Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/5BxrlgOvPfwVxPZO4nKf4olhPwo.roa
File:                     5BxrlgOvPfwVxPZO4nKf4olhPwo.roa (raw, json)
Hash identifier:          jUuP+lYEOUHHncUV+rsyPrC3A7tGxKQVH6RENu06R7U=
Subject key identifier:   E4:1C:6B:96:03:AF:3D:FC:15:C4:F6:4E:E2:72:9F:E2:89:61:3F:0A
Certificate issuer:       /CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
Certificate serial:       018CC9BCF18EC7242BB14C40C3473BFE3A2C
Authority key identifier: 4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/5BxrlgOvPfwVxPZO4nKf4olhPwo.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48278
IP address blocks:        94.244.0.0/18 maxlen: 22
                          185.191.148.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f1:8e:c7:24:2b:b1:4c:40:c3:47:3b:fe:3a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e41c6b9603af3dfc15c4f64ee2729fe289613f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:df:56:53:32:39:8f:5c:2b:e2:28:f3:fa:50:
                    b4:c8:0c:b3:46:bc:09:15:dc:2f:98:b2:d1:0e:fe:
                    f8:d3:eb:34:28:8e:a6:77:b7:d4:d4:1c:8b:b2:02:
                    6a:4b:d2:41:a4:58:24:6b:fb:77:5e:d7:59:95:64:
                    c4:f5:38:05:f7:93:ef:2e:29:15:e7:75:f3:bf:d5:
                    d3:ef:a5:55:7c:a0:99:1e:a2:dc:30:0a:19:d0:39:
                    27:17:4d:0e:e4:6e:e4:2e:ad:d8:33:21:c7:de:5f:
                    fb:8e:15:6b:e5:b2:41:48:85:9f:87:a7:76:19:5d:
                    52:93:a9:32:11:fa:e1:b2:60:b0:f4:f7:1d:f7:bb:
                    78:c4:2f:02:1e:65:3a:e8:d8:47:1f:68:da:9c:e2:
                    6b:68:eb:79:99:3d:22:14:bc:8f:71:fa:6b:b3:c5:
                    29:f9:a4:41:d2:c8:f5:cf:21:5b:41:16:d0:78:c9:
                    64:88:73:3a:ac:fa:81:11:b5:86:ef:37:95:e3:2e:
                    c9:ce:fd:63:39:e4:70:da:3e:f1:73:49:14:0f:bc:
                    fb:04:79:80:56:93:8b:0f:4a:f7:27:6b:35:9e:ba:
                    85:c4:29:c8:3a:4a:01:50:d8:80:1a:98:2e:24:f0:
                    e5:c6:83:3b:b3:26:c8:ec:52:66:a1:43:9c:7f:a9:
                    c1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:1C:6B:96:03:AF:3D:FC:15:C4:F6:4E:E2:72:9F:E2:89:61:3F:0A
            X509v3 Authority Key Identifier:
                keyid:4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/5BxrlgOvPfwVxPZO4nKf4olhPwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.244.0.0/18
                  185.191.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:2d:27:30:93:93:d1:62:85:09:9f:4f:c8:f4:cc:62:67:3c:
         56:8b:24:6b:2f:c2:b4:a9:6e:1a:35:cb:f4:6f:e3:09:54:90:
         89:d1:35:fe:e8:cc:83:58:21:bb:32:81:5b:47:51:c4:67:00:
         d2:9a:a3:6f:5a:e6:96:9b:5c:e0:96:3a:45:7e:46:44:d8:66:
         2d:16:3e:08:d8:28:bb:8b:96:83:9e:53:2e:a7:9f:aa:17:6b:
         52:78:bf:10:99:9a:78:d3:21:4c:fd:c0:dd:0b:b3:b3:48:c1:
         5d:03:18:47:4f:ec:6b:f3:ca:29:d2:f8:2a:2d:f9:e3:01:13:
         2a:32:5c:a4:20:aa:ff:e1:f8:97:f3:a4:8d:65:14:96:11:73:
         22:12:2a:dc:a8:e7:86:f1:95:65:4e:92:64:9a:58:70:30:89:
         ad:88:8b:66:50:f9:b7:cf:51:d4:73:3e:ad:91:a3:77:f5:44:
         fb:3a:3f:40:0e:7e:c7:60:80:39:a5:c2:67:19:6b:e9:2d:73:
         b8:c9:ce:4c:a9:14:82:8a:62:db:f5:88:f0:20:6f:a0:5e:1c:
         23:b9:f9:27:31:1f:87:86:57:c3:1a:70:f7:6c:28:74:63:77:
         0c:e0:25:7c:84:22:4d:71:00:76:12:67:e1:e8:ae:c5:d7:5c:
         e1:d8:ec:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvPGOxyQrsUxAw0c7/josMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzc4OWVjZjY3ZTA0Mjk4YzVlZTQ0YzY3ZDhmYjdmNWQ2
ZDk1YTEwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDFjNmI5NjAzYWYzZGZjMTVjNGY2NGVlMjcyOWZlMjg5NjEzZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm99WUzI5j1wr4ijz+lC0yAyzRrwJ
FdwvmLLRDv740+s0KI6md7fU1ByLsgJqS9JBpFgka/t3XtdZlWTE9TgF95PvLikV
53Xzv9XT76VVfKCZHqLcMAoZ0DknF00O5G7kLq3YMyHH3l/7jhVr5bJBSIWfh6d2
GV1Sk6kyEfrhsmCw9Pcd97t4xC8CHmU66NhHH2janOJraOt5mT0iFLyPcfprs8Up
+aRB0sj1zyFbQRbQeMlkiHM6rPqBEbWG7zeV4y7Jzv1jOeRw2j7xc0kUD7z7BHmA
VpOLD0r3J2s1nrqFxCnIOkoBUNiAGpguJPDlxoM7sybI7FJmoUOcf6nBxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOQca5YDrz38FcT2TuJyn+KJYT8KMB8GA1UdIwQY
MBaAFEw3iez2fgQpjF7kTGfY+39dbZWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMt
MWRjNTRkMWMwM2EzLzEvNUJ4cmxnT3ZQZndWeFBaTzRuS2Y0b2xoUHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMtMWRjNTRkMWMwM2Ez
LzEvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGXvQAAwQC
ub+UMA0GCSqGSIb3DQEBCwUAA4IBAQCjLScwk5PRYoUJn0/I9MxiZzxWiyRrL8K0
qW4aNcv0b+MJVJCJ0TX+6MyDWCG7MoFbR1HEZwDSmqNvWuaWm1zgljpFfkZE2GYt
Fj4I2Ci7i5aDnlMup5+qF2tSeL8QmZp40yFM/cDdC7OzSMFdAxhHT+xr88op0vgq
LfnjARMqMlykIKr/4fiX86SNZRSWEXMiEircqOeG8ZVlTpJkmlhwMImtiItmUPm3
z1HUcz6tkaN39UT7Oj9ADn7HYIA5pcJnGWvpLXO4yc5MqRSCimLb9YjwIG+gXhwj
ufknMR+HhlfDGnD3bCh0Y3cM4CV8hCJNcQB2Emfh6K7F11zh2OzX
-----END CERTIFICATE-----