Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/vmvaX91LcFfwp7wbYjxG-7pBUak.roa
File:                     vmvaX91LcFfwp7wbYjxG-7pBUak.roa (raw, json)
Hash identifier:          TBks+m+MKSNxDoVAxB/TKtUB8AXWekcT7LDWTN7Qeb0=
Subject key identifier:   BE:6B:DA:5F:DD:4B:70:57:F0:A7:BC:1B:62:3C:46:FB:BA:41:51:A9
Certificate issuer:       /CN=75f1a763745c25dad28f4a8116688e82ce12028b
Certificate serial:       018CCA998C2A6FAC8A7D4DB1FD2FE1CBDA48
Authority key identifier: 75:F1:A7:63:74:5C:25:DA:D2:8F:4A:81:16:68:8E:82:CE:12:02:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/vmvaX91LcFfwp7wbYjxG-7pBUak.roa
Signing time:             Tue 02 Jan 2024 14:35:09 +0000
ROA not before:           Tue 02 Jan 2024 14:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49468
IP address blocks:        45.8.47.0/24 maxlen: 24
                          45.8.45.0/24 maxlen: 24
                          45.8.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:8c:2a:6f:ac:8a:7d:4d:b1:fd:2f:e1:cb:da:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75f1a763745c25dad28f4a8116688e82ce12028b
        Validity
            Not Before: Jan  2 14:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be6bda5fdd4b7057f0a7bc1b623c46fbba4151a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2f:02:7b:55:ad:77:04:80:f3:2c:da:1b:89:
                    f5:34:b0:97:40:ca:a5:78:dc:21:20:04:c0:62:8d:
                    a7:ce:db:cc:bb:d6:34:76:55:1b:82:f3:f7:25:cb:
                    e1:d3:fd:17:53:49:18:0c:5f:76:a0:63:55:03:0b:
                    ca:c5:92:cd:ac:bc:9b:de:5b:92:49:1d:76:7f:d1:
                    7f:fb:be:58:ed:6f:0d:8d:ef:53:b9:93:27:96:69:
                    c0:a0:4f:5f:2b:de:91:9c:9f:bd:de:b0:93:9a:7a:
                    01:8d:5d:1a:ba:3a:ff:ec:67:37:16:53:78:a7:9e:
                    ef:b8:35:93:8f:7f:7b:5e:b4:df:12:82:a6:d1:26:
                    72:00:fe:9b:7b:dc:a0:37:97:b6:bd:ea:c4:eb:5f:
                    e1:3e:28:e7:4a:41:98:e8:ac:6c:c9:d7:12:81:03:
                    ee:51:1d:a6:22:93:5d:3c:30:86:c8:8b:68:d1:7b:
                    4b:02:a8:72:77:03:af:14:34:92:df:3c:75:27:89:
                    74:74:84:51:db:0d:e0:a5:a3:fe:b1:20:01:f7:3a:
                    60:04:3e:89:22:65:10:71:f3:78:64:5e:4a:97:f4:
                    c8:e4:f6:61:74:49:12:01:4e:88:32:c6:a3:c2:4e:
                    60:8c:4d:a1:ee:39:85:b8:80:7b:7c:fb:8c:03:c8:
                    0e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6B:DA:5F:DD:4B:70:57:F0:A7:BC:1B:62:3C:46:FB:BA:41:51:A9
            X509v3 Authority Key Identifier:
                keyid:75:F1:A7:63:74:5C:25:DA:D2:8F:4A:81:16:68:8E:82:CE:12:02:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/vmvaX91LcFfwp7wbYjxG-7pBUak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.45.0-45.8.47.255

