Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/n4Da257M3m_y7x5EGe1B3NKQGtY.roa
File:                     n4Da257M3m_y7x5EGe1B3NKQGtY.roa (raw, json)
Hash identifier:          wn4kDeELa/prKwXWTH1AK8OT5MrrfagnPogZC/YvxTw=
Subject key identifier:   9F:80:DA:DB:9E:CC:DE:6F:F2:EF:1E:44:19:ED:41:DC:D2:90:1A:D6
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019233783612DFC0B53A1963622ECF832022
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/n4Da257M3m_y7x5EGe1B3NKQGtY.roa
Signing time:             Fri 27 Sep 2024 12:32:49 +0000
ROA not before:           Fri 27 Sep 2024 12:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48525
IP address blocks:        45.92.173.0/24 maxlen: 24
                          194.147.110.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:78:36:12:df:c0:b5:3a:19:63:62:2e:cf:83:20:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Sep 27 12:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f80dadb9eccde6ff2ef1e4419ed41dcd2901ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:27:06:6c:29:dc:a5:04:89:ee:93:71:11:c5:
                    47:ff:d3:bc:f2:d1:66:2e:81:c1:b0:ee:9b:41:fc:
                    bc:85:2a:e4:d5:23:81:a8:47:88:b5:cd:5a:61:2f:
                    04:45:81:cb:7f:6f:a3:ce:b3:a7:76:70:c1:59:d9:
                    13:86:d5:60:98:e2:28:ec:2d:6a:a2:fa:59:36:9c:
                    d6:30:c3:66:fc:08:d3:4d:c2:06:ab:d6:12:d8:6f:
                    e0:f9:40:5e:5c:e8:33:60:6a:2e:38:2f:98:79:d6:
                    17:d4:ec:cd:28:3e:b3:bf:34:c2:96:53:88:21:29:
                    a3:7a:49:db:c6:a6:51:f0:77:ec:10:31:7d:39:48:
                    66:17:8a:9f:8b:8e:0f:7b:fd:f5:c7:d5:9c:4d:75:
                    1f:d3:e6:1b:e9:00:9b:22:b3:48:84:4a:6e:fe:49:
                    2a:3e:76:a8:04:20:be:ef:66:78:1b:75:fe:a6:95:
                    54:13:63:1d:25:af:f5:48:f1:4f:1e:e7:56:1b:f0:
                    a8:72:83:65:29:92:11:0e:9c:cb:ca:f6:bb:49:ab:
                    ca:5c:6f:a1:83:3b:e1:7a:99:9c:aa:b3:15:07:a3:
                    c7:aa:8f:23:5d:73:a5:71:56:d0:5d:ab:02:55:d2:
                    ad:b9:53:68:2a:06:53:04:53:5b:0d:26:92:e9:0f:
                    ab:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:80:DA:DB:9E:CC:DE:6F:F2:EF:1E:44:19:ED:41:DC:D2:90:1A:D6
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/n4Da257M3m_y7x5EGe1B3NKQGtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.173.0/24
                  194.147.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:ad:df:1f:ba:0b:ee:34:50:54:51:ed:31:aa:dd:7d:21:3e:
         c4:3a:19:aa:ec:bb:88:af:99:83:dc:63:df:74:fa:b0:3f:50:
         2a:c0:20:46:db:e7:02:dc:12:ec:3b:9d:0b:a4:55:31:14:f1:
         15:e3:19:c6:d2:c1:dd:ce:eb:90:97:12:70:4a:98:99:14:de:
         de:ea:86:84:00:6b:f5:b1:94:7e:4e:fa:c0:2d:86:ef:f8:9d:
         2d:d7:a6:a4:4c:ee:ed:77:03:15:f7:a7:74:65:c1:9a:f1:92:
         0b:5d:b2:28:30:08:51:54:c6:be:d5:25:33:cb:8f:98:85:9b:
         54:ed:ba:cf:68:95:8a:d4:16:28:38:74:dd:dc:e8:c7:75:87:
         a0:21:0b:55:38:ac:2f:f9:1d:e6:9b:9d:6d:4b:30:56:77:4b:
         74:03:d6:ce:d9:f7:fe:3f:72:5b:d0:d1:f8:95:ce:bb:de:bb:
         75:b9:e5:0a:3c:09:34:e7:54:36:92:e8:35:3d:22:29:2e:17:
         fa:ae:ad:47:4b:81:31:fa:8f:bb:6e:3a:c8:f6:90:1e:4d:b4:
         76:50:08:4a:d3:2d:de:c8:d5:d9:85:69:4a:d6:10:92:d8:b4:
         f3:15:9c:a7:be:73:1b:f5:0b:7f:5b:32:0e:1d:05:d3:18:e8:
         ca:e7:fe:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIzeDYS38C1OhljYi7PgyAiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwOTI3MTIzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjgwZGFkYjllY2NkZTZmZjJlZjFlNDQxOWVkNDFkY2QyOTAxYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwicGbCncpQSJ7pNxEcVH/9O88tFm
LoHBsO6bQfy8hSrk1SOBqEeItc1aYS8ERYHLf2+jzrOndnDBWdkThtVgmOIo7C1q
ovpZNpzWMMNm/AjTTcIGq9YS2G/g+UBeXOgzYGouOC+YedYX1OzNKD6zvzTCllOI
ISmjeknbxqZR8HfsEDF9OUhmF4qfi44Pe/31x9WcTXUf0+Yb6QCbIrNIhEpu/kkq
PnaoBCC+72Z4G3X+ppVUE2MdJa/1SPFPHudWG/CocoNlKZIRDpzLyva7SavKXG+h
gzvhepmcqrMVB6PHqo8jXXOlcVbQXasCVdKtuVNoKgZTBFNbDSaS6Q+rpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ+A2tuezN5v8u8eRBntQdzSkBrWMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvbjREYTI1N00zbV95N3g1RUdlMUIzTktRR3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVytAwQB
wpNuMA0GCSqGSIb3DQEBCwUAA4IBAQBard8fugvuNFBUUe0xqt19IT7EOhmq7LuI
r5mD3GPfdPqwP1AqwCBG2+cC3BLsO50LpFUxFPEV4xnG0sHdzuuQlxJwSpiZFN7e
6oaEAGv1sZR+TvrALYbv+J0t16akTO7tdwMV96d0ZcGa8ZILXbIoMAhRVMa+1SUz
y4+YhZtU7brPaJWK1BYoOHTd3OjHdYegIQtVOKwv+R3mm51tSzBWd0t0A9bO2ff+
P3Jb0NH4lc673rt1ueUKPAk051Q2kug1PSIpLhf6rq1HS4Ex+o+7bjrI9pAeTbR2
UAhK0y3eyNXZhWlK1hCS2LTzFZynvnMb9Qt/WzIOHQXTGOjK5/7y
-----END CERTIFICATE-----