Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8Z9rMXoKd7R7bK4mkXnInEizQt8.roa
File:                     8Z9rMXoKd7R7bK4mkXnInEizQt8.roa (raw, json)
Hash identifier:          9XGuzXxYghxuNKM+yyxXXmdoMqTHe+9mgI/60OwnGBk=
Subject key identifier:   F1:9F:6B:31:7A:0A:77:B4:7B:6C:AE:26:91:79:C8:9C:48:B3:42:DF
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018ECBF3F5E8B76FE820BA416DE39C2B542A
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8Z9rMXoKd7R7bK4mkXnInEizQt8.roa
Signing time:             Thu 11 Apr 2024 06:59:06 +0000
ROA not before:           Thu 11 Apr 2024 06:59:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60949
IP address blocks:        45.144.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cb:f3:f5:e8:b7:6f:e8:20:ba:41:6d:e3:9c:2b:54:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 11 06:59:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f19f6b317a0a77b47b6cae269179c89c48b342df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3f:59:db:9e:e4:c6:f0:03:c6:f4:b4:7e:21:
                    ee:90:99:f3:c9:b4:e3:b1:b9:a1:f5:b7:82:d5:73:
                    bf:6c:86:03:c4:c6:23:87:17:4c:46:31:6f:0e:7f:
                    24:c0:71:b8:cb:3a:a9:a3:8c:2e:01:0d:4a:35:8f:
                    a6:2d:11:af:e8:ab:cf:fb:55:da:df:89:cf:9e:cc:
                    e1:41:3a:fa:f8:0a:d7:d8:b2:1d:87:79:1e:f0:6a:
                    6f:02:37:89:66:98:39:f2:54:32:1d:84:9c:11:37:
                    c2:64:e1:9c:04:8c:ec:14:2b:78:eb:ed:19:4a:a0:
                    27:75:bb:29:7a:39:2a:ad:52:92:bb:20:1f:35:5b:
                    34:22:1d:43:b1:ab:69:a3:b6:75:92:04:cd:dd:fc:
                    b6:d5:83:31:4b:3d:1b:47:a8:2c:ac:2e:4f:73:2d:
                    fd:aa:89:a1:c1:ae:80:17:b8:7e:f2:de:61:e3:5d:
                    07:b6:c8:79:a8:07:24:31:1a:ba:e1:7e:7f:a6:b7:
                    c5:44:2b:84:07:58:db:3f:9d:88:1c:75:c8:04:9b:
                    4a:a5:62:92:7b:62:f1:c4:e3:c8:07:ef:b6:09:1d:
                    cd:9d:0d:c3:70:81:13:75:d3:c0:e6:ff:f2:a1:f5:
                    69:b8:d7:57:84:b1:94:7a:d0:e5:7f:f5:02:e1:91:
                    7f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:9F:6B:31:7A:0A:77:B4:7B:6C:AE:26:91:79:C8:9C:48:B3:42:DF
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8Z9rMXoKd7R7bK4mkXnInEizQt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:47:a7:25:df:51:10:ae:25:f0:c2:d2:52:01:2d:1b:d5:cc:
         d4:fe:78:88:0a:9f:f3:14:c4:0d:08:c0:14:5f:4e:23:af:37:
         c2:97:a5:d3:5e:d1:86:ba:3c:2b:84:fc:a6:e3:1a:f5:e8:87:
         59:a0:01:e2:cf:61:a4:f2:63:62:85:05:1e:7b:52:90:36:25:
         e9:70:5f:fe:a0:7c:5b:08:be:b1:04:4c:5e:2c:af:70:26:ef:
         d2:85:e1:48:bf:33:ef:a7:4a:59:49:ff:ca:bf:35:fd:c3:e7:
         54:21:e8:a1:f1:61:b7:4d:f6:59:41:9c:ad:9b:a9:e0:b1:e4:
         aa:91:a8:64:32:f6:0a:6f:50:f5:30:eb:b1:93:b3:a8:d5:9e:
         a5:19:2f:3e:92:b3:dc:33:99:24:b1:4d:3e:06:fc:8d:75:03:
         13:e5:0c:2f:20:91:f5:e0:5a:87:bb:26:1f:d7:44:34:9f:68:
         a2:37:6b:44:39:e0:27:82:07:35:56:e8:48:f5:c0:eb:38:21:
         d7:a4:65:d4:da:2d:05:f7:3d:bf:41:7a:1a:14:b3:02:c9:d9:
         67:65:b7:6b:52:92:e6:7e:d6:c8:bd:2c:d0:b5:53:2e:d9:89:
         8c:96:83:58:d8:62:77:28:ca:b2:5f:82:bc:a5:9a:61:bf:f1:
         55:7f:9a:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7L8/Xot2/oILpBbeOcK1QqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNDExMDY1OTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTlmNmIzMTdhMGE3N2I0N2I2Y2FlMjY5MTc5Yzg5YzQ4YjM0MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlT9Z257kxvADxvS0fiHukJnzybTj
sbmh9beC1XO/bIYDxMYjhxdMRjFvDn8kwHG4yzqpo4wuAQ1KNY+mLRGv6KvP+1Xa
34nPnszhQTr6+ArX2LIdh3ke8GpvAjeJZpg58lQyHYScETfCZOGcBIzsFCt46+0Z
SqAndbspejkqrVKSuyAfNVs0Ih1Dsatpo7Z1kgTN3fy21YMxSz0bR6gsrC5Pcy39
qomhwa6AF7h+8t5h410Htsh5qAckMRq64X5/prfFRCuEB1jbP52IHHXIBJtKpWKS
e2LxxOPIB++2CR3NnQ3DcIETddPA5v/yofVpuNdXhLGUetDlf/UC4ZF/GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGfazF6Cne0e2yuJpF5yJxIs0LfMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOFo5ck1Yb0tkN1I3Yks0bWtYbkluRWl6UXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZDXMA0G
CSqGSIb3DQEBCwUAA4IBAQCzR6cl31EQriXwwtJSAS0b1czU/niICp/zFMQNCMAU
X04jrzfCl6XTXtGGujwrhPym4xr16IdZoAHiz2Gk8mNihQUee1KQNiXpcF/+oHxb
CL6xBExeLK9wJu/SheFIvzPvp0pZSf/KvzX9w+dUIeih8WG3TfZZQZytm6ngseSq
kahkMvYKb1D1MOuxk7Oo1Z6lGS8+krPcM5kksU0+BvyNdQMT5QwvIJH14FqHuyYf
10Q0n2iiN2tEOeAnggc1VuhI9cDrOCHXpGXU2i0F9z2/QXoaFLMCydlnZbdrUpLm
ftbIvSzQtVMu2YmMloNY2GJ3KMqyX4K8pZphv/FVf5pJ
-----END CERTIFICATE-----