Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/lpX6eymr1HFDmuE8guFPzZjyCi4.roa
File:                     lpX6eymr1HFDmuE8guFPzZjyCi4.roa (raw, json)
Hash identifier:          b+pMlD+qSbIDgpEd/B6eWvG/1+va27Ncly3r596dahM=
Subject key identifier:   96:95:FA:7B:29:AB:D4:71:43:9A:E1:3C:82:E1:4F:CD:98:F2:0A:2E
Certificate issuer:       /CN=8fd57a75dd7e952bee283935d6df2925d282a070
Certificate serial:       018CC348EABE2C6678B9F482B73D200725FA
Authority key identifier: 8F:D5:7A:75:DD:7E:95:2B:EE:28:39:35:D6:DF:29:25:D2:82:A0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/lpX6eymr1HFDmuE8guFPzZjyCi4.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        45.66.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ea:be:2c:66:78:b9:f4:82:b7:3d:20:07:25:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fd57a75dd7e952bee283935d6df2925d282a070
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9695fa7b29abd471439ae13c82e14fcd98f20a2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ee:0c:39:b5:c6:8c:db:77:ab:8f:b6:f0:2b:
                    26:c4:1b:46:b9:8b:39:74:48:75:f1:00:c2:63:7d:
                    bf:ca:01:3b:12:a0:ef:f6:0f:cc:6c:45:a7:c7:50:
                    4a:bf:31:c2:9a:40:5d:fb:dc:89:d1:6d:10:72:6c:
                    6f:ad:5d:71:f4:11:63:27:bd:6e:4d:c6:98:0d:40:
                    1e:ac:75:df:52:90:9c:89:ea:21:e3:73:83:6f:f2:
                    32:6e:81:d3:2b:2a:f1:4e:66:9f:a9:b0:72:f8:ba:
                    a2:c1:c2:1f:c5:fa:da:a9:ff:d8:4d:4c:e3:b4:a3:
                    de:48:0e:7c:78:a9:f6:19:3e:8a:d0:c2:28:ea:64:
                    ed:ee:e2:ac:0a:85:a9:27:dd:3a:b1:49:ef:a7:1f:
                    67:2c:58:f5:19:c3:56:55:f3:00:2e:8a:04:87:dd:
                    5a:cb:d8:d8:3c:7e:d1:45:48:f3:db:14:8c:3b:fb:
                    f4:6a:03:a3:30:ad:78:6e:f2:a0:84:20:4e:5c:62:
                    ba:3c:3c:38:ff:c6:b3:30:de:d9:dc:c5:7a:e4:14:
                    9d:40:73:96:b6:ea:5d:12:ee:6d:15:bd:47:40:d0:
                    97:e3:fa:99:34:0a:de:2f:8a:8e:db:45:59:d6:42:
                    4e:f2:46:d0:9e:05:42:6c:44:88:5b:aa:71:a0:81:
                    fc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:95:FA:7B:29:AB:D4:71:43:9A:E1:3C:82:E1:4F:CD:98:F2:0A:2E
            X509v3 Authority Key Identifier:
                keyid:8F:D5:7A:75:DD:7E:95:2B:EE:28:39:35:D6:DF:29:25:D2:82:A0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/lpX6eymr1HFDmuE8guFPzZjyCi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b9:b0:4d:12:c1:e0:7d:64:dc:c1:7e:8e:f1:ba:1c:ef:2a:
