Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/AN45_K_SIqtG0EqwZIHtWg5JjaQ.roa
File:                     AN45_K_SIqtG0EqwZIHtWg5JjaQ.roa (raw, json)
Hash identifier:          ayLXoutjtBQfjlicDW7AfenlshtZjWx938UFcJ5iUNY=
Subject key identifier:   00:DE:39:FC:AF:D2:22:AB:46:D0:4A:B0:64:81:ED:5A:0E:49:8D:A4
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8027EA0B89CAB2C963459F836332BED
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/AN45_K_SIqtG0EqwZIHtWg5JjaQ.roa
Signing time:             Tue 02 Jan 2024 02:30:55 +0000
ROA not before:           Tue 02 Jan 2024 02:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50926
IP address blocks:        194.35.43.0/24 maxlen: 24
                          37.32.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:7e:a0:b8:9c:ab:2c:96:34:59:f8:36:33:2b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00de39fcafd222ab46d04ab06481ed5a0e498da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:40:2f:a5:4f:7f:6b:df:a6:76:0a:e0:b0:77:
                    b8:ad:45:82:be:ef:81:7c:39:2a:72:98:9c:25:a6:
                    6f:1b:b6:63:bb:35:8e:58:4f:14:78:9b:d6:10:40:
                    67:ff:d2:08:2e:c0:72:6a:1a:67:5d:ae:08:b9:e8:
                    2a:19:ec:34:1f:86:5a:14:bb:e9:3c:17:dc:52:cb:
                    f8:eb:18:a2:f6:db:36:cc:ab:cb:35:65:44:19:55:
                    09:9e:34:b0:e9:51:08:59:e5:48:aa:04:af:69:6a:
                    c5:d0:88:71:0b:90:46:21:08:f2:bc:79:e4:45:1e:
                    5a:a1:ff:36:d3:19:30:4b:67:0a:7e:c8:55:b1:82:
                    88:81:aa:20:16:2d:62:07:76:1d:17:b1:a3:68:31:
                    7c:c4:77:f8:e8:fc:b0:13:26:fe:80:bc:56:33:be:
                    6b:a0:b5:43:f3:be:07:6a:e5:2a:9b:74:68:81:6d:
                    fa:85:39:eb:f2:19:4d:58:96:aa:39:b9:35:43:e1:
                    70:0f:70:94:de:c1:e6:39:0c:46:60:0a:d0:07:62:
                    eb:06:4e:51:0f:54:84:75:27:19:44:85:00:3b:c6:
                    ec:05:7c:f0:77:36:cc:54:70:9b:07:92:23:7e:5f:
                    00:6e:92:3c:a2:89:99:90:01:ec:fa:de:37:6a:f0:
                    ce:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DE:39:FC:AF:D2:22:AB:46:D0:4A:B0:64:81:ED:5A:0E:49:8D:A4
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/AN45_K_SIqtG0EqwZIHtWg5JjaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.98.0/24
                  194.35.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:6c:44:68:86:83:b4:30:12:3f:a9:e5:20:70:a7:da:43:64:
         e5:99:72:46:b6:46:cd:9f:77:30:d6:e4:f3:db:ae:ed:7f:9c:
         54:f5:a6:e8:3f:ad:76:dd:0f:e9:04:d1:74:c7:46:b5:69:04:
         c0:e3:b3:52:7e:69:84:69:35:ef:e3:e7:64:32:49:c9:ce:fe:
         87:cd:e7:a2:9c:d4:fe:06:6e:7f:aa:3a:e2:57:03:1b:9c:38:
         ee:62:31:57:e5:63:48:f9:e5:39:d6:69:40:3c:ad:fc:22:6d:
         83:ce:1e:d5:0e:69:60:63:b9:1f:78:b1:9c:df:49:a8:60:ec:
         ce:4a:b5:46:ff:75:7d:0a:ae:49:8d:66:da:0d:d7:d6:7b:f4:
         cc:c1:63:5a:1f:bd:5c:4f:1f:0f:42:87:fb:f3:54:0b:10:04:
         ef:e2:1f:05:21:8a:78:44:b0:62:dd:51:68:9d:60:78:e1:0d:
         15:6a:3a:95:72:f1:df:f1:d8:8b:9e:e5:1c:16:d3:7d:c5:09:
         e2:ec:b8:c1:04:48:72:23:66:90:86:44:8c:d2:e9:c3:8a:0b:
         73:c5:1f:41:55:b7:70:40:e6:91:1b:67:05:c7:df:72:e1:f6:
         9e:ad:ca:72:b8:5e:8b:56:4f:ff:18:62:80:96:79:71:fd:61:
         3a:cd:3b:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAn6guJyrLJY0Wfg2MyvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGRlMzlmY2FmZDIyMmFiNDZkMDRhYjA2NDgxZWQ1YTBlNDk4ZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0AvpU9/a9+mdgrgsHe4rUWCvu+B
fDkqcpicJaZvG7ZjuzWOWE8UeJvWEEBn/9IILsByahpnXa4IuegqGew0H4ZaFLvp
PBfcUsv46xii9ts2zKvLNWVEGVUJnjSw6VEIWeVIqgSvaWrF0IhxC5BGIQjyvHnk
RR5aof820xkwS2cKfshVsYKIgaogFi1iB3YdF7GjaDF8xHf46PywEyb+gLxWM75r
oLVD874HauUqm3RogW36hTnr8hlNWJaqObk1Q+FwD3CU3sHmOQxGYArQB2LrBk5R
D1SEdScZRIUAO8bsBXzwdzbMVHCbB5Ijfl8AbpI8oomZkAHs+t43avDOzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFADeOfyv0iKrRtBKsGSB7VoOSY2kMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQU40NV9LX1NJcXRHMEVxd1pJSHRXZzVKamFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSBiAwQA
wiMrMA0GCSqGSIb3DQEBCwUAA4IBAQC6bERohoO0MBI/qeUgcKfaQ2TlmXJGtkbN
n3cw1uTz267tf5xU9aboP6123Q/pBNF0x0a1aQTA47NSfmmEaTXv4+dkMknJzv6H
zeeinNT+Bm5/qjriVwMbnDjuYjFX5WNI+eU51mlAPK38Im2Dzh7VDmlgY7kfeLGc
30moYOzOSrVG/3V9Cq5JjWbaDdfWe/TMwWNaH71cTx8PQof781QLEATv4h8FIYp4
RLBi3VFonWB44Q0VajqVcvHf8diLnuUcFtN9xQni7LjBBEhyI2aQhkSM0unDigtz
xR9BVbdwQOaRG2cFx99y4faercpyuF6LVk//GGKAlnlx/WE6zTso
-----END CERTIFICATE-----