Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/v7rn6NeXYJb8fpP6TEX43Ltogmg.roa
File:                     v7rn6NeXYJb8fpP6TEX43Ltogmg.roa (raw, json)
Hash identifier:          SrAhcF5gxnX32kCqC1gq26m3IH9UNLdm87Z2erf50rE=
Subject key identifier:   BF:BA:E7:E8:D7:97:60:96:FC:7E:93:FA:4C:45:F8:DC:BB:68:82:68
Certificate issuer:       /CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
Certificate serial:       018CC3B6E6F6DD7135475B20A0B51B073DDB
Authority key identifier: 49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/v7rn6NeXYJb8fpP6TEX43Ltogmg.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        45.81.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e6:f6:dd:71:35:47:5b:20:a0:b5:1b:07:3d:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfbae7e8d7976096fc7e93fa4c45f8dcbb688268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cb:8d:95:d1:96:c1:7e:c4:78:4c:99:de:af:
                    e1:ca:fc:15:00:08:5d:93:04:cf:d8:c5:9e:36:fa:
                    df:f0:66:e6:ea:fa:d9:45:d6:70:86:40:a8:13:d4:
                    22:25:79:74:ca:6b:a3:3b:7e:ed:9f:97:73:64:ba:
                    b0:c0:72:18:aa:e8:71:7a:37:dc:f2:78:72:80:98:
                    49:5c:48:50:fc:60:f0:c2:00:10:9d:1b:16:da:2a:
                    1b:9d:32:4a:9b:11:da:9e:dd:d9:56:90:cd:8d:fd:
                    e4:bb:64:6f:6a:64:c5:a8:5b:5e:d6:1e:ed:88:78:
                    f3:ba:de:13:ed:39:eb:f3:0e:84:42:58:50:3c:4c:
                    54:00:0d:19:dc:14:96:81:77:cd:f3:a9:54:b3:c3:
                    26:b4:9a:8e:48:6f:8b:bf:d6:d9:a1:00:b5:02:02:
                    2c:8b:b7:a6:17:95:a4:79:4b:7b:6f:d5:99:d4:e9:
                    7d:35:98:86:46:af:b4:95:d4:88:cd:80:19:44:22:
                    24:83:d6:35:d1:9a:14:38:74:7c:19:53:0a:6e:cc:
                    8f:b6:17:7f:f5:3b:90:12:86:31:d4:79:e8:e5:31:
                    cb:8b:64:3a:08:5b:94:2f:60:40:04:85:84:62:6a:
                    5b:97:3c:fd:5f:7c:1e:0b:c7:d4:e2:be:86:97:57:
                    fc:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:BA:E7:E8:D7:97:60:96:FC:7E:93:FA:4C:45:F8:DC:BB:68:82:68
            X509v3 Authority Key Identifier:
                keyid:49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/v7rn6NeXYJb8fpP6TEX43Ltogmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:df:14:18:7e:41:3c:00:2d:51:d3:d6:49:c9:b1:0b:b8:97:
         fa:e8:1a:c9:b3:c3:5e:19:af:a5:3a:30:0e:1a:b5:5e:47:8d:
         ef:5f:62:98:e8:3e:66:eb:b1:2d:4f:8b:93:02:31:61:d0:b5:
         6c:51:ee:4a:5b:13:c7:b4:be:74:c7:58:79:c7:8a:3e:97:40:
         2e:62:88:93:eb:a1:d3:db:2d:e2:7c:79:0f:42:c7:04:7f:f9:
         a1:6d:13:6f:a1:e4:bc:fa:1f:61:92:9c:70:0c:5f:08:31:e1:
         4c:58:9d:57:21:3c:ce:25:98:d4:34:b1:21:ad:46:21:07:64:
         9f:ec:fd:cd:51:4f:fd:bd:64:95:89:b0:e7:69:75:8e:4e:69:
         8b:ec:7d:bf:e3:83:29:29:5d:56:e0:8c:9a:ee:0b:1c:00:ce:
         dd:d2:98:aa:60:b0:07:91:1a:14:b9:c3:f2:e3:15:8f:47:95:
         78:d5:7f:b6:3f:59:b0:ca:36:69:cd:5e:32:ff:c8:8d:cd:4e:
         d1:98:c2:eb:c8:21:4a:65:93:46:09:b5:ae:cd:7e:8c:92:e7:
         5d:66:97:e1:48:42:ff:09:35:2a:77:7e:21:fb:40:5f:e4:09:
         52:91:c3:dc:f3:9b:6b:96:96:b5:2a:9d:d3:eb:3a:d8:66:3b:
         7d:17:35:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtub23XE1R1sgoLUbBz3bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NzIyYTBjYThiYmM5NGQ0OGE1Y2I0OGNjYzkyZWZlZjg0
NWE3ZTMwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmJhZTdlOGQ3OTc2MDk2ZmM3ZTkzZmE0YzQ1ZjhkY2JiNjg4MjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8uNldGWwX7EeEyZ3q/hyvwVAAhd
kwTP2MWeNvrf8Gbm6vrZRdZwhkCoE9QiJXl0ymujO37tn5dzZLqwwHIYquhxejfc
8nhygJhJXEhQ/GDwwgAQnRsW2iobnTJKmxHant3ZVpDNjf3ku2RvamTFqFte1h7t
iHjzut4T7Tnr8w6EQlhQPExUAA0Z3BSWgXfN86lUs8MmtJqOSG+Lv9bZoQC1AgIs
i7emF5WkeUt7b9WZ1Ol9NZiGRq+0ldSIzYAZRCIkg9Y10ZoUOHR8GVMKbsyPthd/
9TuQEoYx1Hno5THLi2Q6CFuUL2BABIWEYmpblzz9X3weC8fU4r6Gl1f8NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+65+jXl2CW/H6T+kxF+Ny7aIJoMB8GA1UdIwQY
MBaAFElyKgyou8lNSKXLSMzJLv74RafjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjIt
ZTE4ZmE2NTgwNTVhLzEvdjdybjZOZVhZSmI4ZnBQNlRFWDQzTHRvZ21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjItZTE4ZmE2NTgwNTVh
LzEvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVHoMA0G
CSqGSIb3DQEBCwUAA4IBAQBN3xQYfkE8AC1R09ZJybELuJf66BrJs8NeGa+lOjAO
GrVeR43vX2KY6D5m67EtT4uTAjFh0LVsUe5KWxPHtL50x1h5x4o+l0AuYoiT66HT
2y3ifHkPQscEf/mhbRNvoeS8+h9hkpxwDF8IMeFMWJ1XITzOJZjUNLEhrUYhB2Sf
7P3NUU/9vWSVibDnaXWOTmmL7H2/44MpKV1W4Iya7gscAM7d0piqYLAHkRoUucPy
4xWPR5V41X+2P1mwyjZpzV4y/8iNzU7RmMLryCFKZZNGCbWuzX6MkuddZpfhSEL/
CTUqd34h+0Bf5AlSkcPc85trlpa1Kp3T6zrYZjt9FzVi
-----END CERTIFICATE-----