         ee:2e:93:06:68:c0:f6:e1:91:af:a2:3c:8a:e2:9b:03:18:c4:
         f9:59:24:62:b4:cc:9b:f4:db:12:d6:8d:c3:cc:44:da:51:1c:
         e0:e4:1d:75:4e:e9:9b:22:c4:96:d8:ba:fe:e7:8e:af:e9:38:
         68:04:b4:7b:f7:48:da:fd:0a:45:1a:a0:65:15:cb:ec:29:46:
         26:7a:08:0e:79:9c:b0:cb:ce:a8:c7:f3:4d:82:5a:5e:7a:f8:
         95:97:96:0f:9a:3b:66:b3:91:ab:74:d0:34:12:4e:f8:a0:3b:
         e7:ea:8d:d9:c3:9f:87:84:a7:2b:d6:0e:b9:b7:78:1f:35:cc:
         be:03:44:29:cf:98:84:01:f2:ae:2d:3c:23:3d:a5:b7:a8:05:
         a3:1c:5b:58:70:86:57:73:e9:af:58:9a:66:08:96:7d:2c:b6:
         53:37:36:51:13:01:e1:94:5d:b4:3f:ab:6d:af:82:75:7e:c1:
         60:3c:90:f2:21:09:f7:1f:41:d3:03:ec:a0:4f:19:56:2f:70:
         a7:2d:d2:69:c0:ca:46:0b:66:11:6e:ad:1a:1d:d9:2d:4f:1e:
         d6:76:02:c1:6e:26:7d:21:4a:52:70:b0:62:27:ea:12:76:80:
         94:de:fb:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOq+LGZ4ufSCtz0gByX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZDU3YTc1ZGQ3ZTk1MmJlZTI4MzkzNWQ2ZGYyOTI1ZDI4
MmEwNzAwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njk1ZmE3YjI5YWJkNDcxNDM5YWUxM2M4MmUxNGZjZDk4ZjIwYTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+4MObXGjNt3q4+28CsmxBtGuYs5
dEh18QDCY32/ygE7EqDv9g/MbEWnx1BKvzHCmkBd+9yJ0W0QcmxvrV1x9BFjJ71u
TcaYDUAerHXfUpCcieoh43ODb/IyboHTKyrxTmafqbBy+LqiwcIfxfraqf/YTUzj
tKPeSA58eKn2GT6K0MIo6mTt7uKsCoWpJ906sUnvpx9nLFj1GcNWVfMALooEh91a
y9jYPH7RRUjz2xSMO/v0agOjMK14bvKghCBOXGK6PDw4/8azMN7Z3MV65BSdQHOW
tupdEu5tFb1HQNCX4/qZNAreL4qO20VZ1kJO8kbQngVCbESIW6pxoIH8IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaV+nspq9RxQ5rhPILhT82Y8gouMB8GA1UdIwQY
MBaAFI/VenXdfpUr7ig5NdbfKSXSgqBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajlWNmRkMS1sU3Z1S0RrMTF0OHBKZEtDb0hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zOWQ0YjUtYjVjOS00ODBhLTk0MDUt
ZDlhNTM5YjhiN2FkLzEvbHBYNmV5bXIxSEZEbXVFOGd1RlB6Wmp5Q2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zOWQ0YjUtYjVjOS00ODBhLTk0MDUtZDlhNTM5YjhiN2Fk
LzEvajlWNmRkMS1sU3Z1S0RrMTF0OHBKZEtDb0hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUJRMA0G
CSqGSIb3DQEBCwUAA4IBAQBxubBNEsHgfWTcwX6O8boc7yruLpMGaMD24ZGvojyK
4psDGMT5WSRitMyb9NsS1o3DzETaURzg5B11TumbIsSW2Lr+546v6ThoBLR790ja
/QpFGqBlFcvsKUYmeggOeZywy86ox/NNglpeeviVl5YPmjtms5GrdNA0Ek74oDvn
6o3Zw5+HhKcr1g65t3gfNcy+A0Qpz5iEAfKuLTwjPaW3qAWjHFtYcIZXc+mvWJpm
CJZ9LLZTNzZREwHhlF20P6ttr4J1fsFgPJDyIQn3H0HTA+ygTxlWL3CnLdJpwMpG
C2YRbq0aHdktTx7WdgLBbiZ9IUpScLBiJ+oSdoCU3vuT
-----END CERTIFICATE-----