Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/yMO1ffe0S9vMBWma7ZnR0aLvlTw.roa
File:                     yMO1ffe0S9vMBWma7ZnR0aLvlTw.roa (raw, json)
Hash identifier:          aPn94g2DwDS5RoG4+YU5gLV4PqIWH6yILYRLAW7o11k=
Subject key identifier:   C8:C3:B5:7D:F7:B4:4B:DB:CC:05:69:9A:ED:99:D1:D1:A2:EF:95:3C
Certificate issuer:       /CN=9bbae6e3ed766de47aba6693bb5af8a648974310
Certificate serial:       018CCA2A3E9FE9F7971E5317B975AF72938C
Authority key identifier: 9B:BA:E6:E3:ED:76:6D:E4:7A:BA:66:93:BB:5A:F8:A6:48:97:43:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/yMO1ffe0S9vMBWma7ZnR0aLvlTw.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206703
IP address blocks:        45.85.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3e:9f:e9:f7:97:1e:53:17:b9:75:af:72:93:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbae6e3ed766de47aba6693bb5af8a648974310
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8c3b57df7b44bdbcc05699aed99d1d1a2ef953c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8b:24:92:39:42:a8:69:a5:bf:4e:c5:46:11:
                    a4:82:2e:bd:04:aa:b1:7b:b9:18:27:da:e6:ec:c4:
                    ee:82:e3:b2:67:df:90:e7:99:60:05:76:13:aa:7d:
                    10:06:35:b6:a9:fd:24:91:e3:63:78:9a:4d:60:0a:
                    d5:60:02:52:8a:4e:64:28:3c:db:09:c9:b9:3c:c0:
                    73:f7:8a:34:ef:0e:a7:d4:d3:24:79:49:1e:65:0f:
                    26:14:e8:4f:95:2e:ab:82:98:e4:60:c6:a7:19:48:
                    d5:cd:f6:59:09:41:06:39:1c:8f:92:65:84:89:47:
                    47:bb:68:4d:9f:c8:e3:57:b3:83:1a:fa:b6:93:e1:
                    ae:31:88:c7:d1:98:ae:38:e3:1c:8d:3e:85:ea:f9:
                    c0:b7:de:26:43:e3:10:d1:b3:ad:93:e5:dd:df:4c:
                    eb:55:ac:c6:2b:57:37:5c:8a:aa:ee:bc:00:ca:bf:
                    d1:41:b4:bf:2b:22:ca:46:97:1a:cb:04:64:17:09:
                    4d:02:03:78:75:f0:0c:7b:0f:d5:29:10:9d:16:d7:
                    ae:0b:1d:49:e5:c7:f8:e6:da:40:be:e2:2a:fc:3f:
                    d5:5a:91:d4:00:6b:b8:95:1e:4d:1b:6c:89:ab:35:
                    b3:27:fa:91:d7:cd:4a:6c:e4:73:55:17:7f:9e:81:
                    17:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C3:B5:7D:F7:B4:4B:DB:CC:05:69:9A:ED:99:D1:D1:A2:EF:95:3C
            X509v3 Authority Key Identifier:
                keyid:9B:BA:E6:E3:ED:76:6D:E4:7A:BA:66:93:BB:5A:F8:A6:48:97:43:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/yMO1ffe0S9vMBWma7ZnR0aLvlTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:00:e9:77:53:29:d0:20:27:0b:ad:f4:85:b5:b8:d1:11:9f:
