Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/S3jApcc9VTZsr2jO1m-O_6Iz1ow.roa
File:                     S3jApcc9VTZsr2jO1m-O_6Iz1ow.roa (raw, json)
Hash identifier:          qoY87s/jOb2uuN5N0vUJhPbyQcQ8sKU0ngwMncMidzc=
Subject key identifier:   4B:78:C0:A5:C7:3D:55:36:6C:AF:68:CE:D6:6F:8E:FF:A2:33:D6:8C
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       018CC6B7FCC087686846EF91216CF0B1DF0D
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/S3jApcc9VTZsr2jO1m-O_6Iz1ow.roa
Signing time:             Mon 01 Jan 2024 20:29:55 +0000
ROA not before:           Mon 01 Jan 2024 20:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        45.66.93.0/24 maxlen: 24
                          45.66.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fc:c0:87:68:68:46:ef:91:21:6c:f0:b1:df:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan  1 20:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b78c0a5c73d55366caf68ced66f8effa233d68c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:bc:57:c5:1d:83:fd:c0:07:1e:cb:14:d7:17:
                    de:b1:05:6c:89:4b:87:f2:b8:9f:47:ef:b5:db:b4:
                    7a:dd:a2:dd:5c:a6:8c:4c:58:e2:99:a1:8d:47:e3:
                    90:31:36:1d:81:43:bd:af:05:fd:8d:2a:bf:0e:7b:
                    a8:f9:7d:4a:10:43:00:49:f0:05:42:4e:ac:3f:94:
                    25:c5:ad:c8:7d:fa:de:28:8c:64:81:5c:2f:16:b8:
                    aa:a1:da:78:9e:1b:50:82:7c:d4:b9:57:81:6a:29:
                    28:8f:d5:42:1b:3c:6e:1a:13:fd:cf:c9:b0:39:90:
                    15:96:85:bd:ce:7f:ab:da:fa:51:c8:41:73:f8:ac:
                    04:06:5f:f4:30:4b:2f:aa:41:60:1c:72:ca:a9:63:
                    5c:11:32:88:9d:fd:82:b2:b9:d6:5c:07:8f:af:07:
                    93:c7:be:5f:27:ba:8d:69:5d:47:8d:4e:33:17:75:
                    51:21:c4:b7:63:25:8a:95:5d:e9:ad:7b:93:e9:a1:
                    8b:01:58:84:c0:26:f5:cf:45:38:26:39:70:05:6c:
                    ea:6c:7f:a9:7d:b5:9d:fb:39:c6:7f:54:6f:0a:43:
                    c0:49:e1:e1:eb:ed:6d:6b:d2:45:23:10:cf:74:18:
                    f0:52:93:fa:59:95:10:a2:b7:21:0a:f2:96:cd:17:
                    a0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:78:C0:A5:C7:3D:55:36:6C:AF:68:CE:D6:6F:8E:FF:A2:33:D6:8C
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/S3jApcc9VTZsr2jO1m-O_6Iz1ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:45:26:6d:5e:fa:65:d9:87:85:5b:bf:34:8a:16:c0:e7:2b:
         a6:a7:7f:8f:0b:fe:f9:96:3b:4a:b7:f8:b3:0e:17:7f:22:77:
         df:d0:f5:8f:11:3c:c6:8c:24:d0:f2:5f:25:fd:72:f7:56:15:
         d0:fb:8f:1e:c5:a9:a5:16:17:5a:cd:30:49:cc:9c:36:a7:0f:
         2f:65:57:19:6a:6d:43:63:6f:bc:5f:b4:ad:bc:f0:c3:de:2a:
         2b:fe:cf:5b:08:03:85:b0:03:52:8b:0d:19:63:ad:72:3f:fa:
         43:c2:dd:ac:78:0e:ea:16:22:9a:af:1f:19:52:e8:dc:5c:7f:
         6f:49:cd:64:0a:08:e7:8c:1b:a6:12:d8:ef:38:c9:2a:e4:f5:
         a4:10:89:ac:57:c5:23:45:15:e5:8d:41:95:ec:62:46:29:61:
         16:df:e7:59:35:cb:1b:ab:00:3c:b8:be:50:c9:4d:e2:f2:0a:
         be:8e:14:9f:6b:ad:e4:8c:dd:2e:04:bd:13:32:2e:8d:4e:89:
         0a:8b:15:0e:b4:78:a8:ff:05:ff:c5:58:ab:ba:cb:89:cd:52:
         77:99:5e:4f:59:b2:91:dd:7d:17:25:78:7f:bc:3b:51:7a:94:
         b1:cb:be:e1:0d:b4:16:97:b1:11:1c:f2:b1:4c:15:87:2e:3e:
         d0:9d:fa:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/zAh2hoRu+RIWzwsd8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjQwMTAxMjAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjc4YzBhNWM3M2Q1NTM2NmNhZjY4Y2VkNjZmOGVmZmEyMzNkNjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrxXxR2D/cAHHssU1xfesQVsiUuH
8rifR++127R63aLdXKaMTFjimaGNR+OQMTYdgUO9rwX9jSq/Dnuo+X1KEEMASfAF
Qk6sP5Qlxa3IffreKIxkgVwvFriqodp4nhtQgnzUuVeBaikoj9VCGzxuGhP9z8mw
OZAVloW9zn+r2vpRyEFz+KwEBl/0MEsvqkFgHHLKqWNcETKInf2CsrnWXAePrweT
x75fJ7qNaV1HjU4zF3VRIcS3YyWKlV3prXuT6aGLAViEwCb1z0U4JjlwBWzqbH+p
fbWd+znGf1RvCkPASeHh6+1ta9JFIxDPdBjwUpP6WZUQorchCvKWzReg8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEt4wKXHPVU2bK9oztZvjv+iM9aMMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvUzNqQXBjYzlWVFpzcjJqTzFtLU9fNkl6MW93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUJcMA0G
CSqGSIb3DQEBCwUAA4IBAQBcRSZtXvpl2YeFW780ihbA5yump3+PC/75ljtKt/iz
Dhd/Inff0PWPETzGjCTQ8l8l/XL3VhXQ+48examlFhdazTBJzJw2pw8vZVcZam1D
Y2+8X7StvPDD3ior/s9bCAOFsANSiw0ZY61yP/pDwt2seA7qFiKarx8ZUujcXH9v
Sc1kCgjnjBumEtjvOMkq5PWkEImsV8UjRRXljUGV7GJGKWEW3+dZNcsbqwA8uL5Q
yU3i8gq+jhSfa63kjN0uBL0TMi6NTokKixUOtHio/wX/xVirusuJzVJ3mV5PWbKR
3X0XJXh/vDtRepSxy77hDbQWl7ERHPKxTBWHLj7Qnfpe
-----END CERTIFICATE-----