Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/CrVIolPEotg8qGsn9w-GvWNCquc.roa
File:                     CrVIolPEotg8qGsn9w-GvWNCquc.roa (raw, json)
Hash identifier:          UsUA7AJ66WIrMfMj4+hz+dvj1foKCK4LDHLDz8+PJ6Y=
Subject key identifier:   0A:B5:48:A2:53:C4:A2:D8:3C:A8:6B:27:F7:0F:86:BD:63:42:AA:E7
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       018CC2DB02D6B1C316422016762C4A405942
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/CrVIolPEotg8qGsn9w-GvWNCquc.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212396
IP address blocks:        45.84.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:d6:b1:c3:16:42:20:16:76:2c:4a:40:59:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ab548a253c4a2d83ca86b27f70f86bd6342aae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c3:66:37:2c:1f:94:7f:35:9b:90:49:48:a1:
                    80:d6:a1:45:bb:22:60:32:45:ac:88:9b:78:c2:95:
                    62:ea:c2:cd:69:fd:52:39:1e:a3:ff:1c:53:2a:46:
                    61:b3:3d:a4:3f:73:2a:e7:da:6d:bf:f5:4b:8d:20:
                    3d:3f:94:a5:22:a8:f7:85:24:77:7c:0a:06:8c:51:
                    b3:74:09:9a:6a:48:40:f6:c8:19:2a:16:6a:66:76:
                    b7:da:ad:e7:18:76:f6:e1:6d:ff:96:69:8f:50:49:
                    0c:60:c7:c4:38:c1:0f:d7:1a:70:a5:17:fd:96:4e:
                    e2:de:24:15:5f:bf:bc:e3:11:4e:b0:bc:70:7c:68:
                    89:63:02:3e:fa:b9:99:c5:e5:ab:77:72:86:4a:07:
                    fc:dc:fe:fa:71:b5:b0:d9:5d:52:cf:1e:d3:67:56:
                    13:53:81:78:ea:23:96:8b:e2:74:f3:36:a9:e5:19:
                    63:08:02:40:b8:69:a1:b9:08:11:54:fc:dd:ce:89:
                    0e:44:96:47:e9:86:8d:3d:01:16:f3:f1:54:21:ca:
                    72:81:f2:22:d6:41:58:e0:d9:d7:13:0f:36:85:93:
                    0e:51:47:74:ff:12:ab:fa:f7:5e:90:20:95:c6:62:
                    2c:67:cc:10:5c:f8:2b:6c:5a:80:6a:b2:56:7b:49:
                    60:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B5:48:A2:53:C4:A2:D8:3C:A8:6B:27:F7:0F:86:BD:63:42:AA:E7
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/CrVIolPEotg8qGsn9w-GvWNCquc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:12:ca:fb:c6:fd:9e:82:80:ba:8c:66:eb:0a:26:11:6e:e4:
         bf:33:7a:e5:1e:e6:d8:55:34:51:dc:20:7c:e0:93:41:e2:f8:
         63:1d:fc:5d:6c:91:fe:7f:a0:2b:20:e3:3d:dc:19:f2:ac:26:
         b0:cc:a6:55:1d:6f:59:d8:9f:d8:65:e1:75:53:78:99:76:8f:
         49:80:f5:67:62:1f:16:ac:f8:b6:49:b3:e3:e0:4d:43:08:1f:
         b8:8e:8f:79:60:0f:f8:20:93:e6:24:30:2c:e3:da:08:91:6d:
         10:25:88:12:dc:67:ca:4c:9e:46:1f:1e:ff:be:1a:ed:c6:b7:
         58:39:e4:a0:08:38:b6:b8:08:5c:df:b7:b2:ba:ec:70:1d:fa:
         55:9c:19:b6:e1:02:c9:7b:06:1f:db:a1:ee:09:56:5d:fd:49:
         00:cd:17:d1:b8:d9:20:17:61:12:eb:41:67:49:4c:1d:5f:e6:
         95:17:8b:ad:1f:b7:c0:d9:83:c3:5c:44:5f:2d:96:e2:49:01:
         ad:a4:50:92:77:be:70:0f:b4:a3:93:2d:f4:53:df:7a:a4:6b:
         30:f5:cb:e0:0a:dd:f9:97:8c:95:7b:e1:63:92:12:e3:c1:9a:
         0c:ff:1a:de:80:00:f9:4e:2e:2f:c5:10:60:6b:60:89:6b:2a:
         39:02:df:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wLWscMWQiAWdixKQFlCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI1NDhhMjUzYzRhMmQ4M2NhODZiMjdmNzBmODZiZDYzNDJhYWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8NmNywflH81m5BJSKGA1qFFuyJg
MkWsiJt4wpVi6sLNaf1SOR6j/xxTKkZhsz2kP3Mq59ptv/VLjSA9P5SlIqj3hSR3
fAoGjFGzdAmaakhA9sgZKhZqZna32q3nGHb24W3/lmmPUEkMYMfEOMEP1xpwpRf9
lk7i3iQVX7+84xFOsLxwfGiJYwI++rmZxeWrd3KGSgf83P76cbWw2V1Szx7TZ1YT
U4F46iOWi+J08zap5RljCAJAuGmhuQgRVPzdzokORJZH6YaNPQEW8/FUIcpygfIi
1kFY4NnXEw82hZMOUUd0/xKr+vdekCCVxmIsZ8wQXPgrbFqAarJWe0lgSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAq1SKJTxKLYPKhrJ/cPhr1jQqrnMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvQ3JWSW9sUEVvdGc4cUdzbjl3LUd2V05DcXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQ5MA0G
CSqGSIb3DQEBCwUAA4IBAQB1Esr7xv2egoC6jGbrCiYRbuS/M3rlHubYVTRR3CB8
4JNB4vhjHfxdbJH+f6ArIOM93BnyrCawzKZVHW9Z2J/YZeF1U3iZdo9JgPVnYh8W
rPi2SbPj4E1DCB+4jo95YA/4IJPmJDAs49oIkW0QJYgS3GfKTJ5GHx7/vhrtxrdY
OeSgCDi2uAhc37eyuuxwHfpVnBm24QLJewYf26HuCVZd/UkAzRfRuNkgF2ES60Fn
SUwdX+aVF4utH7fA2YPDXERfLZbiSQGtpFCSd75wD7Sjky30U996pGsw9cvgCt35
l4yVe+FjkhLjwZoM/xregAD5Ti4vxRBga2CJayo5At/e
-----END CERTIFICATE-----