Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/JmSaixQZb_mwVrlSNBnYiUug5ME.roa
File:                     JmSaixQZb_mwVrlSNBnYiUug5ME.roa (raw, json)
Hash identifier:          s9Crc7Ls0/TERUaENGv8P5bUwB4QshZ+9Afq00OrUZg=
Subject key identifier:   26:64:9A:8B:14:19:6F:F9:B0:56:B9:52:34:19:D8:89:4B:A0:E4:C1
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       018CC86F3675BD825C4FEA338914C55CAFCE
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/JmSaixQZb_mwVrlSNBnYiUug5ME.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134823
IP address blocks:        45.11.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:36:75:bd:82:5c:4f:ea:33:89:14:c5:5c:af:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26649a8b14196ff9b056b9523419d8894ba0e4c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:48:5c:29:5f:91:3a:8a:b1:6c:98:c8:ed:b2:
                    f1:03:01:a4:11:a6:2a:80:16:da:a3:ee:4e:69:59:
                    46:f6:1d:f8:ea:36:f0:75:9a:78:da:eb:74:8d:bd:
                    70:79:d1:3f:45:41:fd:0a:24:7e:4a:bc:99:4c:48:
                    0d:28:30:ee:ad:b1:de:37:d8:e6:67:13:bf:a4:81:
                    f1:00:49:65:4a:a8:d1:43:fe:f0:4d:f8:90:73:1c:
                    50:f7:e2:88:4b:73:c7:5e:68:98:ad:c1:72:1a:9f:
                    c5:45:bc:5d:a8:a0:ba:f5:3a:77:21:37:97:fa:2e:
                    b2:09:34:f0:91:09:e5:03:0b:7f:9f:63:5d:d1:b6:
                    d5:b4:a1:57:d4:7e:f6:08:7a:ac:4b:97:3d:f1:c0:
                    70:e7:89:40:24:be:8f:18:94:dd:35:3d:13:1f:55:
                    86:2c:54:dc:46:d9:04:90:0f:70:b0:b0:b4:03:4a:
                    93:d9:08:e4:e3:bf:03:69:01:f7:12:6b:4d:c6:28:
                    f2:08:0c:93:a2:e6:ec:11:95:07:16:69:f1:a4:b2:
                    6a:e9:a2:7d:74:a4:39:1b:cd:57:ed:38:cc:e3:72:
                    be:c6:51:6b:d2:f4:4b:38:ad:60:88:23:6f:e3:1e:
                    1b:25:5d:1e:35:f4:99:aa:5d:bb:f9:53:8c:f5:c2:
                    08:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:64:9A:8B:14:19:6F:F9:B0:56:B9:52:34:19:D8:89:4B:A0:E4:C1
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/JmSaixQZb_mwVrlSNBnYiUug5ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:72:e1:1a:f2:b0:2e:73:90:c1:b3:d2:d7:02:07:eb:41:c6:
         7c:48:c4:a2:81:10:76:9e:b1:a3:e8:78:07:76:5a:59:0f:7d:
         3d:e3:f8:f5:2c:a8:8f:3a:51:eb:2a:02:f0:bc:2e:9c:8c:c7:
         00:13:c8:12:4e:cb:a6:13:36:3f:fa:33:13:a0:af:46:96:cf:
         c3:3e:39:f2:e6:70:9d:26:46:df:d7:bd:e8:f3:24:06:3e:74:
         46:25:7b:47:b4:d9:b1:bd:d9:26:10:56:62:09:24:fb:b1:46:
         97:41:71:da:7b:25:84:40:27:c0:5a:6a:78:38:f0:f6:9c:ad:
         2a:4b:d6:3d:1e:23:ee:41:7d:5a:99:e6:7f:97:8e:65:6a:d0:
         13:ed:c8:b3:33:4d:a2:16:a8:c5:1e:0b:d4:55:c8:59:3a:bf:
         d2:20:2f:94:98:b9:e2:6f:8a:6c:9d:1c:63:a7:84:d2:fd:58:
         5b:c1:8e:24:93:49:70:3e:57:55:be:e1:fb:0b:2b:54:06:02:
         70:13:ad:9e:36:d5:a3:7f:9f:aa:b5:05:aa:04:fc:45:e0:ad:
         ff:2e:da:1f:da:2e:b1:d7:a8:12:68:df:d4:69:97:9a:21:e8:
         dc:64:6a:fd:e4:8a:88:98:e7:7b:b4:93:a3:42:e0:b2:07:32:
         15:a3:37:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzZ1vYJcT+oziRTFXK/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjY0OWE4YjE0MTk2ZmY5YjA1NmI5NTIzNDE5ZDg4OTRiYTBlNGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkhcKV+ROoqxbJjI7bLxAwGkEaYq
gBbao+5OaVlG9h346jbwdZp42ut0jb1wedE/RUH9CiR+SryZTEgNKDDurbHeN9jm
ZxO/pIHxAEllSqjRQ/7wTfiQcxxQ9+KIS3PHXmiYrcFyGp/FRbxdqKC69Tp3ITeX
+i6yCTTwkQnlAwt/n2Nd0bbVtKFX1H72CHqsS5c98cBw54lAJL6PGJTdNT0TH1WG
LFTcRtkEkA9wsLC0A0qT2Qjk478DaQH3EmtNxijyCAyToubsEZUHFmnxpLJq6aJ9
dKQ5G81X7TjM43K+xlFr0vRLOK1giCNv4x4bJV0eNfSZql27+VOM9cIImQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZkmosUGW/5sFa5UjQZ2IlLoOTBMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvSm1TYWl4UVpiX213VnJsU05CbllpVXVnNU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQtOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5cuEa8rAuc5DBs9LXAgfrQcZ8SMSigRB2nrGj6HgH
dlpZD3094/j1LKiPOlHrKgLwvC6cjMcAE8gSTsumEzY/+jMToK9Gls/DPjny5nCd
Jkbf173o8yQGPnRGJXtHtNmxvdkmEFZiCST7sUaXQXHaeyWEQCfAWmp4OPD2nK0q
S9Y9HiPuQX1ameZ/l45latAT7cizM02iFqjFHgvUVchZOr/SIC+UmLnib4psnRxj
p4TS/VhbwY4kk0lwPldVvuH7CytUBgJwE62eNtWjf5+qtQWqBPxF4K3/Ltof2i6x
16gSaN/UaZeaIejcZGr95IqImOd7tJOjQuCyBzIVozfA
-----END CERTIFICATE-----