Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/tAgFVLKq14RliA3yqAak1zt_wm8.roa
File:                     tAgFVLKq14RliA3yqAak1zt_wm8.roa (raw, json)
Hash identifier:          B2OZKeAk7G52S3ywNHjYWSL7Me+KwW1XFvcfpZW2ErY=
Subject key identifier:   B4:08:05:54:B2:AA:D7:84:65:88:0D:F2:A8:06:A4:D7:3B:7F:C2:6F
Certificate issuer:       /CN=12c45bd38d4bdc68e3d79de0244df06d2ecb6609
Certificate serial:       018CC86F001A74E7EFA52A126E1906A7F11B
Authority key identifier: 12:C4:5B:D3:8D:4B:DC:68:E3:D7:9D:E0:24:4D:F0:6D:2E:CB:66:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsRb041L3Gjj153gJE3wbS7LZgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/tAgFVLKq14RliA3yqAak1zt_wm8.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39591
IP address blocks:        45.84.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/EsRb041L3Gjj153gJE3wbS7LZgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/EsRb041L3Gjj153gJE3wbS7LZgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsRb041L3Gjj153gJE3wbS7LZgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:00:1a:74:e7:ef:a5:2a:12:6e:19:06:a7:f1:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c45bd38d4bdc68e3d79de0244df06d2ecb6609
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4080554b2aad78465880df2a806a4d73b7fc26f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6a:46:20:e9:a2:cc:10:35:be:1a:11:3f:f2:
                    2a:41:28:75:d0:97:c9:9d:5b:6f:20:e8:5f:17:3f:
                    45:17:95:37:3f:b2:59:35:4d:03:b5:5c:0b:43:de:
                    45:30:2b:fa:09:83:0d:8f:f7:21:3f:76:3d:23:fc:
                    f8:4f:75:56:46:7c:73:fc:65:d4:05:66:a3:1f:3e:
                    41:e2:24:6f:b1:49:2b:ae:fb:28:9b:c8:10:58:3c:
                    55:3c:8e:89:75:cc:34:2f:f3:66:5b:d3:ef:20:58:
                    48:e4:e5:a0:b2:c2:a6:a4:ec:e0:6f:b4:70:fb:dc:
                    cf:4c:c0:9c:0e:42:7a:db:1c:c0:ab:ba:bb:f2:ff:
                    8b:06:b2:89:e4:97:3c:e0:90:bc:d1:8e:73:c2:46:
                    f8:37:ed:93:44:3e:a9:10:9a:b1:c6:cf:a4:ae:ba:
                    28:e7:36:8d:50:3d:4c:e5:5a:1f:99:87:33:46:10:
                    94:2b:83:32:c9:fb:e4:fd:67:80:9e:32:cc:72:d5:
                    41:66:36:bb:ad:23:2c:5e:97:f1:06:10:d7:48:d5:
                    97:de:0c:b9:22:9f:cb:2c:a5:be:26:1d:57:fc:0f:
                    c5:4e:39:b3:86:87:d6:38:b6:47:f8:39:e7:38:f5:
                    06:b2:b4:d4:c4:ab:11:03:2c:2b:cd:fa:99:25:96:
                    94:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:08:05:54:B2:AA:D7:84:65:88:0D:F2:A8:06:A4:D7:3B:7F:C2:6F
            X509v3 Authority Key Identifier:
