Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/m4ZKUnTluRou6xjTSFi9XnuVVYI.roa
File:                     m4ZKUnTluRou6xjTSFi9XnuVVYI.roa (raw, json)
Hash identifier:          c1l0cMimgL22QyP/NMkHhJy4L8ErNaYVOdwFzPm7YJc=
Subject key identifier:   9B:86:4A:52:74:E5:B9:1A:2E:EB:18:D3:48:58:BD:5E:7B:95:55:82
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       01904A441623DFAB3A7390E9E2AB7065DF91
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/m4ZKUnTluRou6xjTSFi9XnuVVYI.roa
Signing time:             Mon 24 Jun 2024 12:41:34 +0000
ROA not before:           Mon 24 Jun 2024 12:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        45.12.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:44:16:23:df:ab:3a:73:90:e9:e2:ab:70:65:df:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jun 24 12:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b864a5274e5b91a2eeb18d34858bd5e7b955582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8f:10:cd:c2:5b:00:12:c0:db:8b:2c:53:93:
                    ed:ea:6f:14:73:dc:2d:02:f0:9d:ee:b4:31:6a:f0:
                    8c:d3:ba:a3:a7:dd:7b:bb:9c:b0:48:83:36:2b:62:
                    5c:85:99:2f:a4:85:66:10:d5:18:00:69:fe:ce:00:
                    72:93:3d:df:80:57:5f:15:b8:ee:08:69:24:5b:0b:
                    25:94:36:bf:47:a5:f0:5b:a4:3e:8e:18:60:e1:07:
                    04:39:76:2a:a1:83:30:ba:fd:dd:0c:32:e9:bb:39:
                    0a:69:2a:5b:5b:45:c7:52:fe:05:6f:19:1e:ae:f7:
                    16:4d:44:51:82:d5:a8:29:1d:3c:44:16:10:72:85:
                    dc:82:8c:b7:9b:93:ab:a8:26:03:70:29:c8:f4:8b:
                    1d:0a:5e:5b:ba:2f:e6:06:a3:23:65:cc:0d:d5:23:
                    d0:a5:aa:a7:2c:dd:86:f5:0f:ac:25:fa:0b:f1:71:
                    f0:44:b4:73:d9:b9:16:62:44:63:ce:a6:df:ae:99:
                    c0:ee:d7:b0:b7:0c:19:3a:5c:1a:a2:92:99:5a:47:
                    7b:8c:d9:b0:21:f8:2a:7e:f3:a4:69:87:58:72:81:
                    6a:dd:46:d5:86:6d:e6:fc:60:64:d4:d0:b0:76:29:
                    c3:df:72:25:5d:a4:35:78:e4:13:af:21:d2:30:2c:
                    5c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:86:4A:52:74:E5:B9:1A:2E:EB:18:D3:48:58:BD:5E:7B:95:55:82
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/m4ZKUnTluRou6xjTSFi9XnuVVYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:48:5a:36:eb:8f:8a:d7:17:63:7c:84:44:fc:4f:e8:3e:0f:
         77:fc:58:13:c2:44:dd:1b:14:5a:f0:e7:3d:a8:1a:7d:b6:ce:
         80:89:1b:98:78:f3:db:66:00:1a:e6:43:de:02:26:83:4e:9f:
         2f:68:77:cf:b0:2f:72:10:20:7c:82:0e:1d:38:34:d7:be:7b:
         67:ca:d7:21:4d:3b:74:96:7f:44:cb:85:03:7e:f9:86:6b:63:
         50:c4:54:36:ec:be:3a:35:1b:48:1a:13:8a:c5:19:71:16:4d:
         9d:3a:36:71:35:b2:4d:5c:88:10:7c:8c:03:76:a3:81:6a:94:
         9c:97:16:ac:53:ad:99:4f:dc:3e:7a:8c:ea:c5:2a:2d:54:62:
         26:3a:83:bc:7f:9b:35:48:51:36:94:28:06:34:7d:ca:b5:9a:
         6d:f5:15:f2:cb:72:60:39:ea:16:d2:0c:99:9e:78:0a:49:6e:
         75:84:d7:2b:48:a2:39:4d:9d:ff:c7:f2:1b:2c:83:88:2e:f1:
         53:72:c8:e6:92:1b:1d:53:44:23:bb:cf:5c:ed:59:0a:cb:61:
         4f:4d:fa:7a:5a:8b:a3:fc:2f:09:40:6f:4a:e9:1b:8c:fc:b4:
         9d:df:5f:cf:95:69:41:3a:b5:bd:36:1b:bc:5b:c7:ce:41:e9:
         af:3d:5c:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBKRBYj36s6c5Dp4qtwZd+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjQwNjI0MTI0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg2NGE1Mjc0ZTViOTFhMmVlYjE4ZDM0ODU4YmQ1ZTdiOTU1NTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwI8QzcJbABLA24ssU5Pt6m8Uc9wt
AvCd7rQxavCM07qjp917u5ywSIM2K2JchZkvpIVmENUYAGn+zgBykz3fgFdfFbju
CGkkWwsllDa/R6XwW6Q+jhhg4QcEOXYqoYMwuv3dDDLpuzkKaSpbW0XHUv4Fbxke
rvcWTURRgtWoKR08RBYQcoXcgoy3m5OrqCYDcCnI9IsdCl5bui/mBqMjZcwN1SPQ
paqnLN2G9Q+sJfoL8XHwRLRz2bkWYkRjzqbfrpnA7tewtwwZOlwaopKZWkd7jNmw
IfgqfvOkaYdYcoFq3UbVhm3m/GBk1NCwdinD33IlXaQ1eOQTryHSMCxciQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuGSlJ05bkaLusY00hYvV57lVWCMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvbTRaS1VuVGx1Um91NnhqVFNGaTlYbnVWVllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQwMMA0G
CSqGSIb3DQEBCwUAA4IBAQBHSFo264+K1xdjfIRE/E/oPg93/FgTwkTdGxRa8Oc9
qBp9ts6AiRuYePPbZgAa5kPeAiaDTp8vaHfPsC9yECB8gg4dODTXvntnytchTTt0
ln9Ey4UDfvmGa2NQxFQ27L46NRtIGhOKxRlxFk2dOjZxNbJNXIgQfIwDdqOBapSc
lxasU62ZT9w+eozqxSotVGImOoO8f5s1SFE2lCgGNH3KtZpt9RXyy3JgOeoW0gyZ
nngKSW51hNcrSKI5TZ3/x/IbLIOILvFTcsjmkhsdU0Qju89c7VkKy2FPTfp6Wouj
/C8JQG9K6RuM/LSd31/PlWlBOrW9Nhu8W8fOQemvPVyz
-----END CERTIFICATE-----