Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/70a499-c87e-4546-8950-b704ee27c65c/1/KXJgFn7inCF7vZBGE2zeP95gNck.roa
File:                     KXJgFn7inCF7vZBGE2zeP95gNck.roa (raw, json)
Hash identifier:          7id01i5NUMSq7deoS0ZEQUNdosWWPt0v0JAIjQDbDVs=
Subject key identifier:   29:72:60:16:7E:E2:9C:21:7B:BD:90:46:13:6C:DE:3F:DE:60:35:C9
Certificate issuer:       /CN=4bdd9a133a92486a14edc4e7625b24f95d3891cc
Certificate serial:       018CC2DB37122A8D861383976CA2CD820518
Authority key identifier: 4B:DD:9A:13:3A:92:48:6A:14:ED:C4:E7:62:5B:24:F9:5D:38:91:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S92aEzqSSGoU7cTnYlsk-V04kcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/70a499-c87e-4546-8950-b704ee27c65c/1/KXJgFn7inCF7vZBGE2zeP95gNck.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197931
IP address blocks:        45.128.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/70a499-c87e-4546-8950-b704ee27c65c/1/S92aEzqSSGoU7cTnYlsk-V04kcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/70a499-c87e-4546-8950-b704ee27c65c/1/S92aEzqSSGoU7cTnYlsk-V04kcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S92aEzqSSGoU7cTnYlsk-V04kcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:37:12:2a:8d:86:13:83:97:6c:a2:cd:82:05:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bdd9a133a92486a14edc4e7625b24f95d3891cc
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=297260167ee29c217bbd9046136cde3fde6035c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d2:65:13:9f:e7:c9:1c:4c:0e:36:d3:61:ea:
                    dd:29:89:59:c1:65:a0:83:7d:18:8c:a1:97:ce:b1:
                    93:42:b7:ea:3a:fd:81:37:60:51:56:33:ff:a9:f4:
                    5d:f6:02:02:69:32:fb:49:05:88:ce:92:74:3a:d6:
                    d8:bd:ec:42:41:e7:f8:ee:35:4c:f2:97:b0:39:68:
                    4c:e8:b2:f4:1a:7c:fc:96:1f:a1:e4:33:94:5f:d0:
                    59:73:4e:ee:09:95:37:21:64:37:2c:6d:58:5a:df:
                    dd:1f:5e:17:d3:ca:ca:0f:e9:41:35:86:d9:fb:40:
                    56:a5:63:c3:a8:b4:1b:54:5d:e1:d7:d4:17:91:e5:
                    d3:58:34:8a:b1:2b:51:9b:c8:f9:fd:4b:77:bb:06:
                    54:74:79:76:82:61:99:c7:59:b3:2c:79:eb:0e:c4:
                    19:b3:6a:ba:b9:2f:22:16:47:a6:fe:08:be:15:3f:
                    88:4c:9f:b4:ba:62:94:c2:20:ff:37:63:b3:dd:4d:
                    cc:11:fd:07:41:62:83:65:32:07:bf:46:5d:e4:ec:
                    81:7c:64:f6:fa:f2:37:88:4f:88:d1:ed:71:bb:51:
                    f1:93:8d:11:8d:b6:a4:77:3e:b9:32:c6:7c:02:3a:
                    09:97:78:9e:c8:ea:58:20:86:c7:a4:39:50:a9:c9:
                    0c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:72:60:16:7E:E2:9C:21:7B:BD:90:46:13:6C:DE:3F:DE:60:35:C9
            X509v3 Authority Key Identifier:
