Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ayfgv9kkKEM80Cdcc5h1P7gblbk.roa
File:                     Ayfgv9kkKEM80Cdcc5h1P7gblbk.roa (raw, json)
Hash identifier:          5FcbWLNyXifx6Q5RlgXEemiHtqedmk0nY8tmhsTdRnc=
Subject key identifier:   03:27:E0:BF:D9:24:28:43:3C:D0:27:5C:73:98:75:3F:B8:1B:95:B9
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951DAB9072BC179811FEBCF748F9FE
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ayfgv9kkKEM80Cdcc5h1P7gblbk.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48525
IP address blocks:        45.92.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1d:ab:90:72:bc:17:98:11:fe:bc:f7:48:f9:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0327e0bfd92428433cd0275c7398753fb81b95b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:01:38:b1:2e:a4:ab:18:c3:1f:ca:21:2c:bd:
                    86:2c:27:f5:30:84:8d:de:43:f5:37:cb:6b:02:3b:
                    ca:fe:a5:7c:23:2a:bd:12:be:35:48:03:de:22:ff:
                    87:e3:1e:27:d8:6a:f5:4e:d3:39:07:97:88:ca:62:
                    52:f3:3b:93:d8:e7:bc:66:1a:24:5a:ca:22:82:52:
                    5a:e6:58:75:15:2d:78:cb:e7:d8:af:e8:37:a7:0e:
                    27:cb:2e:80:9e:3f:1d:be:82:cd:53:2c:bc:84:3b:
                    d9:0e:8b:a4:f8:a8:b9:6c:5b:ab:f6:4e:34:88:cd:
                    dc:b7:f5:5d:80:8c:fe:30:7f:b5:7a:49:22:66:b0:
                    06:c4:53:9b:f3:e7:58:61:f4:33:10:c8:61:c9:ce:
                    7e:17:ec:62:51:fb:8a:97:54:6f:fe:39:87:b7:99:
                    f9:db:9a:96:4e:98:47:9b:59:5f:ab:66:30:f6:28:
                    5f:4f:31:97:60:9f:65:3a:da:bb:05:83:de:92:f5:
                    9e:fb:46:95:91:a5:c9:7d:4b:52:8c:29:40:e0:40:
                    ad:dd:43:47:5c:21:30:8f:44:71:d4:b9:ba:e9:42:
                    6f:c6:8d:f2:61:47:f1:69:d3:06:a2:13:9d:6d:22:
                    65:ee:7c:99:a3:2e:88:89:d0:b2:07:d8:f3:d4:8e:
                    54:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:27:E0:BF:D9:24:28:43:3C:D0:27:5C:73:98:75:3F:B8:1B:95:B9
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ayfgv9kkKEM80Cdcc5h1P7gblbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:04:f8:e3:12:b5:e0:b7:c9:e3:e3:24:ba:4a:0f:36:5d:81:
         6c:26:1a:bf:db:ae:ca:c8:11:aa:b2:eb:2d:c5:c4:0c:50:ca:
         d6:a8:27:d5:5e:c6:9b:cf:d8:12:e1:42:30:de:3f:7d:c7:5c:
         67:dc:42:1a:21:5b:08:b5:d8:0d:4e:b1:5b:d6:fc:10:e6:fb:
         13:85:b6:a9:08:c1:30:1d:0f:46:e9:a5:30:05:63:a7:9a:8e:
         93:9b:6f:29:13:34:97:ef:c3:fb:a8:23:38:1c:e1:55:3e:1d:
         e3:bd:12:d3:ae:50:54:36:ca:87:70:bd:79:90:f6:b8:74:f3:
         d7:55:49:a8:b8:18:e5:b4:55:b6:61:ce:b3:f3:73:a2:b2:fd:
         f1:a7:2e:d7:60:0d:49:c4:ab:a6:b7:ff:c1:37:aa:05:5c:c1:
         80:96:c7:f1:ad:90:3f:c0:6d:11:c1:34:fc:89:9d:07:80:2e:
         6c:c1:c3:51:19:ef:4d:d5:19:5d:0a:f1:8d:cf:67:bc:54:d4:
         cc:b3:83:28:3b:32:59:8c:52:be:6b:18:b9:4d:5e:3c:a1:b2:
         1f:ce:a4:da:bc:0b:6e:68:bf:ee:61:c2:00:26:73:c7:17:b6:
         a8:75:bb:50:00:98:1a:9a:f2:5b:0e:6b:bf:b2:94:63:31:e9:
         7e:10:f9:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlR2rkHK8F5gR/rz3SPn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzI3ZTBiZmQ5MjQyODQzM2NkMDI3NWM3Mzk4NzUzZmI4MWI5NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgE4sS6kqxjDH8ohLL2GLCf1MISN
3kP1N8trAjvK/qV8Iyq9Er41SAPeIv+H4x4n2Gr1TtM5B5eIymJS8zuT2Oe8Zhok
WsoiglJa5lh1FS14y+fYr+g3pw4nyy6Anj8dvoLNUyy8hDvZDouk+Ki5bFur9k40
iM3ct/VdgIz+MH+1ekkiZrAGxFOb8+dYYfQzEMhhyc5+F+xiUfuKl1Rv/jmHt5n5
25qWTphHm1lfq2Yw9ihfTzGXYJ9lOtq7BYPekvWe+0aVkaXJfUtSjClA4ECt3UNH
XCEwj0Rx1Lm66UJvxo3yYUfxadMGohOdbSJl7nyZoy6IidCyB9jz1I5UUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMn4L/ZJChDPNAnXHOYdT+4G5W5MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvQXlmZ3Y5a2tLRU04MENkY2M1aDFQN2dibGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVytMA0G
CSqGSIb3DQEBCwUAA4IBAQAkBPjjErXgt8nj4yS6Sg82XYFsJhq/267KyBGqsust
xcQMUMrWqCfVXsabz9gS4UIw3j99x1xn3EIaIVsItdgNTrFb1vwQ5vsThbapCMEw
HQ9G6aUwBWOnmo6Tm28pEzSX78P7qCM4HOFVPh3jvRLTrlBUNsqHcL15kPa4dPPX
VUmouBjltFW2Yc6z83Oisv3xpy7XYA1JxKumt//BN6oFXMGAlsfxrZA/wG0RwTT8
iZ0HgC5swcNRGe9N1RldCvGNz2e8VNTMs4MoOzJZjFK+axi5TV48obIfzqTavAtu
aL/uYcIAJnPHF7aodbtQAJgamvJbDmu/spRjMel+EPlB
-----END CERTIFICATE-----