    Signature Algorithm: sha256WithRSAEncryption
         a4:4f:60:38:2c:1b:72:da:65:b6:8e:55:bc:4f:35:1b:dd:0a:
         a2:90:0e:e0:ee:54:a7:88:ce:55:ae:0f:3f:ad:ee:bc:b5:44:
         91:ea:b0:cf:f5:66:c8:ee:79:1f:2d:1e:6b:ec:fd:bc:f9:2c:
         3a:2c:26:16:8e:12:e7:d7:eb:0e:41:f8:01:be:62:ba:11:32:
         23:58:39:db:47:e5:11:ee:c8:24:16:55:49:d3:32:e0:1a:cf:
         99:51:89:e2:6e:3d:67:72:7c:8a:d0:03:0a:9d:af:3f:1d:45:
         37:da:0a:b7:91:fb:89:d9:61:0e:1b:48:01:74:ce:8d:e5:74:
         df:bd:74:af:5f:88:a5:04:68:e7:af:9a:f7:53:11:7c:1b:c6:
         d6:b1:d1:74:b5:f7:bc:ef:30:45:70:90:de:83:16:20:d6:a5:
         72:47:35:5d:b2:21:6a:01:18:17:f9:ad:25:cf:0d:23:fb:03:
         8e:7a:f8:cd:b9:8b:82:18:e3:2e:64:ba:1f:2e:21:eb:46:e4:
         e3:76:5b:82:83:97:33:95:0c:42:44:61:09:8a:ca:f8:99:5c:
         32:88:8b:f0:32:d9:2b:95:c4:4d:19:1d:8e:59:ed:92:26:e8:
         bf:c3:23:d2:6b:f2:86:00:af:d4:ff:e0:ce:a5:d0:5c:c6:06:
         e1:f9:a1:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKmYwqb6yKfU2x/S/hy9pIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZjFhNzYzNzQ1YzI1ZGFkMjhmNGE4MTE2Njg4ZTgyY2Ux
MjAyOGIwHhcNMjQwMTAyMTQzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTZiZGE1ZmRkNGI3MDU3ZjBhN2JjMWI2MjNjNDZmYmJhNDE1MWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy8Ce1WtdwSA8yzaG4n1NLCXQMql
eNwhIATAYo2nztvMu9Y0dlUbgvP3Jcvh0/0XU0kYDF92oGNVAwvKxZLNrLyb3luS
SR12f9F/+75Y7W8Nje9TuZMnlmnAoE9fK96RnJ+93rCTmnoBjV0aujr/7Gc3FlN4
p57vuDWTj397XrTfEoKm0SZyAP6be9ygN5e2verE61/hPijnSkGY6KxsydcSgQPu
UR2mIpNdPDCGyIto0XtLAqhydwOvFDSS3zx1J4l0dIRR2w3gpaP+sSAB9zpgBD6J
ImUQcfN4ZF5Kl/TI5PZhdEkSAU6IMsajwk5gjE2h7jmFuIB7fPuMA8gObQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFL5r2l/dS3BX8Ke8G2I8Rvu6QVGpMB8GA1UdIwQY
MBaAFHXxp2N0XCXa0o9KgRZojoLOEgKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGZHblkzUmNKZHJTajBxQkZtaU9nczRTQW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85ODBlNjYtMzYzMS00ZmRlLThlMmQt
Yzg0OWJjMGYzNTliLzEvdm12YVg5MUxjRmZ3cDd3YllqeEctN3BCVWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85ODBlNjYtMzYzMS00ZmRlLThlMmQtYzg0OWJjMGYzNTli
LzEvZGZHblkzUmNKZHJTajBxQkZtaU9nczRTQW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtCC0D
BAQtCCAwDQYJKoZIhvcNAQELBQADggEBAKRPYDgsG3LaZbaOVbxPNRvdCqKQDuDu
VKeIzlWuDz+t7ry1RJHqsM/1ZsjueR8tHmvs/bz5LDosJhaOEufX6w5B+AG+YroR
MiNYOdtH5RHuyCQWVUnTMuAaz5lRieJuPWdyfIrQAwqdrz8dRTfaCreR+4nZYQ4b
SAF0zo3ldN+9dK9fiKUEaOevmvdTEXwbxtax0XS197zvMEVwkN6DFiDWpXJHNV2y
IWoBGBf5rSXPDSP7A456+M25i4IY4y5kuh8uIetG5ON2W4KDlzOVDEJEYQmKyviZ
XDKIi/Ay2SuVxE0ZHY5Z7ZIm6L/DI9Jr8oYAr9T/4M6l0FzGBuH5oaI=
-----END CERTIFICATE-----