Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa
File:                     ENd_4DXVgmiBnmVxq95CSNLrb60.roa (raw, json)
Hash identifier:          9h0JnGEazMpRoExQ/VYY6ZTl9MyYX44xfG/oy11ZRns=
Subject key identifier:   10:D7:7F:E0:35:D5:82:68:81:9E:65:71:AB:DE:42:48:D2:EB:6F:AD
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9FB4D549720CC6DB568D5CBC1561
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61435
IP address blocks:        45.137.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9f:b4:d5:49:72:0c:c6:db:56:8d:5c:bc:15:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10d77fe035d58268819e6571abde4248d2eb6fad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:1d:b9:61:be:2e:61:97:9b:59:02:f1:b8:
                    56:da:94:2d:99:b5:b2:14:23:a9:af:25:1b:a1:e6:
                    e8:d7:bb:f6:1a:d4:c6:ec:84:e4:a9:16:aa:aa:04:
                    f5:0d:7e:f2:ac:9b:2e:34:5a:0d:0e:5b:bc:f5:d6:
                    8c:34:f5:43:23:f3:62:a4:ef:f3:e1:c0:ec:f2:74:
                    35:7f:b2:dc:d9:34:6d:b7:f3:e9:e6:e2:47:fc:c0:
                    3f:f6:31:f9:fc:62:20:7a:94:b5:d1:5f:3b:09:bd:
                    87:76:71:ab:fa:ef:21:88:19:55:aa:76:68:8d:c6:
                    41:b1:44:8c:dc:9c:bc:73:d5:aa:7b:ee:27:0b:ac:
                    51:f7:a1:5c:3b:e2:dd:c3:f1:07:0e:4f:70:72:e1:
                    ae:96:04:84:89:e8:ab:e6:10:8a:2c:4b:ce:79:6c:
                    12:99:f7:23:c8:76:cd:bb:38:66:25:d6:af:fe:b8:
                    72:59:03:ea:9e:2f:af:eb:de:a9:0f:08:d5:9b:c2:
                    bb:6e:5a:4f:c2:ce:a5:f7:ee:9e:d3:5b:7c:92:2d:
                    32:da:92:b4:20:8e:5f:3f:c4:37:29:e2:8d:37:28:
                    42:ac:fa:f5:d6:28:e1:39:54:f1:a1:a6:36:09:0b:
                    df:d7:31:90:02:26:2f:62:d4:81:86:ec:f8:9c:71:
                    09:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D7:7F:E0:35:D5:82:68:81:9E:65:71:AB:DE:42:48:D2:EB:6F:AD
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ed:19:7d:f7:8a:d9:d8:20:51:d5:9e:20:ad:a3:64:5e:c3:
         43:08:ae:6f:62:3b:89:ee:47:45:b1:28:87:51:a2:58:ad:c2:
         fb:a4:c4:44:c1:15:53:cb:9d:53:0e:37:99:ec:0e:90:29:f1:
         13:26:51:ef:f1:30:cd:8a:40:91:f7:b0:29:57:2c:f6:28:40:
         d4:8a:c2:89:7f:c1:48:6c:9a:5b:57:f0:9e:c2:5e:d2:1f:db:
         e6:0e:ac:7c:76:b1:9a:61:5b:46:82:2b:b6:df:a4:5a:b7:8e:
         18:dd:d3:da:08:d0:2a:3d:2c:9f:3f:cb:21:96:6e:35:30:08:
         ef:b8:f4:d5:32:e1:df:36:d4:cc:2f:f6:c0:ff:e5:7f:d4:18:
         63:cf:31:23:eb:96:7e:f9:24:13:ea:33:e8:1c:57:5b:24:93:
         8b:e4:83:c1:1a:7f:03:99:be:1d:86:1e:19:b3:96:55:38:6f:
         1b:7b:11:f4:b5:f2:0e:05:25:43:b5:af:7b:5a:63:30:e5:bd:
         27:44:48:9d:e7:69:ee:f0:8c:7a:28:1b:49:2a:59:dc:f9:99:
         15:b1:0d:72:1c:55:a8:72:59:4e:e4:2e:07:b8:ff:8f:eb:23:
         4c:20:75:ce:c0:bc:d3:e9:a7:4b:de:a1:91:a2:02:aa:7a:92:
         e1:ef:96:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35+01UlyDMbbVo1cvBVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ3N2ZlMDM1ZDU4MjY4ODE5ZTY1NzFhYmRlNDI0OGQyZWI2ZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtIduWG+LmGXm1kC8bhW2pQtmbWy
FCOpryUboebo17v2GtTG7ITkqRaqqgT1DX7yrJsuNFoNDlu89daMNPVDI/NipO/z
4cDs8nQ1f7Lc2TRtt/Pp5uJH/MA/9jH5/GIgepS10V87Cb2HdnGr+u8hiBlVqnZo
jcZBsUSM3Jy8c9Wqe+4nC6xR96FcO+Ldw/EHDk9wcuGulgSEieir5hCKLEvOeWwS
mfcjyHbNuzhmJdav/rhyWQPqni+v696pDwjVm8K7blpPws6l9+6e01t8ki0y2pK0
II5fP8Q3KeKNNyhCrPr11ijhOVTxoaY2CQvf1zGQAiYvYtSBhuz4nHEJSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDXf+A11YJogZ5lcaveQkjS62+tMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRU5kXzREWFZnbWlCbm1WeHE5NUNTTkxyYjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYloMA0G
CSqGSIb3DQEBCwUAA4IBAQAs7Rl994rZ2CBR1Z4graNkXsNDCK5vYjuJ7kdFsSiH
UaJYrcL7pMREwRVTy51TDjeZ7A6QKfETJlHv8TDNikCR97ApVyz2KEDUisKJf8FI
bJpbV/Cewl7SH9vmDqx8drGaYVtGgiu236Rat44Y3dPaCNAqPSyfP8shlm41MAjv
uPTVMuHfNtTML/bA/+V/1BhjzzEj65Z++SQT6jPoHFdbJJOL5IPBGn8Dmb4dhh4Z
s5ZVOG8bexH0tfIOBSVDta97WmMw5b0nREid52nu8Ix6KBtJKlnc+ZkVsQ1yHFWo
cllO5C4HuP+P6yNMIHXOwLzT6adL3qGRogKqepLh75ao
-----END CERTIFICATE-----