Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/Y0wXD1WoLnOEPfbw6V_tSunGfwg.roa
File:                     Y0wXD1WoLnOEPfbw6V_tSunGfwg.roa (raw, json)
Hash identifier:          yx53AAK5I03IpwdmRWa5gQHXndaywZ8R/5f4a0MZxfA=
Subject key identifier:   63:4C:17:0F:55:A8:2E:73:84:3D:F6:F0:E9:5F:ED:4A:E9:C6:7F:08
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       018CC79486A9EC0F37D7FDDB468EEBA78342
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/Y0wXD1WoLnOEPfbw6V_tSunGfwg.roa
Signing time:             Tue 02 Jan 2024 00:30:48 +0000
ROA not before:           Tue 02 Jan 2024 00:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208858
IP address blocks:        45.66.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:86:a9:ec:0f:37:d7:fd:db:46:8e:eb:a7:83:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  2 00:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=634c170f55a82e73843df6f0e95fed4ae9c67f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cb:e9:a9:f8:9f:c7:3c:b4:e6:63:ed:e1:91:
                    d7:a5:ea:6c:1a:7d:7e:4c:ab:dc:9b:bb:bb:c6:51:
                    1a:d0:4c:66:2f:91:b0:f7:dd:ef:88:6a:97:e2:f6:
                    2d:ed:05:ab:0b:2b:b7:a5:51:94:e0:ca:e4:bb:d9:
                    46:e7:4c:c2:34:05:06:97:7d:7a:d4:0a:5f:96:6a:
                    74:93:42:17:c9:f4:a7:a3:83:47:2f:4e:4b:2b:10:
                    84:71:d3:4d:fc:4c:9c:e6:9b:63:87:93:9b:a1:65:
                    5e:bd:d4:55:7c:f5:aa:3c:d2:c6:d3:dd:d6:e8:fe:
                    64:64:be:25:c7:ca:82:41:b9:10:a3:49:66:de:e9:
                    51:90:2b:5f:3a:f0:9a:22:d7:3d:cb:91:d9:15:2d:
                    a4:45:1a:e6:e4:29:c4:d7:b8:4a:f9:59:7c:77:71:
                    fe:89:49:4b:cf:56:a8:1e:14:45:83:fd:d5:5e:08:
                    13:37:7f:6c:18:f9:ce:ed:5b:f8:3f:57:61:06:d1:
                    b4:c1:74:82:93:a2:3d:37:87:47:70:54:f7:57:2c:
                    51:e6:a1:44:2f:1c:db:8e:67:fc:5d:12:29:2f:3d:
                    91:6d:f6:a9:4f:49:b4:56:02:68:d0:ec:a1:9b:af:
                    a7:86:a8:54:82:f9:48:b0:a7:e4:d9:ad:8a:47:e3:
                    f9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:4C:17:0F:55:A8:2E:73:84:3D:F6:F0:E9:5F:ED:4A:E9:C6:7F:08
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/Y0wXD1WoLnOEPfbw6V_tSunGfwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:94:94:aa:19:1d:9c:ad:0b:11:50:12:95:57:b0:1a:05:c4:
         aa:23:74:0a:f9:6a:da:4a:66:f5:94:78:8a:1f:cf:d3:f2:59:
         48:d8:4a:78:4e:7f:b1:fd:51:e7:c2:d3:20:5f:ee:62:9b:25:
         2d:bb:f2:6d:73:61:db:85:5f:10:e8:b2:98:60:f9:ff:cd:f6:
         b6:52:31:00:7d:55:1f:cc:ed:f3:ab:70:0f:b6:44:b6:8b:2f:
         76:f2:72:df:84:a1:03:04:f5:a8:b3:28:aa:0c:e9:9e:09:7a:
         9d:9e:f9:12:40:b1:fc:4c:15:0a:7d:0c:47:00:83:c8:60:3c:
         99:e9:92:cc:80:48:fe:7d:69:02:d8:f5:34:b4:9d:9c:ab:38:
         ce:37:61:51:de:cf:3e:65:d8:0d:eb:7b:58:34:09:7b:15:2a:
         8d:6e:c1:4d:9d:4c:14:35:fc:b0:77:d1:4a:c6:f2:4b:c8:8f:
         0c:98:2a:79:cc:d6:ff:85:b0:77:a4:2f:fb:e1:fe:ac:f1:cd:
         29:a4:e8:6b:39:13:d9:78:8c:1f:70:bf:86:28:a6:08:2a:28:
         c6:16:65:9c:f6:a1:6d:06:5a:3b:1a:f4:e0:29:77:86:98:4f:
         ef:03:8e:99:1a:c2:e1:e8:40:63:62:41:d1:41:ee:df:d2:6d:
         7f:03:49:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlIap7A831/3bRo7rp4NCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjQwMTAyMDAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzRjMTcwZjU1YTgyZTczODQzZGY2ZjBlOTVmZWQ0YWU5YzY3ZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcvpqfifxzy05mPt4ZHXpepsGn1+
TKvcm7u7xlEa0ExmL5Gw993viGqX4vYt7QWrCyu3pVGU4Mrku9lG50zCNAUGl316
1Apflmp0k0IXyfSno4NHL05LKxCEcdNN/Eyc5ptjh5OboWVevdRVfPWqPNLG093W
6P5kZL4lx8qCQbkQo0lm3ulRkCtfOvCaItc9y5HZFS2kRRrm5CnE17hK+Vl8d3H+
iUlLz1aoHhRFg/3VXggTN39sGPnO7Vv4P1dhBtG0wXSCk6I9N4dHcFT3VyxR5qFE
Lxzbjmf8XRIpLz2RbfapT0m0VgJo0Oyhm6+nhqhUgvlIsKfk2a2KR+P5twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNMFw9VqC5zhD328Olf7Urpxn8IMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvWTB3WEQxV29Mbk9FUGZidzZWX3RTdW5HZndnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUK4MA0G
CSqGSIb3DQEBCwUAA4IBAQBllJSqGR2crQsRUBKVV7AaBcSqI3QK+WraSmb1lHiK
H8/T8llI2Ep4Tn+x/VHnwtMgX+5imyUtu/Jtc2HbhV8Q6LKYYPn/zfa2UjEAfVUf
zO3zq3APtkS2iy928nLfhKEDBPWosyiqDOmeCXqdnvkSQLH8TBUKfQxHAIPIYDyZ
6ZLMgEj+fWkC2PU0tJ2cqzjON2FR3s8+ZdgN63tYNAl7FSqNbsFNnUwUNfywd9FK
xvJLyI8MmCp5zNb/hbB3pC/74f6s8c0ppOhrORPZeIwfcL+GKKYIKijGFmWc9qFt
Blo7GvTgKXeGmE/vA46ZGsLh6EBjYkHRQe7f0m1/A0k8
-----END CERTIFICATE-----