Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/2dfdb6-7a4d-43c3-870f-c86c2fc6c61b/1/r1LYsdxptZsZ_C5O2oXtV81LXc0.roa
File:                     r1LYsdxptZsZ_C5O2oXtV81LXc0.roa (raw, json)
Hash identifier:          p4EN8CS5aLA5SUtLe+piUTou0B6iECTFNUzhSzgCY7s=
Subject key identifier:   AF:52:D8:B1:DC:69:B5:9B:19:FC:2E:4E:DA:85:ED:57:CD:4B:5D:CD
Certificate issuer:       /CN=78688182b8f253c5cf946294786b7901435fc8c3
Certificate serial:       018CC348C6293F0190217353E28D53FD7C0B
Authority key identifier: 78:68:81:82:B8:F2:53:C5:CF:94:62:94:78:6B:79:01:43:5F:C8:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eGiBgrjyU8XPlGKUeGt5AUNfyMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/2dfdb6-7a4d-43c3-870f-c86c2fc6c61b/1/r1LYsdxptZsZ_C5O2oXtV81LXc0.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199904
IP address blocks:        45.141.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/2dfdb6-7a4d-43c3-870f-c86c2fc6c61b/1/eGiBgrjyU8XPlGKUeGt5AUNfyMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/2dfdb6-7a4d-43c3-870f-c86c2fc6c61b/1/eGiBgrjyU8XPlGKUeGt5AUNfyMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eGiBgrjyU8XPlGKUeGt5AUNfyMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c6:29:3f:01:90:21:73:53:e2:8d:53:fd:7c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78688182b8f253c5cf946294786b7901435fc8c3
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af52d8b1dc69b59b19fc2e4eda85ed57cd4b5dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:91:72:95:54:4b:d7:b3:7c:75:1a:c7:43:af:
                    5d:9f:d3:94:1e:c2:87:1e:ad:67:67:a1:60:d7:21:
                    11:1a:22:6a:86:f3:01:02:7c:fd:58:94:f1:96:eb:
                    a7:c4:44:5f:82:cc:0b:27:27:9e:37:7f:41:41:68:
                    9c:a5:cd:24:90:48:96:dd:bf:c4:13:2a:4b:61:27:
                    d7:cc:91:78:ac:41:08:8d:e2:85:c2:45:97:2b:3c:
                    03:c4:f8:5f:9a:05:8f:e3:8d:ab:39:f3:2b:c5:8e:
                    63:81:11:68:26:01:0e:c5:22:77:92:5f:03:31:95:
                    f0:cb:05:a8:0f:72:f6:95:d5:fd:22:26:d8:a8:9c:
                    61:87:b9:fc:39:68:c2:fe:c3:52:ca:e8:dc:8e:51:
                    07:af:2c:0d:96:63:88:18:3e:26:fb:4a:26:52:be:
                    f9:68:49:ce:a5:e0:b3:d2:9c:e0:8d:8d:30:de:c6:
                    f4:4c:6e:5b:34:e9:47:06:cd:8c:8d:a3:bc:5a:1d:
                    19:0f:6c:ce:7f:07:e2:88:a5:46:f5:a8:0f:da:1a:
                    c0:20:d8:89:96:49:66:c7:7d:e9:15:68:0c:87:f7:
                    2b:c3:1d:6a:be:75:b5:31:81:21:29:e7:46:a7:80:
                    84:34:54:98:78:c4:8d:8c:5f:3d:32:29:3d:a7:d3:
                    b5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:52:D8:B1:DC:69:B5:9B:19:FC:2E:4E:DA:85:ED:57:CD:4B:5D:CD
            X509v3 Authority Key Identifier:
