Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/TsABlrE5h3Tnz0YH31l9kztUy-w.roa
File:                     TsABlrE5h3Tnz0YH31l9kztUy-w.roa (raw, json)
Hash identifier:          gLviUkL66CvDBzG2Ob+n1ixCLci2P+3SE+6Jz9N3t1I=
Subject key identifier:   4E:C0:01:96:B1:39:87:74:E7:CF:46:07:DF:59:7D:93:3B:54:CB:EC
Certificate issuer:       /CN=47ddbcce2628bf09fae6bf044218c657e8bd3c6e
Certificate serial:       019343467177DCF4D3792B57A89ECD6FEFD1
Authority key identifier: 47:DD:BC:CE:26:28:BF:09:FA:E6:BF:04:42:18:C6:57:E8:BD:3C:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/TsABlrE5h3Tnz0YH31l9kztUy-w.roa
Signing time:             Tue 19 Nov 2024 07:15:10 +0000
ROA not before:           Tue 19 Nov 2024 07:15:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215239
IP address blocks:        45.143.0.0/22 maxlen: 24
                          2a14:2d40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:46:71:77:dc:f4:d3:79:2b:57:a8:9e:cd:6f:ef:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47ddbcce2628bf09fae6bf044218c657e8bd3c6e
        Validity
            Not Before: Nov 19 07:15:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ec00196b1398774e7cf4607df597d933b54cbec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:70:08:a2:53:67:51:58:48:20:c3:5f:48:9b:
                    bd:aa:78:cc:8a:8f:82:8b:e6:bc:ab:bc:47:e0:f2:
                    d3:43:ef:60:8e:cc:a7:31:68:64:07:a0:f7:c4:af:
                    e7:36:dc:5b:3e:4b:87:a0:5b:68:a6:84:c8:e4:19:
                    dc:0e:5d:3d:ea:8e:0b:3d:af:72:df:58:d1:a7:21:
                    22:04:69:99:8a:77:3e:03:7b:b2:26:19:68:9b:b3:
                    a9:25:2f:81:ca:72:f5:1d:51:0e:b2:a8:2c:5c:c6:
                    96:6e:96:87:03:30:d1:4c:12:d4:60:b8:b1:14:8f:
                    5a:be:11:c4:f8:dd:af:33:c6:0a:f1:23:e3:fc:64:
                    5b:c2:5c:c2:8f:74:73:c1:67:03:3d:41:55:ef:36:
                    ab:56:1c:7f:7c:47:30:59:db:6b:ea:2a:78:c5:70:
                    35:80:9b:66:54:e1:37:e5:65:a9:f6:cf:cd:d1:10:
                    7a:f1:5d:76:fd:d4:fc:b5:b8:7b:e9:35:2c:dd:2c:
                    2a:1d:ea:60:99:4d:07:9b:49:83:ac:4b:83:20:f4:
                    0b:9b:40:cb:b9:7d:f4:6a:9d:03:0d:62:34:bf:5e:
                    6b:4e:51:4b:fd:7a:ed:87:e0:7a:11:13:4d:90:9e:
                    8b:01:88:58:51:1f:c4:13:b0:0d:48:0d:7b:8f:49:
                    35:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C0:01:96:B1:39:87:74:E7:CF:46:07:DF:59:7D:93:3B:54:CB:EC
            X509v3 Authority Key Identifier:
                keyid:47:DD:BC:CE:26:28:BF:09:FA:E6:BF:04:42:18:C6:57:E8:BD:3C:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/TsABlrE5h3Tnz0YH31l9kztUy-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.0.0/22
