Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/1IrHoCnh7EO4eGQnBCxSiUBr1hw.roa
File:                     1IrHoCnh7EO4eGQnBCxSiUBr1hw.roa (raw, json)
Hash identifier:          TPZkuDlDjktt6HelCHAGmjm/2vU1R+GI2rgEssWaQOU=
Subject key identifier:   D4:8A:C7:A0:29:E1:EC:43:B8:78:64:27:04:2C:52:89:40:6B:D6:1C
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018DB258D34628248F42ABF583131637BF8B
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/1IrHoCnh7EO4eGQnBCxSiUBr1hw.roa
Signing time:             Fri 16 Feb 2024 14:36:22 +0000
ROA not before:           Fri 16 Feb 2024 14:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.83.124.0/22 maxlen: 24
                          45.83.136.0/22 maxlen: 24
                          45.83.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 18:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:58:d3:46:28:24:8f:42:ab:f5:83:13:16:37:bf:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Feb 16 14:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d48ac7a029e1ec43b8786427042c5289406bd61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a7:aa:ee:90:5f:41:dd:b9:5a:30:a4:96:8b:
                    c4:a3:99:ed:26:fb:ec:f2:04:72:60:5c:d3:4b:ad:
                    1a:2d:7f:7b:b8:ba:49:18:6f:c8:63:cb:b7:f0:18:
                    68:7f:00:7f:a5:64:b2:d5:83:e4:cb:5a:88:7a:a4:
                    5d:f9:69:c3:da:3c:9b:e2:74:9c:81:09:12:61:fc:
                    ba:2b:e6:d9:c4:83:42:3e:83:ec:88:b5:81:a7:5c:
                    49:51:0d:42:84:01:68:c6:16:8d:d7:41:c4:77:73:
                    62:f7:1c:6d:7c:40:c0:da:46:d4:44:57:49:01:85:
                    14:a6:ce:b5:fb:93:e0:54:ba:aa:a0:f1:8f:07:0e:
                    8b:b6:96:0d:3c:74:bf:f8:56:53:04:48:c2:f5:b3:
                    70:da:c5:80:1a:c3:f0:26:46:a1:6d:dd:50:f2:0f:
                    9e:58:ed:0a:e9:03:32:ae:9c:aa:37:ad:66:e7:f4:
                    51:45:1b:bf:c1:5e:5f:b7:88:af:43:37:7f:e0:14:
                    b0:8b:7c:7f:c1:3f:ea:59:70:ea:86:24:77:bb:ea:
                    1f:db:a8:7e:11:96:7f:45:4d:07:8e:3b:af:a6:84:
                    cc:73:5d:86:2e:c2:c7:34:fb:2c:2d:e2:5d:6b:95:
                    08:68:06:22:57:1e:c4:dc:41:97:0c:a0:63:c6:e8:
                    70:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8A:C7:A0:29:E1:EC:43:B8:78:64:27:04:2C:52:89:40:6B:D6:1C
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/1IrHoCnh7EO4eGQnBCxSiUBr1hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.124.0/22
                  45.83.136.0/22
                  45.83.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:32:91:c5:fa:19:16:f7:80:b5:66:1a:1a:6c:fe:fc:2c:3e:
         8e:45:ec:d1:b7:ae:1f:15:c0:d5:f5:98:19:27:95:29:7d:d6:
         49:88:dc:3d:75:29:12:76:7a:d0:62:1d:cb:f9:cf:e8:b4:cb:
         52:47:66:2a:d6:97:8b:5b:89:0c:b1:7e:ab:7a:75:a3:19:ca:
         68:56:7e:55:d2:5b:a3:ea:65:82:a1:b3:ef:b8:20:18:4b:4c:
         b9:84:39:d2:d1:54:d3:7d:05:e4:ed:d3:fb:21:58:d0:96:59:
         db:e5:cd:a9:3c:84:f6:e0:31:b3:66:5c:ae:21:b3:47:ec:3f:
         3f:19:83:24:15:3a:35:61:7d:27:07:08:e3:28:7d:6f:e7:44:
         e9:49:91:13:66:38:44:a9:50:92:4e:16:e1:d7:14:a7:22:74:
         28:43:86:c6:30:94:cc:0f:30:e0:87:d8:6e:32:48:f4:bb:94:
         e0:c3:94:d2:ac:48:d0:a6:53:47:53:2b:9c:78:74:3e:4a:b0:
         0b:f9:e5:1e:51:31:3d:0b:8d:4d:c3:07:98:46:11:4d:27:5f:
         72:e0:66:cc:57:3e:45:66:97:14:bb:53:0e:aa:80:a3:e8:b8:
         fb:29:e3:bd:76:9c:37:72:6f:d8:8e:c0:ec:34:29:7a:05:b7:
         1a:3f:b4:cd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2yWNNGKCSPQqv1gxMWN7+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwMjE2MTQzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhhYzdhMDI5ZTFlYzQzYjg3ODY0MjcwNDJjNTI4OTQwNmJkNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqeq7pBfQd25WjCklovEo5ntJvvs
8gRyYFzTS60aLX97uLpJGG/IY8u38BhofwB/pWSy1YPky1qIeqRd+WnD2jyb4nSc
gQkSYfy6K+bZxINCPoPsiLWBp1xJUQ1ChAFoxhaN10HEd3Ni9xxtfEDA2kbURFdJ
AYUUps61+5PgVLqqoPGPBw6LtpYNPHS/+FZTBEjC9bNw2sWAGsPwJkahbd1Q8g+e
WO0K6QMyrpyqN61m5/RRRRu/wV5ft4ivQzd/4BSwi3x/wT/qWXDqhiR3u+of26h+
EZZ/RU0HjjuvpoTMc12GLsLHNPssLeJda5UIaAYiVx7E3EGXDKBjxuhwOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNSKx6Ap4exDuHhkJwQsUolAa9YcMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvMUlySG9Dbmg3RU80ZUdRbkJDeFNpVUJyMWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVN8AwQC
LVOIAwQCLVOQMA0GCSqGSIb3DQEBCwUAA4IBAQAwMpHF+hkW94C1ZhoabP78LD6O
RezRt64fFcDV9ZgZJ5UpfdZJiNw9dSkSdnrQYh3L+c/otMtSR2Yq1peLW4kMsX6r
enWjGcpoVn5V0luj6mWCobPvuCAYS0y5hDnS0VTTfQXk7dP7IVjQllnb5c2pPIT2
4DGzZlyuIbNH7D8/GYMkFTo1YX0nBwjjKH1v50TpSZETZjhEqVCSThbh1xSnInQo
Q4bGMJTMDzDgh9huMkj0u5Tgw5TSrEjQplNHUyuceHQ+SrAL+eUeUTE9C41NwweY
RhFNJ19y4GbMVz5FZpcUu1MOqoCj6Lj7KeO9dpw3cm/YjsDsNCl6BbcaP7TN
-----END CERTIFICATE-----