Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/d2e8d7-593f-4afb-b6b3-b9d8cfc19cec/1/niQ0B_M6y_ooQAQPiDCOWKIJ-2M.roa
File:                     niQ0B_M6y_ooQAQPiDCOWKIJ-2M.roa (raw, json)
Hash identifier:          L0ceQXvS8/hhMio3TcqB2qRQ3vTIEFS52L8oLbWjLqI=
Subject key identifier:   9E:24:34:07:F3:3A:CB:FA:28:40:04:0F:88:30:8E:58:A2:09:FB:63
Certificate issuer:       /CN=545ab2a3712e2556a4434b8badd6c407a5673121
Certificate serial:       018CC5005B83C766C01B26DA8A866C84BBAA
Authority key identifier: 54:5A:B2:A3:71:2E:25:56:A4:43:4B:8B:AD:D6:C4:07:A5:67:31:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VFqyo3EuJVakQ0uLrdbEB6VnMSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/d2e8d7-593f-4afb-b6b3-b9d8cfc19cec/1/niQ0B_M6y_ooQAQPiDCOWKIJ-2M.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56727
IP address blocks:        178.237.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/d2e8d7-593f-4afb-b6b3-b9d8cfc19cec/1/VFqyo3EuJVakQ0uLrdbEB6VnMSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/d2e8d7-593f-4afb-b6b3-b9d8cfc19cec/1/VFqyo3EuJVakQ0uLrdbEB6VnMSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VFqyo3EuJVakQ0uLrdbEB6VnMSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5b:83:c7:66:c0:1b:26:da:8a:86:6c:84:bb:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=545ab2a3712e2556a4434b8badd6c407a5673121
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e243407f33acbfa2840040f88308e58a209fb63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:d5:fa:f9:c1:ab:7d:f0:7d:86:15:ed:c1:
                    ef:8d:1d:7d:c6:68:9c:17:6c:c5:52:9f:9f:9e:37:
                    d2:39:f5:50:c0:e6:54:d0:30:93:80:40:fe:b4:34:
                    6b:89:ac:28:00:35:71:e6:6c:ff:22:d5:b9:fa:04:
                    34:61:f3:23:d8:35:cd:21:f9:d2:f2:2e:36:86:eb:
                    58:42:9d:6a:6a:82:15:d2:06:55:3a:f3:34:b5:08:
                    eb:a9:09:17:9b:56:af:a7:80:f9:0d:3c:a0:a2:e4:
                    b8:88:09:52:1f:86:de:09:14:bc:20:09:d4:8a:0d:
                    00:45:f0:11:04:89:0c:f5:56:47:c9:bf:8c:56:b8:
                    bc:44:db:e4:2e:1b:73:47:b7:bd:16:a4:61:90:03:
                    ad:33:62:91:5c:f5:02:cd:62:48:50:b6:c0:6b:b4:
                    2a:2c:88:91:ec:56:59:da:99:99:1d:fd:7b:d4:cd:
                    2e:4e:50:c7:9d:ee:91:9d:23:d9:5f:67:0f:cd:0f:
                    d4:56:99:64:08:c2:c1:cd:7d:dd:64:31:40:01:b1:
                    7c:47:68:a3:5e:d2:e4:dc:c8:ce:02:8f:87:be:7c:
                    eb:31:f7:69:08:14:65:cf:20:62:bf:f7:c5:eb:52:
                    02:0c:ae:33:2c:d9:f8:25:ef:9f:2a:82:b2:91:45:
                    b5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:24:34:07:F3:3A:CB:FA:28:40:04:0F:88:30:8E:58:A2:09:FB:63
            X509v3 Authority Key Identifier:
