Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/uNfcWC81Lhx_Nfc37lcIkUkayXw.roa
File:                     uNfcWC81Lhx_Nfc37lcIkUkayXw.roa (raw, json)
Hash identifier:          Nq0dYPJOxfezkQAxsTAWDj0j//AAYJEljmAL0mQyzOo=
Subject key identifier:   B8:D7:DC:58:2F:35:2E:1C:7F:35:F7:37:EE:57:08:91:49:1A:C9:7C
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       018CCA99BA75CBE8C4F0D02E9C8E00AA7516
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/uNfcWC81Lhx_Nfc37lcIkUkayXw.roa
Signing time:             Tue 02 Jan 2024 14:35:21 +0000
ROA not before:           Tue 02 Jan 2024 14:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.138.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ba:75:cb:e8:c4:f0:d0:2e:9c:8e:00:aa:75:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Jan  2 14:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8d7dc582f352e1c7f35f737ee570891491ac97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b4:50:47:ae:a5:90:fe:35:36:d0:f9:d8:9a:
                    96:97:d4:f4:9b:80:55:65:82:45:ed:31:71:9f:d5:
                    e1:3e:22:8e:61:00:4b:af:2d:19:96:fd:3a:a9:7a:
                    e3:d2:b2:b7:33:c1:3c:81:02:e1:24:3e:da:df:b7:
                    80:10:65:8f:60:b9:12:62:36:8e:6a:c1:2e:d6:67:
                    b5:17:20:75:2a:3a:e3:d1:a8:40:a5:54:60:4f:ad:
                    a7:79:5f:f0:ef:91:00:e8:4a:01:81:a8:ae:70:a3:
                    d6:aa:3a:33:97:49:68:71:9a:90:88:39:3a:0c:19:
                    fb:84:d3:b6:ce:f4:47:fd:0b:5b:b3:1e:51:e4:ae:
                    b6:e1:09:51:8d:7d:fa:37:78:bc:2f:82:cb:e8:e8:
                    1d:6f:7f:0c:46:df:09:fd:76:b2:b0:9e:44:c0:81:
                    7d:2a:79:b4:20:1d:ef:5e:ab:2e:08:4a:c4:39:88:
                    ee:90:dc:29:b3:a9:d5:34:20:f5:1a:5d:0f:49:f0:
                    2e:0d:28:c0:7b:8e:86:ee:ae:cc:4c:97:fc:4a:ce:
                    f1:aa:4d:cf:bc:fa:d4:22:e4:9e:79:a9:d7:82:c0:
                    e9:63:c4:3a:1b:1e:31:6c:e5:72:62:94:de:1a:44:
                    1b:d9:c3:d8:a4:72:12:11:68:4d:94:7a:ae:af:75:
                    77:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D7:DC:58:2F:35:2E:1C:7F:35:F7:37:EE:57:08:91:49:1A:C9:7C
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/uNfcWC81Lhx_Nfc37lcIkUkayXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:a4:d3:57:ca:1b:88:8b:56:f4:6a:3e:c9:24:73:3d:ff:d4:
         a9:a4:bc:f9:d9:e4:b5:f1:2b:24:c3:59:e1:46:8a:a9:ff:cb:
         c5:af:67:19:9f:74:3b:f9:0a:c2:1b:09:bd:a7:a7:43:00:bd:
         7d:5c:eb:49:93:51:24:7c:d0:53:c1:bb:28:31:06:b7:26:20:
         a9:5f:e2:03:f8:9a:d8:ca:0c:bd:39:32:78:13:08:1c:4b:f9:
         a0:77:2b:91:2d:fd:e4:12:51:a7:7b:ea:a5:6e:9f:66:ee:d7:
         88:a7:02:99:21:d6:ed:13:9e:89:41:13:b2:3c:c0:8b:1b:c6:
         99:f6:50:d5:ca:7f:25:e0:cc:c2:47:e3:c1:a6:4a:b5:65:09:
         bd:2b:8c:3a:53:c8:67:be:19:de:fa:ac:12:82:d4:7a:a4:0b:
         03:03:46:1c:8e:83:ff:1a:80:0e:fa:2b:64:96:ed:fe:45:30:
         d4:60:4b:ff:46:f0:4a:3d:80:53:4c:89:17:ad:4a:96:3d:4a:
         df:cc:a9:a3:7e:bd:99:84:11:aa:8e:f6:e1:65:ec:1a:9a:fa:
         d3:c4:80:8d:0c:1c:37:3c:56:ef:4e:ab:28:0f:86:f2:03:80:
         51:17:8a:1d:7c:4c:5f:48:34:ff:b4:ba:51:11:c5:69:fe:88:
         4e:bd:c2:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmbp1y+jE8NAunI4AqnUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjQwMTAyMTQzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGQ3ZGM1ODJmMzUyZTFjN2YzNWY3MzdlZTU3MDg5MTQ5MWFjOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrRQR66lkP41NtD52JqWl9T0m4BV
ZYJF7TFxn9XhPiKOYQBLry0Zlv06qXrj0rK3M8E8gQLhJD7a37eAEGWPYLkSYjaO
asEu1me1FyB1Kjrj0ahApVRgT62neV/w75EA6EoBgaiucKPWqjozl0locZqQiDk6
DBn7hNO2zvRH/Qtbsx5R5K624QlRjX36N3i8L4LL6Ogdb38MRt8J/XaysJ5EwIF9
Knm0IB3vXqsuCErEOYjukNwps6nVNCD1Gl0PSfAuDSjAe46G7q7MTJf8Ss7xqk3P
vPrUIuSeeanXgsDpY8Q6Gx4xbOVyYpTeGkQb2cPYpHISEWhNlHqur3V3JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjX3FgvNS4cfzX3N+5XCJFJGsl8MB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvdU5mY1dDODFMaHhfTmZjMzdsY0lrVWtheVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYoMMA0G
CSqGSIb3DQEBCwUAA4IBAQBrpNNXyhuIi1b0aj7JJHM9/9SppLz52eS18Sskw1nh
Roqp/8vFr2cZn3Q7+QrCGwm9p6dDAL19XOtJk1EkfNBTwbsoMQa3JiCpX+ID+JrY
ygy9OTJ4EwgcS/mgdyuRLf3kElGne+qlbp9m7teIpwKZIdbtE56JQROyPMCLG8aZ
9lDVyn8l4MzCR+PBpkq1ZQm9K4w6U8hnvhne+qwSgtR6pAsDA0YcjoP/GoAO+itk
lu3+RTDUYEv/RvBKPYBTTIkXrUqWPUrfzKmjfr2ZhBGqjvbhZewamvrTxICNDBw3
PFbvTqsoD4byA4BRF4odfExfSDT/tLpREcVp/ohOvcJO
-----END CERTIFICATE-----