Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/L9PRnb3hz2wMPcfyvw8fA7CD1vM.roa
File:                     L9PRnb3hz2wMPcfyvw8fA7CD1vM.roa (raw, json)
Hash identifier:          cr15ChGxbAppf+/EW+Zpuy3YgwXknAa2LX/OAQnYurA=
Subject key identifier:   2F:D3:D1:9D:BD:E1:CF:6C:0C:3D:C7:F2:BF:0F:1F:03:B0:83:D6:F3
Certificate issuer:       /CN=06c92df2c9faa2915fc5feb5a4270183419faef2
Certificate serial:       018CCA2BA9F7D4E295DB0A1FE10AEDCEB8B6
Authority key identifier: 06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/L9PRnb3hz2wMPcfyvw8fA7CD1vM.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213044
IP address blocks:        45.154.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a9:f7:d4:e2:95:db:0a:1f:e1:0a:ed:ce:b8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c92df2c9faa2915fc5feb5a4270183419faef2
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fd3d19dbde1cf6c0c3dc7f2bf0f1f03b083d6f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:18:7a:d1:04:b5:6e:12:a5:71:d2:ff:88:ff:
                    c4:da:4e:72:72:fb:5c:3c:1a:7e:8f:c9:4f:06:f4:
                    93:9c:3a:6a:83:83:1f:b5:54:af:36:52:e4:8a:8d:
                    4f:7d:b6:de:b9:d8:a9:c8:d9:46:24:1e:54:e5:8c:
                    d8:db:86:78:d4:55:77:d3:0b:4e:d0:88:a9:05:49:
                    cb:e1:0b:7c:99:5e:50:d8:7d:02:26:81:18:ef:ea:
                    d6:29:26:61:dd:76:81:a5:28:2e:2b:5a:ea:70:ab:
                    10:82:25:6b:11:a8:0f:51:1f:0e:8e:d1:d5:29:f5:
                    35:d5:d4:c1:a3:69:4b:6e:3d:04:1f:e8:af:5a:ff:
                    34:c2:93:22:ab:0d:dd:24:cd:1e:bb:bf:a0:76:66:
                    fb:95:d6:98:bb:e1:1b:6b:23:01:1c:dd:4d:43:54:
                    24:33:db:cd:7d:71:2e:79:be:1c:07:97:37:4e:88:
                    8c:b5:57:e2:4a:0d:32:16:76:bd:93:05:fb:91:23:
                    27:71:c2:f9:20:05:c6:d9:01:bc:94:b1:ba:59:e2:
                    66:10:0d:58:75:ec:13:2a:4a:c7:fd:ae:78:ee:ad:
                    4c:0f:40:9b:fc:21:d6:55:6c:e7:31:5d:60:81:93:
                    c2:ef:2e:bd:89:7f:b7:4a:a3:29:e1:d9:2e:e7:0a:
                    46:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:D3:D1:9D:BD:E1:CF:6C:0C:3D:C7:F2:BF:0F:1F:03:B0:83:D6:F3
            X509v3 Authority Key Identifier:
                keyid:06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/L9PRnb3hz2wMPcfyvw8fA7CD1vM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:98:1d:c3:c0:21:a6:76:ed:7d:3e:53:e3:ee:6c:f2:34:69:
         7b:0d:f4:a2:31:20:5f:97:e7:36:a7:73:5e:dd:36:16:84:8a:
         a3:a7:c1:43:9e:65:4c:84:54:da:42:32:7c:b6:b9:86:96:4d:
         86:11:b0:03:3b:7e:b6:19:5a:61:7a:27:4b:23:c4:e4:59:7c:
         8b:14:c6:04:07:89:31:f9:a6:5d:de:80:0e:96:8a:a0:53:3c:
         73:f3:d4:80:ba:fe:ff:ef:5f:13:76:dc:6d:2f:60:96:6b:45:
         08:aa:7e:a0:f4:b0:d6:78:18:c3:27:94:20:4f:89:4b:22:f9:
         dd:74:ee:19:26:a9:12:ca:51:44:57:5c:fc:6f:f6:e0:b4:62:
         55:07:f0:12:0e:53:98:fa:59:a8:97:22:e3:4f:a5:95:73:7a:
         5f:05:fb:e2:ac:31:37:60:f7:c9:7d:82:ca:3e:33:54:e6:03:
         6a:5c:56:13:a7:8b:ea:1e:45:8a:cc:a5:20:76:ef:45:d4:10:
         e7:bb:e1:81:8d:5d:b9:e4:79:f9:69:5e:22:b9:51:3d:f7:8a:
         fe:4b:0e:87:f6:9f:90:02:46:0b:18:cc:17:7a:99:25:f6:e5:
         ec:e7:23:80:ce:5c:70:74:7e:e8:f9:ff:f2:aa:c4:ce:45:7a:
         19:2f:bb:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6n31OKV2wof4Qrtzri2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzkyZGYyYzlmYWEyOTE1ZmM1ZmViNWE0MjcwMTgzNDE5
ZmFlZjIwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQzZDE5ZGJkZTFjZjZjMGMzZGM3ZjJiZjBmMWYwM2IwODNkNmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRh60QS1bhKlcdL/iP/E2k5ycvtc
PBp+j8lPBvSTnDpqg4MftVSvNlLkio1PfbbeudipyNlGJB5U5YzY24Z41FV30wtO
0IipBUnL4Qt8mV5Q2H0CJoEY7+rWKSZh3XaBpSguK1rqcKsQgiVrEagPUR8OjtHV
KfU11dTBo2lLbj0EH+ivWv80wpMiqw3dJM0eu7+gdmb7ldaYu+EbayMBHN1NQ1Qk
M9vNfXEueb4cB5c3ToiMtVfiSg0yFna9kwX7kSMnccL5IAXG2QG8lLG6WeJmEA1Y
dewTKkrH/a547q1MD0Cb/CHWVWznMV1ggZPC7y69iX+3SqMp4dku5wpGtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/T0Z294c9sDD3H8r8PHwOwg9bzMB8GA1UdIwQY
MBaAFAbJLfLJ+qKRX8X+taQnAYNBn67yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUt
ZDZkNTVjMTY5ZTE2LzEvTDlQUm5iM2h6MndNUGNmeXZ3OGZBN0NEMXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUtZDZkNTVjMTY5ZTE2
LzEvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZrZMA0G
CSqGSIb3DQEBCwUAA4IBAQB7mB3DwCGmdu19PlPj7mzyNGl7DfSiMSBfl+c2p3Ne
3TYWhIqjp8FDnmVMhFTaQjJ8trmGlk2GEbADO362GVpheidLI8TkWXyLFMYEB4kx
+aZd3oAOloqgUzxz89SAuv7/718TdtxtL2CWa0UIqn6g9LDWeBjDJ5QgT4lLIvnd
dO4ZJqkSylFEV1z8b/bgtGJVB/ASDlOY+lmolyLjT6WVc3pfBfvirDE3YPfJfYLK
PjNU5gNqXFYTp4vqHkWKzKUgdu9F1BDnu+GBjV255Hn5aV4iuVE994r+Sw6H9p+Q
AkYLGMwXepkl9uXs5yOAzlxwdH7o+f/yqsTORXoZL7sn
-----END CERTIFICATE-----