Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/rVmnNoqTrloAvpgQzTPh0tLkYOA.roa
File:                     rVmnNoqTrloAvpgQzTPh0tLkYOA.roa (raw, json)
Hash identifier:          qc8udfMCL7/wN8aZDjIfmrom8J7kQtVoavvRYjcYOPM=
Subject key identifier:   AD:59:A7:36:8A:93:AE:5A:00:BE:98:10:CD:33:E1:D2:D2:E4:60:E0
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018D13D7F00C0F7B52A4372BF8A409031567
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/rVmnNoqTrloAvpgQzTPh0tLkYOA.roa
Signing time:             Tue 16 Jan 2024 19:55:35 +0000
ROA not before:           Tue 16 Jan 2024 19:55:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12722
IP address blocks:        45.91.160.0/24 maxlen: 24
                          87.247.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:f0:0c:0f:7b:52:a4:37:2b:f8:a4:09:03:15:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan 16 19:55:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad59a7368a93ae5a00be9810cd33e1d2d2e460e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c3:81:20:e3:97:55:38:29:38:af:99:66:c6:
                    7a:14:9b:0a:e7:3f:13:ea:1f:5f:d7:f4:1a:51:90:
                    35:6c:9a:b9:3e:97:8e:b6:25:a7:58:bd:3a:60:60:
                    69:b2:ad:f3:ad:83:42:8f:93:b4:06:c7:97:53:88:
                    74:4a:eb:53:a9:04:c7:cf:81:64:ec:64:23:b8:94:
                    2d:3c:1f:4f:4d:81:86:aa:e9:c6:3a:0c:d9:4d:a4:
                    8b:bb:49:fc:30:8d:8f:4e:79:0e:0a:5d:f0:92:74:
                    e7:c6:b5:56:89:f1:35:4e:8e:44:dc:0c:cf:61:2e:
                    ef:7f:8c:1d:a4:42:95:c4:fd:de:2e:44:52:f3:a1:
                    75:a6:fe:cb:aa:31:ce:9d:de:45:10:c2:d3:2c:9d:
                    49:7e:f4:98:46:81:ca:79:32:32:01:e0:76:74:cd:
                    75:73:52:a4:3d:3a:41:3a:df:92:37:a0:fd:bf:37:
                    92:32:12:ae:89:4a:60:08:be:87:d5:66:7f:57:98:
                    2c:48:9c:e5:97:76:a4:23:ab:14:ef:f0:34:28:0d:
                    17:61:d7:96:9e:fc:44:44:e0:4c:9f:44:7f:12:b2:
                    1d:0e:62:fb:63:77:b6:c7:bc:a0:b9:55:b8:ec:a0:
                    9e:0d:ad:2b:1f:e0:24:d6:7e:02:ea:a0:04:84:9a:
                    97:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:59:A7:36:8A:93:AE:5A:00:BE:98:10:CD:33:E1:D2:D2:E4:60:E0
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/rVmnNoqTrloAvpgQzTPh0tLkYOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.160.0/24
                  87.247.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:1f:48:e4:7d:3e:82:cc:35:82:ee:c4:cb:0e:67:41:17:21:
         e6:15:db:a8:ed:1b:0a:f1:d2:cf:8c:7c:27:ec:40:f9:d8:7c:
         d5:20:ec:b7:a7:cd:58:06:be:43:27:bc:3b:43:32:af:94:0b:
         fb:09:3a:74:8b:2d:c8:f9:d6:c8:57:a2:38:5f:f9:9b:40:ef:
         5f:f5:c1:58:d0:78:e8:71:1e:a2:1b:53:8d:15:f8:50:a8:19:
         e7:98:30:d4:c9:97:e0:05:05:95:80:90:31:66:be:b6:09:c0:
         14:f0:81:6a:25:47:7a:87:32:40:7e:ae:56:5c:0f:95:58:66:
         c9:4e:59:11:b2:b1:38:da:15:8d:6c:af:09:5a:31:76:43:99:
         41:5c:a5:6c:40:a9:bc:48:b9:41:87:cd:7d:e3:8d:28:61:76:
         21:92:bb:4f:64:c0:dd:a7:82:d9:88:1b:01:80:86:89:ba:a1:
         8b:38:34:30:b1:d8:4f:df:2a:a6:f4:45:71:c6:e9:87:a6:0a:
         00:dc:3b:52:95:f6:16:a9:b8:33:8b:f2:b4:0e:6e:d9:2d:7b:
         41:e3:e0:cc:ed:b5:c0:a3:df:44:a0:4a:73:9c:49:8a:a0:1f:
         87:bb:4b:e0:57:69:dc:20:58:4f:c2:f2:e9:b8:13:24:ec:36:
         90:b9:04:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0T1/AMD3tSpDcr+KQJAxVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDU5YTczNjhhOTNhZTVhMDBiZTk4MTBjZDMzZTFkMmQyZTQ2MGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsOBIOOXVTgpOK+ZZsZ6FJsK5z8T
6h9f1/QaUZA1bJq5PpeOtiWnWL06YGBpsq3zrYNCj5O0BseXU4h0SutTqQTHz4Fk
7GQjuJQtPB9PTYGGqunGOgzZTaSLu0n8MI2PTnkOCl3wknTnxrVWifE1To5E3AzP
YS7vf4wdpEKVxP3eLkRS86F1pv7LqjHOnd5FEMLTLJ1JfvSYRoHKeTIyAeB2dM11
c1KkPTpBOt+SN6D9vzeSMhKuiUpgCL6H1WZ/V5gsSJzll3akI6sU7/A0KA0XYdeW
nvxEROBMn0R/ErIdDmL7Y3e2x7yguVW47KCeDa0rH+Ak1n4C6qAEhJqXRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK1ZpzaKk65aAL6YEM0z4dLS5GDgMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvclZtbk5vcVRybG9BdnBnUXpUUGgwdExrWU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVugAwQA
V/eMMA0GCSqGSIb3DQEBCwUAA4IBAQC2H0jkfT6CzDWC7sTLDmdBFyHmFduo7RsK
8dLPjHwn7ED52HzVIOy3p81YBr5DJ7w7QzKvlAv7CTp0iy3I+dbIV6I4X/mbQO9f
9cFY0HjocR6iG1ONFfhQqBnnmDDUyZfgBQWVgJAxZr62CcAU8IFqJUd6hzJAfq5W
XA+VWGbJTlkRsrE42hWNbK8JWjF2Q5lBXKVsQKm8SLlBh819440oYXYhkrtPZMDd
p4LZiBsBgIaJuqGLODQwsdhP3yqm9EVxxumHpgoA3DtSlfYWqbgzi/K0Dm7ZLXtB
4+DM7bXAo99EoEpznEmKoB+Hu0vgV2ncIFhPwvLpuBMk7DaQuQQN
-----END CERTIFICATE-----