Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/afCbj2rySPuSjssy4naj2XNHOqg.roa
File:                     afCbj2rySPuSjssy4naj2XNHOqg.roa (raw, json)
Hash identifier:          xZY085UYu5dKZgECbVPxuaQDqquHDASH26f0Q/1eOvQ=
Subject key identifier:   69:F0:9B:8F:6A:F2:48:FB:92:8E:CB:32:E2:76:A3:D9:73:47:3A:A8
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9927C5CB9EFA493BC38A6105990C
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/afCbj2rySPuSjssy4naj2XNHOqg.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49444
IP address blocks:        45.86.44.0/24 maxlen: 24
                          45.86.46.0/24 maxlen: 24
                          45.86.47.0/24 maxlen: 24
                          45.86.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:99:27:c5:cb:9e:fa:49:3b:c3:8a:61:05:99:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69f09b8f6af248fb928ecb32e276a3d973473aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:19:58:ea:c7:27:a1:b6:02:ba:60:81:f1:a9:
                    86:62:9b:d7:3a:9b:51:91:fe:15:62:7a:bb:41:1d:
                    8a:9d:61:c7:10:41:5a:c9:c6:bb:84:d0:d5:c6:2c:
                    88:ba:57:1b:84:b8:be:f1:f2:73:46:b9:11:ea:bd:
                    b0:7c:3e:38:3c:dc:b4:73:f4:ab:b5:0d:c7:cd:41:
                    52:2f:18:6f:04:99:03:50:72:24:41:b2:64:8d:51:
                    ef:b0:6a:33:3e:8b:5c:2b:79:55:40:c8:8f:ee:be:
                    14:80:6b:03:31:81:65:45:f4:97:74:2e:2e:21:0e:
                    e6:72:cd:ff:ef:e6:9f:4a:87:9d:d2:b4:5b:ac:c8:
                    9e:13:01:bc:68:e3:72:0b:b5:a4:44:b1:6f:2a:eb:
                    36:8a:70:94:8b:72:50:73:c5:ad:94:7f:6c:81:5f:
                    1d:f1:f4:64:68:8e:5c:a1:a2:1b:2f:dd:a3:d7:a0:
                    33:c4:79:d9:a3:4f:ff:af:b8:88:89:54:ed:2d:86:
                    6f:4f:e7:a9:d6:a4:0c:aa:56:55:d7:4e:4f:5e:9f:
                    f5:a8:4f:2b:df:03:33:bc:8e:0f:08:a0:a8:77:07:
                    86:c9:1d:ab:55:ef:71:55:ec:1d:25:01:f6:6a:fc:
                    f9:07:f0:41:72:50:a2:8b:a1:46:15:3c:db:32:e0:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F0:9B:8F:6A:F2:48:FB:92:8E:CB:32:E2:76:A3:D9:73:47:3A:A8
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/afCbj2rySPuSjssy4naj2XNHOqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:7b:d8:2a:f7:d2:fb:45:f6:f4:3b:4b:39:b5:89:eb:80:af:
         42:72:8d:86:b4:5c:ed:9b:44:93:c9:12:e8:36:f2:0c:4b:9b:
         bd:cf:16:31:f2:31:c8:19:a7:51:c5:c8:d7:1a:23:9e:d1:26:
         e5:f4:7a:51:22:93:c5:c5:84:35:01:e7:7b:b5:f5:a7:a0:d9:
         8f:07:f4:f5:4e:11:fe:39:fd:d3:a5:c5:82:eb:87:09:95:b7:
         3a:6d:27:2d:be:7a:53:7b:ee:ed:1e:45:c7:54:06:94:3b:3e:
         ee:7f:1d:72:b7:a7:23:1d:18:a2:14:18:87:85:6a:d8:de:aa:
         b1:83:1d:9f:64:b8:c5:bf:15:a0:8d:cb:5e:81:c7:9f:fb:03:
         34:3c:93:75:e4:a5:c3:47:7b:01:58:04:03:87:c1:7d:66:69:
         42:52:c0:bd:fa:b9:1c:9f:e9:11:31:46:a6:31:c0:e1:20:34:
         72:d8:ef:b5:94:35:c7:64:9b:1b:cc:6e:ae:85:50:1b:d8:fe:
         ba:86:37:2b:98:80:be:be:8f:95:e3:e4:41:f5:61:83:08:3d:
         89:fb:01:19:87:32:a1:26:c8:60:fe:86:73:54:fb:58:af:dd:
         b7:01:8f:58:01:ed:d6:d4:f6:37:87:b2:9b:e5:67:e0:4a:29:
         00:ec:c6:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35knxcue+kk7w4phBZkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWYwOWI4ZjZhZjI0OGZiOTI4ZWNiMzJlMjc2YTNkOTczNDczYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhlY6scnobYCumCB8amGYpvXOptR
kf4VYnq7QR2KnWHHEEFayca7hNDVxiyIulcbhLi+8fJzRrkR6r2wfD44PNy0c/Sr
tQ3HzUFSLxhvBJkDUHIkQbJkjVHvsGozPotcK3lVQMiP7r4UgGsDMYFlRfSXdC4u
IQ7mcs3/7+afSoed0rRbrMieEwG8aONyC7WkRLFvKus2inCUi3JQc8WtlH9sgV8d
8fRkaI5coaIbL92j16AzxHnZo0//r7iIiVTtLYZvT+ep1qQMqlZV105PXp/1qE8r
3wMzvI4PCKCodweGyR2rVe9xVewdJQH2avz5B/BBclCii6FGFTzbMuBFOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnwm49q8kj7ko7LMuJ2o9lzRzqoMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvYWZDYmoycnlTUHVTanNzeTRuYWoyWE5IT3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVYsMA0G
CSqGSIb3DQEBCwUAA4IBAQCne9gq99L7Rfb0O0s5tYnrgK9Cco2GtFztm0STyRLo
NvIMS5u9zxYx8jHIGadRxcjXGiOe0Sbl9HpRIpPFxYQ1Aed7tfWnoNmPB/T1ThH+
Of3TpcWC64cJlbc6bSctvnpTe+7tHkXHVAaUOz7ufx1yt6cjHRiiFBiHhWrY3qqx
gx2fZLjFvxWgjctegcef+wM0PJN15KXDR3sBWAQDh8F9ZmlCUsC9+rkcn+kRMUam
McDhIDRy2O+1lDXHZJsbzG6uhVAb2P66hjcrmIC+vo+V4+RB9WGDCD2J+wEZhzKh
Jshg/oZzVPtYr923AY9YAe3W1PY3h7Kb5WfgSikA7MYV
-----END CERTIFICATE-----