                keyid:78:68:81:82:B8:F2:53:C5:CF:94:62:94:78:6B:79:01:43:5F:C8:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eGiBgrjyU8XPlGKUeGt5AUNfyMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2dfdb6-7a4d-43c3-870f-c86c2fc6c61b/1/r1LYsdxptZsZ_C5O2oXtV81LXc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2dfdb6-7a4d-43c3-870f-c86c2fc6c61b/1/eGiBgrjyU8XPlGKUeGt5AUNfyMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:07:d9:07:4c:1a:49:29:f6:2f:5d:99:31:e0:90:1e:6d:ee:
         0f:92:3e:4c:c1:2c:30:15:c9:fe:ef:f8:ee:4f:a5:f8:80:16:
         e7:49:a5:1d:d8:cc:1d:c8:7b:f9:38:9d:3a:33:a0:20:f5:3e:
         f9:44:48:55:e4:d8:c0:42:97:2d:be:b7:bd:38:a0:42:3c:a3:
         10:30:4b:3b:1d:b1:bf:af:73:4e:8c:7a:ed:85:14:d6:24:8f:
         ca:9e:31:c8:92:20:23:b0:6d:22:0b:2e:fc:7e:58:43:8f:c1:
         99:36:37:b3:8c:44:d7:49:ac:40:c2:e6:01:13:8b:e7:46:dd:
         b1:0c:a6:f2:1b:9a:60:19:cb:ff:b5:72:b2:ea:0e:06:e0:2a:
         b2:2e:e6:ad:9d:aa:b4:56:28:26:86:47:bf:5c:d1:25:9b:1c:
         21:79:90:bd:3e:75:b9:b6:93:0c:4f:89:3a:fd:ff:a5:18:76:
         50:dd:73:4e:01:fb:6c:d1:23:39:0f:8e:5b:c7:d5:a7:75:04:
         9d:5b:b2:df:bc:05:a6:fa:0d:ad:6f:a5:ca:34:e2:74:4a:5b:
         ff:34:98:c5:46:fb:f2:d1:13:1e:e4:5b:a2:44:d4:d8:bc:5f:
         47:b3:71:57:1c:3f:6b:51:b1:aa:32:d8:b2:a1:da:a6:76:96:
         37:ff:b2:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMYpPwGQIXNT4o1T/XwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4Njg4MTgyYjhmMjUzYzVjZjk0NjI5NDc4NmI3OTAxNDM1
ZmM4YzMwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjUyZDhiMWRjNjliNTliMTlmYzJlNGVkYTg1ZWQ1N2NkNGI1ZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZFylVRL17N8dRrHQ69dn9OUHsKH
Hq1nZ6Fg1yERGiJqhvMBAnz9WJTxluunxERfgswLJyeeN39BQWicpc0kkEiW3b/E
EypLYSfXzJF4rEEIjeKFwkWXKzwDxPhfmgWP442rOfMrxY5jgRFoJgEOxSJ3kl8D
MZXwywWoD3L2ldX9IibYqJxhh7n8OWjC/sNSyujcjlEHrywNlmOIGD4m+0omUr75
aEnOpeCz0pzgjY0w3sb0TG5bNOlHBs2MjaO8Wh0ZD2zOfwfiiKVG9agP2hrAINiJ
lklmx33pFWgMh/crwx1qvnW1MYEhKedGp4CENFSYeMSNjF89Mik9p9O1LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9S2LHcabWbGfwuTtqF7VfNS13NMB8GA1UdIwQY
MBaAFHhogYK48lPFz5RilHhreQFDX8jDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUdpQmdyanlVOFhQbEdLVWVHdDVBVU5meU1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8yZGZkYjYtN2E0ZC00M2MzLTg3MGYt
Yzg2YzJmYzZjNjFiLzEvcjFMWXNkeHB0WnNaX0M1TzJvWHRWODFMWGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8yZGZkYjYtN2E0ZC00M2MzLTg3MGYtYzg2YzJmYzZjNjFi
LzEvZUdpQmdyanlVOFhQbEdLVWVHdDVBVU5meU1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY3AMA0G
CSqGSIb3DQEBCwUAA4IBAQCSB9kHTBpJKfYvXZkx4JAebe4Pkj5MwSwwFcn+7/ju
T6X4gBbnSaUd2MwdyHv5OJ06M6Ag9T75REhV5NjAQpctvre9OKBCPKMQMEs7HbG/
r3NOjHrthRTWJI/KnjHIkiAjsG0iCy78flhDj8GZNjezjETXSaxAwuYBE4vnRt2x
DKbyG5pgGcv/tXKy6g4G4CqyLuatnaq0Vigmhke/XNElmxwheZC9PnW5tpMMT4k6
/f+lGHZQ3XNOAfts0SM5D45bx9WndQSdW7LfvAWm+g2tb6XKNOJ0Slv/NJjFRvvy
0RMe5FuiRNTYvF9Hs3FXHD9rUbGqMtiyodqmdpY3/7IO
-----END CERTIFICATE-----