                keyid:4B:DD:9A:13:3A:92:48:6A:14:ED:C4:E7:62:5B:24:F9:5D:38:91:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S92aEzqSSGoU7cTnYlsk-V04kcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/70a499-c87e-4546-8950-b704ee27c65c/1/KXJgFn7inCF7vZBGE2zeP95gNck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/70a499-c87e-4546-8950-b704ee27c65c/1/S92aEzqSSGoU7cTnYlsk-V04kcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:7a:aa:9d:19:94:15:ac:1e:99:7e:5d:ec:44:f9:38:52:44:
         df:70:2f:6e:4d:1d:42:3b:53:aa:25:45:f3:84:37:ff:a9:a9:
         b5:dc:ae:50:31:d7:ab:65:c8:5d:b6:83:47:51:f7:0b:d3:ac:
         1c:dc:14:1a:8a:a7:d6:ec:72:a6:46:67:1a:53:51:a5:2f:d1:
         f6:1e:e9:fa:b4:b3:8a:9c:f6:16:63:c5:a6:96:c2:ce:38:34:
         3e:7b:cc:67:2c:e8:98:5e:9e:06:89:0e:40:41:ad:d9:ce:8c:
         a8:42:f1:3d:d8:f1:7b:d9:5c:a8:f7:f3:eb:71:0e:84:ed:03:
         77:26:55:c8:d2:c8:71:0f:b4:3b:fa:f5:a9:c7:f0:a7:87:4b:
         09:57:c9:f8:56:4c:26:c4:25:32:60:49:e0:7e:41:8d:c3:5e:
         3d:e2:10:10:d3:ba:b4:c5:aa:35:fa:b1:0e:03:86:96:0a:5c:
         02:41:38:b2:27:21:6b:0d:2d:2a:b7:7e:fb:e9:89:86:76:2c:
         03:ee:bc:b6:82:34:3d:6b:e4:f8:94:df:1c:b1:9d:a5:8d:9a:
         ee:e5:c6:fe:38:2d:85:40:11:ed:4b:98:ea:a0:e4:4e:67:c1:
         94:cf:43:67:91:23:22:e8:50:ea:9c:4d:cb:aa:cf:7a:98:75:
         cc:c3:59:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zcSKo2GE4OXbKLNggUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZGQ5YTEzM2E5MjQ4NmExNGVkYzRlNzYyNWIyNGY5NWQz
ODkxY2MwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTcyNjAxNjdlZTI5YzIxN2JiZDkwNDYxMzZjZGUzZmRlNjAzNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitJlE5/nyRxMDjbTYerdKYlZwWWg
g30YjKGXzrGTQrfqOv2BN2BRVjP/qfRd9gICaTL7SQWIzpJ0OtbYvexCQef47jVM
8pewOWhM6LL0Gnz8lh+h5DOUX9BZc07uCZU3IWQ3LG1YWt/dH14X08rKD+lBNYbZ
+0BWpWPDqLQbVF3h19QXkeXTWDSKsStRm8j5/Ut3uwZUdHl2gmGZx1mzLHnrDsQZ
s2q6uS8iFkem/gi+FT+ITJ+0umKUwiD/N2Oz3U3MEf0HQWKDZTIHv0Zd5OyBfGT2
+vI3iE+I0e1xu1Hxk40Rjbakdz65MsZ8AjoJl3ieyOpYIIbHpDlQqckMqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClyYBZ+4pwhe72QRhNs3j/eYDXJMB8GA1UdIwQY
MBaAFEvdmhM6kkhqFO3E52JbJPldOJHMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzkyYUV6cVNTR29VN2NUbllsc2stVjA0a2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83MGE0OTktYzg3ZS00NTQ2LTg5NTAt
YjcwNGVlMjdjNjVjLzEvS1hKZ0ZuN2luQ0Y3dlpCR0UyemVQOTVnTmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83MGE0OTktYzg3ZS00NTQ2LTg5NTAtYjcwNGVlMjdjNjVj
LzEvUzkyYUV6cVNTR29VN2NUbllsc2stVjA0a2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBiMA0G
CSqGSIb3DQEBCwUAA4IBAQAqeqqdGZQVrB6Zfl3sRPk4UkTfcC9uTR1CO1OqJUXz
hDf/qam13K5QMderZchdtoNHUfcL06wc3BQaiqfW7HKmRmcaU1GlL9H2Hun6tLOK
nPYWY8WmlsLOODQ+e8xnLOiYXp4GiQ5AQa3ZzoyoQvE92PF72Vyo9/PrcQ6E7QN3
JlXI0shxD7Q7+vWpx/Cnh0sJV8n4VkwmxCUyYEngfkGNw1494hAQ07q0xao1+rEO
A4aWClwCQTiyJyFrDS0qt3776YmGdiwD7ry2gjQ9a+T4lN8csZ2ljZru5cb+OC2F
QBHtS5jqoOROZ8GUz0NnkSMi6FDqnE3Lqs96mHXMw1mj
-----END CERTIFICATE-----