                keyid:12:C4:5B:D3:8D:4B:DC:68:E3:D7:9D:E0:24:4D:F0:6D:2E:CB:66:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsRb041L3Gjj153gJE3wbS7LZgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/tAgFVLKq14RliA3yqAak1zt_wm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/EsRb041L3Gjj153gJE3wbS7LZgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:06:cc:d5:b7:5a:1b:ea:d4:ad:d7:ac:ab:93:51:36:58:da:
         b7:3c:2b:ff:64:27:11:e5:e6:8e:7d:b1:d7:27:2a:db:a0:29:
         71:ef:c2:15:17:8b:3f:02:e5:bb:f5:df:f3:15:0e:bf:1d:84:
         55:77:ce:64:af:7b:53:14:dd:18:0f:86:86:82:02:dd:be:69:
         84:ac:09:41:0c:1d:c5:41:ed:54:b2:1c:8b:45:48:65:76:97:
         8f:22:72:4a:06:92:42:5b:d8:c5:b5:54:b4:bf:5c:57:17:c0:
         2a:87:44:87:b0:f3:16:b7:49:88:1e:b5:1b:53:1c:31:02:a3:
         93:cf:60:a3:ef:e8:10:90:03:ac:ef:ad:ea:54:72:63:96:7f:
         e4:0f:5d:99:e0:23:19:25:90:21:36:00:50:00:12:b2:9d:65:
         d0:56:1b:51:dd:1f:e2:c2:c5:8a:e1:35:a0:7d:ed:d5:d6:f9:
         76:5f:19:0a:0c:2d:9e:92:24:56:16:92:ed:e7:d2:12:b3:9f:
         3a:fb:2a:46:e1:00:d8:90:48:bf:c8:b0:90:80:28:fc:d5:38:
         0f:7b:79:a3:21:11:ef:0a:1f:b2:0d:98:d9:fc:c8:fd:69:fc:
         83:6b:06:1c:0f:24:42:4a:33:65:8e:93:f1:27:34:03:55:a1:
         2d:da:d5:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwAadOfvpSoSbhkGp/EbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzQ1YmQzOGQ0YmRjNjhlM2Q3OWRlMDI0NGRmMDZkMmVj
YjY2MDkwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDA4MDU1NGIyYWFkNzg0NjU4ODBkZjJhODA2YTRkNzNiN2ZjMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWpGIOmizBA1vhoRP/IqQSh10JfJ
nVtvIOhfFz9FF5U3P7JZNU0DtVwLQ95FMCv6CYMNj/chP3Y9I/z4T3VWRnxz/GXU
BWajHz5B4iRvsUkrrvsom8gQWDxVPI6Jdcw0L/NmW9PvIFhI5OWgssKmpOzgb7Rw
+9zPTMCcDkJ62xzAq7q78v+LBrKJ5Jc84JC80Y5zwkb4N+2TRD6pEJqxxs+krroo
5zaNUD1M5VofmYczRhCUK4Myyfvk/WeAnjLMctVBZja7rSMsXpfxBhDXSNWX3gy5
Ip/LLKW+Jh1X/A/FTjmzhofWOLZH+DnnOPUGsrTUxKsRAywrzfqZJZaUgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQIBVSyqteEZYgN8qgGpNc7f8JvMB8GA1UdIwQY
MBaAFBLEW9ONS9xo49ed4CRN8G0uy2YJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNSYjA0MUwzR2pqMTUzZ0pFM3diUzdMWmdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS81Y2I1NDQtNTA0Zi00OGJmLWIxMDUt
MjIwMjhhNzg2ZjYwLzEvdEFnRlZMS3ExNFJsaUEzeXFBYWsxenRfd204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS81Y2I1NDQtNTA0Zi00OGJmLWIxMDUtMjIwMjhhNzg2ZjYw
LzEvRXNSYjA0MUwzR2pqMTUzZ0pFM3diUzdMWmdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVQEMA0G
CSqGSIb3DQEBCwUAA4IBAQBXBszVt1ob6tSt16yrk1E2WNq3PCv/ZCcR5eaOfbHX
JyrboClx78IVF4s/AuW79d/zFQ6/HYRVd85kr3tTFN0YD4aGggLdvmmErAlBDB3F
Qe1UshyLRUhldpePInJKBpJCW9jFtVS0v1xXF8Aqh0SHsPMWt0mIHrUbUxwxAqOT
z2Cj7+gQkAOs763qVHJjln/kD12Z4CMZJZAhNgBQABKynWXQVhtR3R/iwsWK4TWg
fe3V1vl2XxkKDC2ekiRWFpLt59ISs586+ypG4QDYkEi/yLCQgCj81TgPe3mjIRHv
Ch+yDZjZ/Mj9afyDawYcDyRCSjNljpPxJzQDVaEt2tWu
-----END CERTIFICATE-----