         d0:d8:03:1a:be:28:e8:08:a7:90:c6:18:44:28:34:8a:73:db:
         e5:d2:0e:5e:03:0c:01:b9:0e:d7:fd:81:c9:29:24:91:66:61:
         72:82:aa:39:42:32:83:b2:f9:58:80:ce:84:43:27:2a:ff:78:
         75:d7:cd:17:17:82:f9:25:48:cb:58:e2:3a:8f:2c:b3:a8:06:
         91:3e:86:87:9b:b5:33:da:53:f1:32:5b:20:c9:a2:c9:08:ca:
         34:07:cc:e2:6f:ea:bd:0f:61:a7:b4:05:f9:1d:8a:99:70:09:
         cf:4c:3c:25:55:9f:3a:79:6d:d0:7a:cf:7c:ad:bc:22:dd:b0:
         9f:a1:79:86:74:56:5e:0c:17:5b:5f:93:7d:6c:8d:64:4d:b1:
         0a:14:f5:d3:77:23:57:09:24:34:71:71:40:43:55:c1:b9:6f:
         b5:6c:63:84:ce:fb:8f:e2:9d:e8:a0:a0:73:10:d8:41:3f:69:
         34:dd:d9:53:c1:0b:cc:8a:1a:77:31:1c:40:c8:de:1d:48:28:
         be:58:de:47:77:c7:bf:df:2b:86:43:25:51:fc:d2:a9:5c:2a:
         37:20:1e:a2:9c:84:fb:8c:9b:33:05:62:26:5c:03:da:f6:f0:
         08:2d:b3:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKj6f6feXHlMXuXWvcpOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYmFlNmUzZWQ3NjZkZTQ3YWJhNjY5M2JiNWFmOGE2NDg5
NzQzMTAwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGMzYjU3ZGY3YjQ0YmRiY2MwNTY5OWFlZDk5ZDFkMWEyZWY5NTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYskkjlCqGmlv07FRhGkgi69BKqx
e7kYJ9rm7MTuguOyZ9+Q55lgBXYTqn0QBjW2qf0kkeNjeJpNYArVYAJSik5kKDzb
Ccm5PMBz94o07w6n1NMkeUkeZQ8mFOhPlS6rgpjkYManGUjVzfZZCUEGORyPkmWE
iUdHu2hNn8jjV7ODGvq2k+GuMYjH0ZiuOOMcjT6F6vnAt94mQ+MQ0bOtk+Xd30zr
VazGK1c3XIqq7rwAyr/RQbS/KyLKRpcaywRkFwlNAgN4dfAMew/VKRCdFteuCx1J
5cf45tpAvuIq/D/VWpHUAGu4lR5NG2yJqzWzJ/qR181KbORzVRd/noEXUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjDtX33tEvbzAVpmu2Z0dGi75U8MB8GA1UdIwQY
MBaAFJu65uPtdm3kerpmk7ta+KZIl0MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTdybTQtMTJiZVI2dW1hVHUxcjRwa2lYUXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kMzk1M2ItYjk0Mi00Yjc1LTljOWQt
OTg1YzY0ZmUyN2VlLzEveU1PMWZmZTBTOXZNQldtYTdablIwYUx2bFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kMzk1M2ItYjk0Mi00Yjc1LTljOWQtOTg1YzY0ZmUyN2Vl
LzEvbTdybTQtMTJiZVI2dW1hVHUxcjRwa2lYUXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVX8MA0G
CSqGSIb3DQEBCwUAA4IBAQCOAOl3UynQICcLrfSFtbjREZ/Q2AMavijoCKeQxhhE
KDSKc9vl0g5eAwwBuQ7X/YHJKSSRZmFygqo5QjKDsvlYgM6EQycq/3h1180XF4L5
JUjLWOI6jyyzqAaRPoaHm7Uz2lPxMlsgyaLJCMo0B8zib+q9D2GntAX5HYqZcAnP
TDwlVZ86eW3Qes98rbwi3bCfoXmGdFZeDBdbX5N9bI1kTbEKFPXTdyNXCSQ0cXFA
Q1XBuW+1bGOEzvuP4p3ooKBzENhBP2k03dlTwQvMihp3MRxAyN4dSCi+WN5Hd8e/
3yuGQyVR/NKpXCo3IB6inIT7jJszBWImXAPa9vAILbOL
-----END CERTIFICATE-----