                IPv6:
                  2a14:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:41:2a:24:81:96:24:5f:a7:e6:6e:1f:7e:b5:59:43:e5:b5:
         bf:91:28:63:9f:ba:8a:b9:3f:3a:d5:98:7d:d4:6f:ee:03:ff:
         c7:30:bb:cb:2c:7f:c6:b3:e3:5e:35:18:60:f3:95:e1:d1:dc:
         4c:9e:52:46:20:bc:d2:c2:5e:4d:57:36:4c:9d:9d:4d:47:48:
         13:39:76:19:d7:6a:b7:03:6e:1b:98:2c:6a:1f:c1:8e:e3:b6:
         0f:a7:6f:f7:44:19:a7:9f:37:6e:31:f1:79:a9:dd:fe:77:20:
         11:8e:33:33:fd:b1:3a:24:04:c9:d9:e7:13:b3:3e:7b:e7:ee:
         ee:9b:ae:c2:12:87:d0:2f:b7:ff:3e:8f:21:18:b9:ff:78:1d:
         59:6f:d0:83:88:d7:f9:82:9f:1b:fe:63:69:05:64:b6:4c:8d:
         ba:bb:dc:9c:e1:3d:bc:45:42:57:ab:8e:fc:64:8b:a5:81:9a:
         90:18:e8:17:31:57:6b:cd:00:fd:90:cc:d3:2c:64:9c:b5:dd:
         7d:fb:4a:8b:9b:16:ea:fd:40:de:d8:fc:e6:89:db:2f:5c:69:
         3b:bd:72:52:62:c6:b7:8b:03:80:68:e4:f9:ca:82:5d:3b:c7:
         cf:b1:b5:46:3b:cc:bc:dc:c5:45:6d:a5:10:be:7f:50:04:47:
         4c:4b:5e:63
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZNDRnF33PTTeStXqJ7Nb+/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZGRiY2NlMjYyOGJmMDlmYWU2YmYwNDQyMThjNjU3ZThi
ZDNjNmUwHhcNMjQxMTE5MDcxNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWMwMDE5NmIxMzk4Nzc0ZTdjZjQ2MDdkZjU5N2Q5MzNiNTRjYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3AIolNnUVhIIMNfSJu9qnjMio+C
i+a8q7xH4PLTQ+9gjsynMWhkB6D3xK/nNtxbPkuHoFtopoTI5BncDl096o4LPa9y
31jRpyEiBGmZinc+A3uyJhlom7OpJS+BynL1HVEOsqgsXMaWbpaHAzDRTBLUYLix
FI9avhHE+N2vM8YK8SPj/GRbwlzCj3RzwWcDPUFV7zarVhx/fEcwWdtr6ip4xXA1
gJtmVOE35WWp9s/N0RB68V12/dT8tbh76TUs3SwqHepgmU0Hm0mDrEuDIPQLm0DL
uX30ap0DDWI0v15rTlFL/Xrth+B6ERNNkJ6LAYhYUR/EE7ANSA17j0k11QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE7AAZaxOYd0589GB99ZfZM7VMvsMB8GA1UdIwQY
MBaAFEfdvM4mKL8J+ua/BEIYxlfovTxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjkyOHppWW92d242NXI4RVFoakdWLWk5UEc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hM2IzNTUtOWFmYS00MzRlLTgwOTgt
NTBkNzA5YmZmZWI1LzEvVHNBQmxyRTVoM1RuejBZSDMxbDlrenRVeS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hM2IzNTUtOWFmYS00MzRlLTgwOTgtNTBkNzA5YmZmZWI1
LzEvUjkyOHppWW92d242NXI4RVFoakdWLWk5UEc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY8AMA0E
AgACMAcDBQMqFC1AMA0GCSqGSIb3DQEBCwUAA4IBAQBnQSokgZYkX6fmbh9+tVlD
5bW/kShjn7qKuT861Zh91G/uA//HMLvLLH/Gs+NeNRhg85Xh0dxMnlJGILzSwl5N
VzZMnZ1NR0gTOXYZ12q3A24bmCxqH8GO47YPp2/3RBmnnzduMfF5qd3+dyARjjMz
/bE6JATJ2ecTsz575+7um67CEofQL7f/Po8hGLn/eB1Zb9CDiNf5gp8b/mNpBWS2
TI26u9yc4T28RUJXq478ZIulgZqQGOgXMVdrzQD9kMzTLGSctd19+0qLmxbq/UDe
2PzmidsvXGk7vXJSYsa3iwOAaOT5yoJdO8fPsbVGO8y83MVFbaUQvn9QBEdMS15j
-----END CERTIFICATE-----