Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/RTbp2C_JufxhSE6E9Z7q0C_-2Nc.roa
File:                     RTbp2C_JufxhSE6E9Z7q0C_-2Nc.roa (raw, json)
Hash identifier:          XEKwAstyy5njwmxAODyaNM4Bxjm7z3t9Mv5oNBlUal4=
Subject key identifier:   45:36:E9:D8:2F:C9:B9:FC:61:48:4E:84:F5:9E:EA:D0:2F:FE:D8:D7
Certificate issuer:       /CN=4eeb86abd5374e553098209075b9afecabef333a
Certificate serial:       018CC34943DA4E2C493587BB192B4EE04909
Authority key identifier: 4E:EB:86:AB:D5:37:4E:55:30:98:20:90:75:B9:AF:EC:AB:EF:33:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/RTbp2C_JufxhSE6E9Z7q0C_-2Nc.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31463
IP address blocks:        195.191.164.0/24 maxlen: 24
                          2a10:4a40:4ddc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:43:da:4e:2c:49:35:87:bb:19:2b:4e:e0:49:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eeb86abd5374e553098209075b9afecabef333a
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4536e9d82fc9b9fc61484e84f59eead02ffed8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f6:a3:0a:5a:0a:7b:92:ea:61:d0:a2:85:08:
                    5c:50:e1:bc:46:6b:1b:2a:17:93:64:f5:36:c8:f5:
                    13:d3:76:b8:df:5c:33:45:46:cd:8c:bb:41:80:be:
                    4b:61:2e:92:46:6f:11:2e:9c:c2:22:bd:e4:11:87:
                    38:2b:5c:e6:5f:33:a0:5e:ec:ee:49:4d:c6:82:0b:
                    1e:6f:f7:8c:e4:28:8b:e2:9d:1a:17:6a:ff:e5:2b:
                    bd:cf:f8:85:99:a5:9f:c6:40:1a:3b:7f:3a:89:2d:
                    c9:e0:2f:07:25:a3:3f:7d:88:50:7f:9f:b3:34:82:
                    25:20:db:60:d8:de:ac:fd:d8:61:be:61:29:de:82:
                    88:9e:c7:e0:fc:54:47:db:8b:eb:86:cf:1a:c7:da:
                    f6:7a:7a:72:ef:27:bd:00:e3:bf:79:d2:29:38:32:
                    ff:c5:42:9d:45:bd:e2:86:1e:07:51:f5:51:c2:d9:
                    5f:86:e2:83:69:3d:dd:9f:74:ee:bf:92:ad:57:47:
                    07:d7:ea:a3:cc:0e:30:ad:79:d2:a3:89:3a:bf:d3:
                    09:0a:71:ca:f3:eb:48:ee:1d:5b:09:cf:89:75:5e:
                    38:e4:a6:ba:3c:68:7a:68:24:be:ea:ea:1b:e6:dd:
                    b3:7a:ae:0e:ef:e7:69:39:d6:ef:13:17:9b:ec:f8:
                    5e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:36:E9:D8:2F:C9:B9:FC:61:48:4E:84:F5:9E:EA:D0:2F:FE:D8:D7
            X509v3 Authority Key Identifier:
                keyid:4E:EB:86:AB:D5:37:4E:55:30:98:20:90:75:B9:AF:EC:AB:EF:33:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/RTbp2C_JufxhSE6E9Z7q0C_-2Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.164.0/24
                IPv6:
