Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hSY7xCuvddbF1PzRshc90f0jWoE.roa
File:                     hSY7xCuvddbF1PzRshc90f0jWoE.roa (raw, json)
Hash identifier:          8wuPABKB6Sk0B7jC3EBw0T9fldly4PCtKgxi5h3ztTY=
Subject key identifier:   85:26:3B:C4:2B:AF:75:D6:C5:D4:FC:D1:B2:17:3D:D1:FD:23:5A:81
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018FDD1E1854CF5FC283787790D2C89D66B6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hSY7xCuvddbF1PzRshc90f0jWoE.roa
Signing time:             Mon 03 Jun 2024 08:01:28 +0000
ROA not before:           Mon 03 Jun 2024 08:01:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207439
IP address blocks:        45.9.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:1e:18:54:cf:5f:c2:83:78:77:90:d2:c8:9d:66:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  3 08:01:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85263bc42baf75d6c5d4fcd1b2173dd1fd235a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6a:ed:7d:32:ad:db:7a:a7:e1:67:f2:a0:67:
                    77:9e:e6:c7:97:e3:7b:c2:7a:f9:b1:f9:16:81:d0:
                    e6:fd:2b:b6:25:ce:d1:91:67:18:47:8a:52:2e:f6:
                    bb:97:b2:73:5d:29:c1:bd:02:d2:77:25:df:34:c9:
                    d6:59:90:8a:e8:fe:17:b1:a8:f6:8f:cc:52:62:52:
                    11:13:9f:bf:bb:b0:98:4c:b4:f8:ff:8f:eb:c4:57:
                    44:04:44:55:14:f6:9a:03:bd:ac:21:d5:e0:1d:56:
                    34:ba:9c:c5:df:08:f4:df:84:a8:90:72:ed:52:66:
                    3f:71:f1:f4:51:8e:55:5b:46:a0:6a:1a:bd:40:10:
                    39:76:4b:99:3b:15:36:75:01:24:2a:81:35:88:76:
                    2a:2a:5e:bf:7e:bc:6e:e5:a4:e8:a9:79:00:c4:09:
                    32:c4:c1:2e:2d:12:7a:be:c3:81:c1:bb:a5:fe:bb:
                    aa:e9:e3:5f:84:63:03:ba:0e:f1:1b:10:91:20:df:
                    50:f0:f5:3f:18:6a:36:d5:4f:93:0d:cb:da:df:5f:
                    db:10:dc:16:33:cc:4f:9f:b1:1c:61:ba:e2:73:e6:
                    71:51:c5:90:8b:be:1d:58:dc:e5:25:bc:f9:ba:84:
                    61:c7:e9:74:ec:aa:06:cf:5e:93:f9:73:4c:56:fe:
                    4f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:26:3B:C4:2B:AF:75:D6:C5:D4:FC:D1:B2:17:3D:D1:FD:23:5A:81
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hSY7xCuvddbF1PzRshc90f0jWoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:90:66:d0:de:58:24:5e:0e:2f:72:e7:47:67:bb:aa:03:5b:
         f8:41:5e:5d:01:b6:3d:4c:7c:a2:a0:04:ea:d2:79:37:26:26:
         37:2e:b5:eb:fe:7b:e9:43:8a:9a:5b:98:4d:c8:2e:e6:34:34:
         e9:0c:2a:7b:8e:1a:e5:a2:5e:6b:26:f0:8c:69:ae:bf:ba:4d:
         dd:1b:e3:1f:cc:42:b2:54:56:01:9f:8a:b6:28:29:ef:26:04:
         8d:c1:44:fa:61:e5:2f:27:94:bc:8e:8c:8a:f7:b5:12:a4:e0:
         33:8f:76:19:71:9a:6c:43:cb:b8:b3:da:f5:7e:d7:27:7b:a5:
         39:57:e1:45:eb:eb:f8:48:d0:9a:79:8b:5e:62:f0:1b:ed:6b:
         85:86:fa:a3:3a:ba:ad:bd:96:58:28:92:ef:34:c1:7a:0a:35:
         86:21:1e:26:c8:ca:7a:bd:d9:8b:c1:45:4b:fe:4d:cf:1a:9a:
         82:38:ea:86:6c:3a:98:db:4a:2c:cc:86:e6:71:70:9a:89:61:
         f7:65:a3:6a:8a:02:68:ca:dd:d6:ca:6b:fd:3d:7f:df:c9:e5:
         98:e3:98:c3:f4:c4:1e:a6:3b:c1:fc:02:dd:4d:28:c7:ea:27:
         6e:86:82:37:6f:b1:ec:91:75:2b:17:a5:1c:17:f6:96:bd:e6:
         cf:f0:97:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/dHhhUz1/Cg3h3kNLInWa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNjAzMDgwMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI2M2JjNDJiYWY3NWQ2YzVkNGZjZDFiMjE3M2RkMWZkMjM1YTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWrtfTKt23qn4WfyoGd3nubHl+N7
wnr5sfkWgdDm/Su2Jc7RkWcYR4pSLva7l7JzXSnBvQLSdyXfNMnWWZCK6P4Xsaj2
j8xSYlIRE5+/u7CYTLT4/4/rxFdEBERVFPaaA72sIdXgHVY0upzF3wj034SokHLt
UmY/cfH0UY5VW0agahq9QBA5dkuZOxU2dQEkKoE1iHYqKl6/frxu5aToqXkAxAky
xMEuLRJ6vsOBwbul/ruq6eNfhGMDug7xGxCRIN9Q8PU/GGo21U+TDcva31/bENwW
M8xPn7EcYbric+ZxUcWQi74dWNzlJbz5uoRhx+l07KoGz16T+XNMVv5PzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUmO8Qrr3XWxdT80bIXPdH9I1qBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaFNZN3hDdXZkZGJGMVB6UnNoYzkwZjBqV29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQmdMA0G
CSqGSIb3DQEBCwUAA4IBAQBakGbQ3lgkXg4vcudHZ7uqA1v4QV5dAbY9THyioATq
0nk3JiY3LrXr/nvpQ4qaW5hNyC7mNDTpDCp7jhrlol5rJvCMaa6/uk3dG+MfzEKy
VFYBn4q2KCnvJgSNwUT6YeUvJ5S8joyK97USpOAzj3YZcZpsQ8u4s9r1ftcne6U5
V+FF6+v4SNCaeYteYvAb7WuFhvqjOrqtvZZYKJLvNMF6CjWGIR4myMp6vdmLwUVL
/k3PGpqCOOqGbDqY20oszIbmcXCaiWH3ZaNqigJoyt3Wymv9PX/fyeWY45jD9MQe
pjvB/ALdTSjH6iduhoI3b7HskXUrF6UcF/aWvebP8JeK
-----END CERTIFICATE-----