Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/jTp6Bu2AJ9eG6B-LPC2PwvArTWA.roa
File:                     jTp6Bu2AJ9eG6B-LPC2PwvArTWA.roa (raw, json)
Hash identifier:          rngLgA4hOSSEmOFMR5yVVw2gsto/KirePHhqTa3+O50=
Subject key identifier:   8D:3A:7A:06:ED:80:27:D7:86:E8:1F:8B:3C:2D:8F:C2:F0:2B:4D:60
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       018CC794E3BD2C32CA367D045B4D0051B933
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/jTp6Bu2AJ9eG6B-LPC2PwvArTWA.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208393
IP address blocks:        45.141.52.0/24 maxlen: 24
                          2a05:4741:f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e3:bd:2c:32:ca:36:7d:04:5b:4d:00:51:b9:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d3a7a06ed8027d786e81f8b3c2d8fc2f02b4d60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:47:e1:b9:50:27:42:fe:aa:ce:6b:8f:08:a2:
                    f2:3e:38:74:50:34:41:ed:12:56:59:d5:77:96:af:
                    81:c8:a7:9a:4b:f5:7e:0a:08:dd:0f:83:e2:4c:04:
                    d0:08:b6:3f:c3:5f:c8:f8:1a:11:e4:4b:24:1d:81:
                    8d:fa:c9:80:88:a9:dd:a3:81:79:b6:ca:40:8a:0d:
                    a5:d2:0a:7f:fe:3d:3d:ab:24:7e:e9:ea:22:e8:68:
                    d9:16:c1:d9:ec:6c:d9:3f:6c:93:7c:72:3c:b4:f4:
                    87:2d:0e:ec:e9:17:3e:c4:a8:be:07:a4:a2:bb:07:
                    8a:5f:2c:5c:b5:3b:3e:46:0b:a4:a0:13:07:fe:7b:
                    48:9b:36:cb:64:f2:c8:b1:d9:b5:64:eb:ae:eb:87:
                    d0:cf:c7:d8:92:54:e1:3a:e8:58:27:25:07:2d:8d:
                    2a:25:58:56:b4:00:4b:77:29:0d:95:a6:1e:aa:d0:
                    b4:2a:43:7d:89:5e:96:75:2e:55:5a:6f:3c:56:17:
                    39:00:be:8f:f4:d7:9a:11:c5:1b:fa:2e:13:d1:82:
                    ee:4e:b5:5b:0e:57:01:86:8d:cb:f3:86:0e:db:1a:
                    19:ce:d6:79:66:07:21:f6:d6:6b:36:1e:41:98:3a:
                    8f:a5:01:d9:51:f4:b8:b0:7e:de:4f:9d:60:b1:37:
                    fa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:3A:7A:06:ED:80:27:D7:86:E8:1F:8B:3C:2D:8F:C2:F0:2B:4D:60
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/jTp6Bu2AJ9eG6B-LPC2PwvArTWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.52.0/24
                IPv6:
                  2a05:4741:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:22:e2:38:f6:b7:ea:e6:ee:5e:5d:bd:0a:a4:22:03:d2:b5:
         f8:23:79:ef:e3:83:63:70:7e:b8:d0:6f:33:95:0b:6a:c2:dd:
         d7:74:81:ce:57:4e:bb:e7:3a:73:0b:ce:c8:99:1a:f9:ad:46:
         56:5f:5c:2e:28:6d:d2:7c:41:33:48:6c:e0:fd:24:7c:ec:b6:
         13:ea:18:e2:0d:d4:de:d9:6f:27:f5:c2:e2:3a:c7:06:13:12:
         dd:12:fd:37:9f:ef:78:9f:9c:3b:d8:86:cd:f8:94:36:06:30:
         d8:87:55:63:14:63:e8:37:69:c4:b0:b9:91:b9:77:03:25:53:
         0e:11:8e:de:20:49:27:bb:f3:fa:05:a3:c5:2b:17:20:2a:05:
         c7:d2:e5:28:cd:62:7d:26:08:1c:cb:0a:d9:a2:b2:1b:aa:58:
         5c:e6:de:51:c4:da:4d:f5:18:64:91:cc:28:e6:86:1f:62:cb:
         7d:50:20:ae:fa:6a:03:a0:95:2c:fd:f3:24:10:0d:fa:5d:47:
         a8:e5:a9:5e:6d:99:95:77:b7:bc:0c:df:bd:e0:e8:3b:28:03:
         62:83:73:8a:a8:69:c4:e2:98:9f:61:a7:ad:c2:3d:21:1a:6f:
         ae:2a:0b:33:75:a0:3d:51:66:ea:e5:46:cf:d9:f8:b9:51:86:
         e9:8d:4f:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlOO9LDLKNn0EW00AUbkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDNhN2EwNmVkODAyN2Q3ODZlODFmOGIzYzJkOGZjMmYwMmI0ZDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEfhuVAnQv6qzmuPCKLyPjh0UDRB
7RJWWdV3lq+ByKeaS/V+CgjdD4PiTATQCLY/w1/I+BoR5EskHYGN+smAiKndo4F5
tspAig2l0gp//j09qyR+6eoi6GjZFsHZ7GzZP2yTfHI8tPSHLQ7s6Rc+xKi+B6Si
uweKXyxctTs+RgukoBMH/ntImzbLZPLIsdm1ZOuu64fQz8fYklThOuhYJyUHLY0q
JVhWtABLdykNlaYeqtC0KkN9iV6WdS5VWm88Vhc5AL6P9NeaEcUb+i4T0YLuTrVb
DlcBho3L84YO2xoZztZ5Zgch9tZrNh5BmDqPpQHZUfS4sH7eT51gsTf6VQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI06egbtgCfXhugfizwtj8LwK01gMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvalRwNkJ1MkFKOWVHNkItTFBDMlB3dkFyVFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALY00MA8E
AgACMAkDBwAqBUdBAA8wDQYJKoZIhvcNAQELBQADggEBABUi4jj2t+rm7l5dvQqk
IgPStfgjee/jg2NwfrjQbzOVC2rC3dd0gc5XTrvnOnMLzsiZGvmtRlZfXC4obdJ8
QTNIbOD9JHzsthPqGOIN1N7Zbyf1wuI6xwYTEt0S/Tef73ifnDvYhs34lDYGMNiH
VWMUY+g3acSwuZG5dwMlUw4Rjt4gSSe78/oFo8UrFyAqBcfS5SjNYn0mCBzLCtmi
shuqWFzm3lHE2k31GGSRzCjmhh9iy31QIK76agOglSz98yQQDfpdR6jlqV5tmZV3
t7wM373g6DsoA2KDc4qoacTimJ9hp63CPSEab64qCzN1oD1RZurlRs/Z+LlRhumN
T0U=
-----END CERTIFICATE-----