                  2a10:4a40:4ddc::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:15:a0:25:17:42:3a:21:b1:4c:83:ba:88:b5:cc:11:92:8c:
         d0:3a:77:5d:db:a8:80:d5:85:43:4e:13:3e:31:fe:63:b4:18:
         35:0e:ec:5b:bf:f6:aa:f2:93:87:75:19:46:4d:4f:cc:08:4b:
         b9:bf:4e:b7:21:13:fd:6f:7c:fc:2c:16:b6:e5:5f:16:ae:b3:
         01:72:27:5c:91:28:03:31:ba:78:94:83:50:36:ef:8d:d6:3f:
         d6:c6:db:21:1e:6b:12:2e:84:63:a4:15:8c:c0:98:df:06:8b:
         62:bb:b5:2f:f2:e9:72:49:3f:45:6a:cb:72:81:8d:8e:68:13:
         75:a2:74:42:43:b7:39:52:6b:11:22:07:8a:c9:09:07:13:57:
         0e:de:ce:c3:a1:c2:dc:e7:c6:8c:f6:31:43:14:58:fd:1f:1d:
         1f:c6:67:d0:dd:56:d8:46:56:6b:2d:fd:31:4f:c2:5b:3e:75:
         5f:22:0e:ad:57:cd:7f:14:77:9c:d3:c5:02:69:d4:f3:ff:f9:
         7f:60:88:ed:7f:51:fe:94:71:31:c2:30:59:ab:9f:17:66:67:
         8d:4f:90:fe:cf:09:95:d1:15:8e:17:30:2c:28:3c:3d:1e:21:
         1c:2d:0e:c9:56:d9:fc:32:ef:b3:18:d7:de:90:62:2c:44:2d:
         b1:f2:8a:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSUPaTixJNYe7GStO4EkJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWI4NmFiZDUzNzRlNTUzMDk4MjA5MDc1YjlhZmVjYWJl
ZjMzM2EwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTM2ZTlkODJmYzliOWZjNjE0ODRlODRmNTllZWFkMDJmZmVkOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPajCloKe5LqYdCihQhcUOG8Rmsb
KheTZPU2yPUT03a431wzRUbNjLtBgL5LYS6SRm8RLpzCIr3kEYc4K1zmXzOgXuzu
SU3Gggseb/eM5CiL4p0aF2r/5Su9z/iFmaWfxkAaO386iS3J4C8HJaM/fYhQf5+z
NIIlINtg2N6s/dhhvmEp3oKInsfg/FRH24vrhs8ax9r2enpy7ye9AOO/edIpODL/
xUKdRb3ihh4HUfVRwtlfhuKDaT3dn3Tuv5KtV0cH1+qjzA4wrXnSo4k6v9MJCnHK
8+tI7h1bCc+JdV445Ka6PGh6aCS+6uob5t2zeq4O7+dpOdbvExeb7PheqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEU26dgvybn8YUhOhPWe6tAv/tjXMB8GA1UdIwQY
MBaAFE7rhqvVN05VMJggkHW5r+yr7zM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHV1R3E5VTNUbFV3bUNDUWRibXY3S3Z2TXpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zZTVjOTYtN2U5NS00Nzk3LWFhNmEt
YTg5NzhlM2FhZTk4LzEvUlRicDJDX0p1ZnhoU0U2RTlaN3EwQ18tMk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zZTVjOTYtN2U5NS00Nzk3LWFhNmEtYTg5NzhlM2FhZTk4
LzEvVHV1R3E5VTNUbFV3bUNDUWRibXY3S3Z2TXpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw7+kMA8E
AgACMAkDBwAqEEpATdwwDQYJKoZIhvcNAQELBQADggEBAF4VoCUXQjohsUyDuoi1
zBGSjNA6d13bqIDVhUNOEz4x/mO0GDUO7Fu/9qryk4d1GUZNT8wIS7m/TrchE/1v
fPwsFrblXxauswFyJ1yRKAMxuniUg1A2743WP9bG2yEeaxIuhGOkFYzAmN8Gi2K7
tS/y6XJJP0Vqy3KBjY5oE3WidEJDtzlSaxEiB4rJCQcTVw7ezsOhwtznxoz2MUMU
WP0fHR/GZ9DdVthGVmst/TFPwls+dV8iDq1XzX8Ud5zTxQJp1PP/+X9giO1/Uf6U
cTHCMFmrnxdmZ41PkP7PCZXRFY4XMCwoPD0eIRwtDslW2fwy77MY196QYixELbHy
inU=
-----END CERTIFICATE-----