Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/6pRPFx7gbyETIPzUOZT6Q9WPoj8.roa
File:                     6pRPFx7gbyETIPzUOZT6Q9WPoj8.roa (raw, json)
Hash identifier:          +f5y8EgSKnkAZbm6PH8fI5WtVIrSkRG7hM9+Wgxbe3s=
Subject key identifier:   EA:94:4F:17:1E:E0:6F:21:13:20:FC:D4:39:94:FA:43:D5:8F:A2:3F
Certificate issuer:       /CN=8fd57a75dd7e952bee283935d6df2925d282a070
Certificate serial:       018CC348EA716468F27DC390C845D000EC10
Authority key identifier: 8F:D5:7A:75:DD:7E:95:2B:EE:28:39:35:D6:DF:29:25:D2:82:A0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/6pRPFx7gbyETIPzUOZT6Q9WPoj8.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        45.66.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ea:71:64:68:f2:7d:c3:90:c8:45:d0:00:ec:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fd57a75dd7e952bee283935d6df2925d282a070
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea944f171ee06f211320fcd43994fa43d58fa23f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a6:36:84:7e:6c:d0:8b:db:b7:2a:4c:54:b5:
                    b0:01:d3:22:f6:af:93:bd:f8:fd:72:24:c0:9b:c1:
                    6e:d0:05:e4:82:4f:91:1b:0d:7b:e2:32:6a:95:e7:
                    2b:ab:df:01:8b:11:44:77:ff:4f:ea:cd:f8:54:82:
                    a5:9e:72:9c:be:06:5b:fa:23:2b:b8:cc:ba:c8:a9:
                    30:14:67:55:05:5e:9c:8d:2b:d2:3e:9e:2c:dd:6d:
                    52:fc:9f:45:98:af:46:dd:98:6d:16:1d:7a:68:17:
                    47:21:b4:4e:5f:1e:85:eb:1e:20:9e:ad:fd:4b:33:
                    e7:c9:63:84:94:88:89:79:a4:ff:43:36:2b:f0:fe:
                    6f:72:f6:fc:6c:47:63:93:50:96:95:e6:1c:40:59:
                    2b:5c:32:7f:b6:a1:8a:1b:38:d6:6c:db:73:65:db:
                    54:ad:ce:46:e7:02:c9:51:ef:99:6d:57:7e:17:25:
                    ee:c4:52:6b:28:c5:c6:dd:14:41:ca:21:e3:eb:10:
                    28:63:ef:cc:61:43:41:ee:fc:10:c9:c6:e0:b4:b1:
                    d8:ab:6e:ea:80:73:02:e9:f2:6c:75:5f:02:c2:a7:
                    36:26:41:71:72:03:37:56:0d:d8:77:fa:11:b3:00:
                    4a:cc:b8:fc:32:16:6c:6b:20:ab:a0:a3:4c:08:74:
                    3f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:94:4F:17:1E:E0:6F:21:13:20:FC:D4:39:94:FA:43:D5:8F:A2:3F
            X509v3 Authority Key Identifier:
                keyid:8F:D5:7A:75:DD:7E:95:2B:EE:28:39:35:D6:DF:29:25:D2:82:A0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/6pRPFx7gbyETIPzUOZT6Q9WPoj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:de:af:d1:ce:2d:e6:23:8b:9f:23:70:95:df:aa:af:10:3d:
