Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/VF6Jziy3wdWbFQzMRY0s9ZfwNSc.roa
File:                     VF6Jziy3wdWbFQzMRY0s9ZfwNSc.roa (raw, json)
Hash identifier:          b/GzxNuKl49U972kD2+4KcSATymA7bCHOsT4EmYgaz0=
Subject key identifier:   54:5E:89:CE:2C:B7:C1:D5:9B:15:0C:CC:45:8D:2C:F5:97:F0:35:27
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B93229DD7423EA329F52A694BBB63C
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/VF6Jziy3wdWbFQzMRY0s9ZfwNSc.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        45.150.224.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 13:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:32:29:dd:74:23:ea:32:9f:52:a6:94:bb:b6:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=545e89ce2cb7c1d59b150ccc458d2cf597f03527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f1:9c:d6:17:e9:67:ad:64:d3:f0:ba:65:b4:
                    a5:7b:1a:d3:4d:7c:ae:85:5a:55:f7:64:f5:f3:4b:
                    60:e5:88:c0:aa:f9:e7:61:82:26:c1:84:be:01:09:
                    9b:ee:63:c8:b8:dd:f8:22:ba:b0:42:80:29:04:46:
                    b2:46:f4:8a:91:3d:7a:56:7b:e9:00:75:5e:a5:4f:
                    ac:eb:df:88:57:52:2c:22:f1:b0:37:a2:d9:e1:8d:
                    7a:54:f8:1d:a5:8d:81:69:7e:aa:60:7f:72:6f:7d:
                    1c:70:19:5a:fa:03:1c:5b:99:d6:4a:26:f6:6a:55:
                    5d:23:84:cf:33:ee:f6:02:64:2c:39:18:24:7d:73:
                    37:62:45:8b:62:73:be:80:a5:f5:65:71:c6:46:d7:
                    2e:ab:7c:37:47:f6:0d:a2:ac:f6:e8:9c:03:31:32:
                    43:1c:02:1d:d2:40:01:01:b5:39:d3:c8:68:ac:bc:
                    c2:b9:07:14:23:87:6e:09:a4:2b:51:6c:6e:2f:da:
                    73:d6:04:81:2f:4e:3f:26:89:c0:c9:f4:19:4b:25:
                    a4:13:9c:7c:d0:de:17:74:ea:31:67:51:75:dd:c7:
                    b0:9e:f7:b2:bb:f5:9c:59:7a:ea:7f:a8:70:db:01:
                    57:ba:e0:12:2a:04:7e:49:19:fe:a3:1d:f8:fd:64:
                    27:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:5E:89:CE:2C:B7:C1:D5:9B:15:0C:CC:45:8D:2C:F5:97:F0:35:27
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/VF6Jziy3wdWbFQzMRY0s9ZfwNSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:49:2a:06:77:f6:cc:26:50:f3:c6:97:b4:36:b3:71:c4:f8:
         2d:18:bc:f9:37:26:b3:04:ff:4e:33:f6:fd:6f:2b:8c:e5:a7:
         95:40:84:a0:46:4c:7d:79:07:45:ed:bc:17:58:af:96:28:8b:
         c8:fc:5f:88:ee:0f:db:9f:23:c9:0f:3f:e7:64:03:d4:53:f7:
         aa:f3:75:32:f2:27:69:4d:bc:f6:85:24:86:23:1e:8e:40:0f:
         51:c7:2a:d1:a5:a9:8d:f0:93:3a:0b:4d:d8:91:f7:44:d0:e5:
         57:ba:34:70:60:70:6d:e6:6b:cf:66:34:8c:70:c4:fd:08:d6:
         45:b1:3b:69:76:d2:b7:d2:79:87:9a:d3:47:72:5a:a7:d5:e7:
         7d:71:e1:da:73:b1:b7:e8:3a:12:0b:2c:ce:c6:5a:f8:63:ee:
         35:47:dc:a4:9c:b9:e1:57:b8:ff:36:cc:9c:de:36:31:73:5c:
         27:f6:51:b1:de:c6:1e:bc:50:d3:94:29:0a:fc:48:bb:a1:ac:
         3a:50:ae:8b:f4:c0:5d:4d:58:6d:53:ef:fd:bb:64:55:40:b6:
         ea:86:19:c1:8f:02:dd:27:1b:0d:a6:d9:5d:30:5a:c5:af:39:
         da:8f:a5:22:dc:d7:15:38:96:d8:0e:28:ab:c3:73:74:a6:8d:
         bd:44:68:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTIp3XQj6jKfUqaUu7Y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDVlODljZTJjYjdjMWQ1OWIxNTBjY2M0NThkMmNmNTk3ZjAzNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/Gc1hfpZ61k0/C6ZbSlexrTTXyu
hVpV92T180tg5YjAqvnnYYImwYS+AQmb7mPIuN34IrqwQoApBEayRvSKkT16Vnvp
AHVepU+s69+IV1IsIvGwN6LZ4Y16VPgdpY2BaX6qYH9yb30ccBla+gMcW5nWSib2
alVdI4TPM+72AmQsORgkfXM3YkWLYnO+gKX1ZXHGRtcuq3w3R/YNoqz26JwDMTJD
HAId0kABAbU508horLzCuQcUI4duCaQrUWxuL9pz1gSBL04/JonAyfQZSyWkE5x8
0N4XdOoxZ1F13cewnveyu/WcWXrqf6hw2wFXuuASKgR+SRn+ox34/WQnoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFReic4st8HVmxUMzEWNLPWX8DUnMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvVkY2SnppeTN3ZFdiRlF6TVJZMHM5WmZ3TlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZbgMA0G
CSqGSIb3DQEBCwUAA4IBAQAhSSoGd/bMJlDzxpe0NrNxxPgtGLz5NyazBP9OM/b9
byuM5aeVQISgRkx9eQdF7bwXWK+WKIvI/F+I7g/bnyPJDz/nZAPUU/eq83Uy8idp
Tbz2hSSGIx6OQA9RxyrRpamN8JM6C03YkfdE0OVXujRwYHBt5mvPZjSMcMT9CNZF
sTtpdtK30nmHmtNHclqn1ed9ceHac7G36DoSCyzOxlr4Y+41R9yknLnhV7j/Nsyc
3jYxc1wn9lGx3sYevFDTlCkK/Ei7oaw6UK6L9MBdTVhtU+/9u2RVQLbqhhnBjwLd
JxsNptldMFrFrznaj6Ui3NcVOJbYDiirw3N0po29RGgA
-----END CERTIFICATE-----