                keyid:54:5A:B2:A3:71:2E:25:56:A4:43:4B:8B:AD:D6:C4:07:A5:67:31:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VFqyo3EuJVakQ0uLrdbEB6VnMSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/d2e8d7-593f-4afb-b6b3-b9d8cfc19cec/1/niQ0B_M6y_ooQAQPiDCOWKIJ-2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/d2e8d7-593f-4afb-b6b3-b9d8cfc19cec/1/VFqyo3EuJVakQ0uLrdbEB6VnMSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:9d:f7:c0:28:e7:86:5c:ce:01:ce:23:4e:18:73:e1:ab:49:
         74:3f:c1:45:e6:55:08:c2:6f:f4:46:06:17:1f:63:77:ac:5f:
         68:e3:7f:fb:e1:e7:0a:bb:95:d8:3b:04:14:be:a6:a6:33:0b:
         a5:5d:26:e8:be:ff:c4:88:32:23:38:57:e8:46:bf:3a:e7:63:
         50:9a:de:cf:38:a2:f9:1c:27:3a:51:76:97:91:fc:a2:b9:9f:
         48:44:61:0e:f3:d8:67:ef:61:ee:ab:3c:07:67:b2:e8:32:75:
         72:ed:bc:4e:0e:2d:2d:33:a5:38:75:de:31:ce:0c:c8:22:eb:
         4f:9a:81:70:9c:a9:77:00:46:7e:c7:c5:1c:d9:be:c2:ee:7a:
         b3:4b:9c:e4:40:03:8e:2f:48:97:a1:8f:38:01:41:13:df:b5:
         ac:27:9c:99:5f:59:f2:13:87:d6:50:c9:c0:c4:6d:c9:fc:48:
         2b:f9:05:7e:0b:4b:25:0f:bb:4d:72:ee:ba:a2:52:6a:c6:5e:
         fa:c8:1c:8f:cf:02:68:bf:2d:48:3d:3d:47:47:af:ad:81:ca:
         33:d9:85:c4:b3:b1:c2:9b:fa:22:06:56:79:6d:90:f9:f2:17:
         32:f3:ff:44:2e:62:f4:72:b0:98:18:fb:4d:3d:61:6e:95:2f:
         81:fc:2a:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFuDx2bAGybaioZshLuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NWFiMmEzNzEyZTI1NTZhNDQzNGI4YmFkZDZjNDA3YTU2
NzMxMjEwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTI0MzQwN2YzM2FjYmZhMjg0MDA0MGY4ODMwOGU1OGEyMDlmYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsfV+vnBq33wfYYV7cHvjR19xmic
F2zFUp+fnjfSOfVQwOZU0DCTgED+tDRriawoADVx5mz/ItW5+gQ0YfMj2DXNIfnS
8i42hutYQp1qaoIV0gZVOvM0tQjrqQkXm1avp4D5DTygouS4iAlSH4beCRS8IAnU
ig0ARfARBIkM9VZHyb+MVri8RNvkLhtzR7e9FqRhkAOtM2KRXPUCzWJIULbAa7Qq
LIiR7FZZ2pmZHf171M0uTlDHne6RnSPZX2cPzQ/UVplkCMLBzX3dZDFAAbF8R2ij
XtLk3MjOAo+HvnzrMfdpCBRlzyBiv/fF61ICDK4zLNn4Je+fKoKykUW1AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4kNAfzOsv6KEAED4gwjliiCftjMB8GA1UdIwQY
MBaAFFRasqNxLiVWpENLi63WxAelZzEhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkZxeW8zRXVKVmFrUTB1THJkYkVCNlZuTVNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9kMmU4ZDctNTkzZi00YWZiLWI2YjMt
YjlkOGNmYzE5Y2VjLzEvbmlRMEJfTTZ5X29vUUFRUGlEQ09XS0lKLTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9kMmU4ZDctNTkzZi00YWZiLWI2YjMtYjlkOGNmYzE5Y2Vj
LzEvVkZxeW8zRXVKVmFrUTB1THJkYkVCNlZuTVNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsu0wMA0G
CSqGSIb3DQEBCwUAA4IBAQA4nffAKOeGXM4BziNOGHPhq0l0P8FF5lUIwm/0RgYX
H2N3rF9o43/74ecKu5XYOwQUvqamMwulXSbovv/EiDIjOFfoRr8652NQmt7POKL5
HCc6UXaXkfyiuZ9IRGEO89hn72HuqzwHZ7LoMnVy7bxODi0tM6U4dd4xzgzIIutP
moFwnKl3AEZ+x8Uc2b7C7nqzS5zkQAOOL0iXoY84AUET37WsJ5yZX1nyE4fWUMnA
xG3J/Egr+QV+C0slD7tNcu66olJqxl76yByPzwJovy1IPT1HR6+tgcoz2YXEs7HC
m/oiBlZ5bZD58hcy8/9ELmL0crCYGPtNPWFulS+B/Crg
-----END CERTIFICATE-----