         c1:40:84:f8:d2:85:b1:1b:0e:24:94:a7:e1:37:1d:a3:03:7e:
         03:c5:31:e1:42:10:5f:88:17:97:1c:de:31:c3:c0:c5:15:0e:
         0e:62:09:11:4a:5a:8d:3a:66:0c:e1:cf:8c:30:23:29:58:34:
         90:bc:c6:87:8a:84:d8:b2:1e:10:7f:27:24:68:ea:ea:61:6f:
         3c:bd:e2:8c:92:3c:04:19:75:8e:ef:1c:c0:86:90:97:7f:ee:
         48:b0:e7:5e:d3:02:f9:c4:c4:ed:ec:f5:d6:f0:8d:7e:f7:db:
         0e:35:00:de:7b:f5:31:0a:c0:9c:80:13:58:14:94:0b:9e:dc:
         5c:11:21:53:7b:ed:74:80:5b:fc:b3:3b:17:7c:da:4b:1e:9b:
         be:b4:70:cc:a4:05:9e:b6:e5:f5:4d:63:9b:2f:cd:2c:8e:28:
         4a:e5:e4:a4:f3:6e:11:81:93:f4:cd:fb:29:a8:ad:68:06:35:
         c3:2b:3d:12:3c:65:04:4c:82:b0:bd:9d:4f:4b:62:ab:31:85:
         4c:49:f4:f1:8b:12:67:60:0a:43:5f:0a:74:00:89:36:c4:5f:
         01:9f:d3:40:25:c8:8f:b7:96:7a:75:52:9c:e7:dc:38:90:dc:
         d3:0e:ca:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOpxZGjyfcOQyEXQAOwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZDU3YTc1ZGQ3ZTk1MmJlZTI4MzkzNWQ2ZGYyOTI1ZDI4
MmEwNzAwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTk0NGYxNzFlZTA2ZjIxMTMyMGZjZDQzOTk0ZmE0M2Q1OGZhMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqY2hH5s0IvbtypMVLWwAdMi9q+T
vfj9ciTAm8Fu0AXkgk+RGw174jJqlecrq98BixFEd/9P6s34VIKlnnKcvgZb+iMr
uMy6yKkwFGdVBV6cjSvSPp4s3W1S/J9FmK9G3ZhtFh16aBdHIbROXx6F6x4gnq39
SzPnyWOElIiJeaT/QzYr8P5vcvb8bEdjk1CWleYcQFkrXDJ/tqGKGzjWbNtzZdtU
rc5G5wLJUe+ZbVd+FyXuxFJrKMXG3RRByiHj6xAoY+/MYUNB7vwQycbgtLHYq27q
gHMC6fJsdV8Cwqc2JkFxcgM3Vg3Yd/oRswBKzLj8MhZsayCroKNMCHQ/5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqUTxce4G8hEyD81DmU+kPVj6I/MB8GA1UdIwQY
MBaAFI/VenXdfpUr7ig5NdbfKSXSgqBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajlWNmRkMS1sU3Z1S0RrMTF0OHBKZEtDb0hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zOWQ0YjUtYjVjOS00ODBhLTk0MDUt
ZDlhNTM5YjhiN2FkLzEvNnBSUEZ4N2dieUVUSVB6VU9aVDZROVdQb2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zOWQ0YjUtYjVjOS00ODBhLTk0MDUtZDlhNTM5YjhiN2Fk
LzEvajlWNmRkMS1sU3Z1S0RrMTF0OHBKZEtDb0hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUJSMA0G
CSqGSIb3DQEBCwUAA4IBAQCH3q/Rzi3mI4ufI3CV36qvED3BQIT40oWxGw4klKfh
Nx2jA34DxTHhQhBfiBeXHN4xw8DFFQ4OYgkRSlqNOmYM4c+MMCMpWDSQvMaHioTY
sh4QfyckaOrqYW88veKMkjwEGXWO7xzAhpCXf+5IsOde0wL5xMTt7PXW8I1+99sO
NQDee/UxCsCcgBNYFJQLntxcESFTe+10gFv8szsXfNpLHpu+tHDMpAWetuX1TWOb
L80sjihK5eSk824RgZP0zfspqK1oBjXDKz0SPGUETIKwvZ1PS2KrMYVMSfTxixJn
YApDXwp0AIk2xF8Bn9NAJciPt5Z6dVKc59w4kNzTDspe
-----END CERTIFICATE-----