd:
                    1e:73:67:6c:64:e0:7d:b5:31:83:08:04:f3:8d:85:
                    ba:a8:65:8a:1c:be:4f:2b:45:1f:24:07:f2:f1:7d:
                    55:26:25:b5:ef:be:5b:0b:99:d8:f4:c0:37:85:fa:
                    f1:24:67:3f:10:69:4d:30:a5:24:2e:db:91:4f:b7:
                    bd:0f:98:ff:9b:b5:92:78:ce:24:2c:fd:69:3a:39:
                    7a:b3:fc:8a:d9:79:ad:74:0d:df:dd:5a:e4:db:0a:
                    16:c4:b9:c3:67:3b:d8:9f:c2:21:0a:c2:c8:d2:24:
                    b7:22:24:a3:25:28:33:79:47:b7:5f:c8:9b:0c:4e:
                    73:32:c3:9e:83:fe:7e:76:a5:0f:0a:3d:de:56:ac:
                    69:7c:b7:d2:0b:7c:62:39:bb:0d:32:4a:f9:99:2b:
                    01:93:ce:f9:33:56:84:9e:ab:18:16:6b:23:c2:af:
                    21:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:41:FB:57:4C:0C:FF:F4:04:47:AE:96:FF:83:08:F5:7A:7E:46:54
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/4UH7V0wM__QER66W_4MI9Xp-RlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:18:3f:31:00:09:ae:ae:dd:91:a1:83:2e:48:94:40:bb:b0:
         ca:1a:80:28:2d:08:10:a0:20:74:2c:a9:40:c7:df:08:4f:df:
         01:58:f3:81:c9:39:7e:f3:12:f2:0b:51:18:64:b6:90:98:ab:
         a4:2d:71:97:b0:60:b9:34:bf:cc:08:ad:ad:fa:99:cd:5a:1c:
         9d:67:ce:26:b0:94:5f:99:05:8b:ca:6b:e1:ac:32:a5:66:f8:
         e6:1e:66:79:06:99:dc:f9:96:33:0a:9f:6f:26:55:ea:b0:44:
         4c:08:2d:b0:1d:ea:24:15:e5:70:18:0f:dd:8b:7a:af:40:7c:
         fe:18:b8:83:f8:09:f7:1d:54:80:bd:77:7c:28:8f:58:8b:d4:
         88:f4:fe:7c:8f:6b:a4:13:03:51:f8:d8:8f:77:18:03:99:fe:
         c6:75:19:26:ef:81:18:f0:cc:4b:84:40:12:2e:20:9b:42:7d:
         73:7f:db:5c:90:8c:42:63:08:27:ae:fa:9e:a8:9f:09:5b:96:
         12:23:ac:68:8c:87:de:c3:fc:e7:9a:57:fc:b0:42:29:e1:88:
         ef:c5:6b:3c:f8:44:d5:89:df:a8:b4:30:5c:a9:a8:ac:89:ce:
         64:dc:7e:73:75:29:f8:b7:d3:67:0e:37:71:92:63:66:6c:42:
         8b:5f:e8:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9cyb/MwRaKFrsHmj0zCDu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwNTA5MDk1NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQxZmI1NzRjMGNmZmY0MDQ0N2FlOTZmZjgzMDhmNTdhN2U0NjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpN/AIrGDTFIBsHTE1OBWetp+atL
7rVuNyaVlLG5d7IIcueaWrFpf+Rniot2cdGR4vDSHO6tLb6zVXRDrlYGBJa/a1pN
mrU+ctZdoUAg/BiZXuJvyM0Ql/0ec2dsZOB9tTGDCATzjYW6qGWKHL5PK0UfJAfy
8X1VJiW1775bC5nY9MA3hfrxJGc/EGlNMKUkLtuRT7e9D5j/m7WSeM4kLP1pOjl6
s/yK2XmtdA3f3Vrk2woWxLnDZzvYn8IhCsLI0iS3IiSjJSgzeUe3X8ibDE5zMsOe
g/5+dqUPCj3eVqxpfLfSC3xiObsNMkr5mSsBk875M1aEnqsYFmsjwq8hLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFB+1dMDP/0BEeulv+DCPV6fkZUMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvNFVIN1Ywd01fX1FFUjY2V180TUk5WHAtUmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZEQMA0G
CSqGSIb3DQEBCwUAA4IBAQBGGD8xAAmurt2RoYMuSJRAu7DKGoAoLQgQoCB0LKlA
x98IT98BWPOByTl+8xLyC1EYZLaQmKukLXGXsGC5NL/MCK2t+pnNWhydZ84msJRf
mQWLymvhrDKlZvjmHmZ5Bpnc+ZYzCp9vJlXqsERMCC2wHeokFeVwGA/di3qvQHz+
GLiD+An3HVSAvXd8KI9Yi9SI9P58j2ukEwNR+NiPdxgDmf7GdRkm74EY8MxLhEAS
LiCbQn1zf9tckIxCYwgnrvqeqJ8JW5YSI6xojIfew/znmlf8sEIp4YjvxWs8+ETV
id+otDBcqaisic5k3H5zdSn4t9NnDjdxkmNmbEKLX+is
-----END CERTIFICATE-----