Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/yQlRBrLDeyn3TTj8ZtGhdV1-yK0.roa
File:                     yQlRBrLDeyn3TTj8ZtGhdV1-yK0.roa (raw, json)
Hash identifier:          H5Od3PkOreooagwKDaRNuaNY56vK6MXBcQKy60Zytts=
Subject key identifier:   C9:09:51:06:B2:C3:7B:29:F7:4D:38:FC:66:D1:A1:75:5D:7E:C8:AD
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01949A4EDB66C1C4FF1507403D7D2C04CD99
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/yQlRBrLDeyn3TTj8ZtGhdV1-yK0.roa
Signing time:             Fri 24 Jan 2025 21:54:06 +0000
ROA not before:           Fri 24 Jan 2025 21:54:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199959
IP address blocks:        45.141.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 12:14:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9a:4e:db:66:c1:c4:ff:15:07:40:3d:7d:2c:04:cd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan 24 21:54:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9095106b2c37b29f74d38fc66d1a1755d7ec8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ac:19:09:89:fa:cc:c5:ee:90:61:09:1c:35:
                    7c:7a:c2:04:f8:7f:46:4d:93:b4:c3:a4:27:31:11:
                    13:a7:09:e0:22:b2:8f:81:80:b2:a4:25:53:c9:a2:
                    b5:b4:d5:da:aa:e4:5d:48:a2:8e:e7:96:85:3a:01:
                    78:cf:18:5f:c7:fd:97:8a:71:36:55:22:3a:b3:87:
                    79:fd:fc:71:79:10:f3:4e:b4:4e:1b:41:08:e0:77:
                    cb:6b:3d:38:f9:ce:58:f9:b6:cb:b3:52:bb:09:5d:
                    84:f9:49:82:66:09:95:0e:cb:47:70:95:6a:2d:58:
                    ca:22:7c:15:f1:70:03:49:c6:19:1c:c1:0c:fd:42:
                    00:58:fa:73:a4:20:f2:32:92:e3:75:59:65:ef:60:
                    4a:7f:d9:c2:73:96:26:8c:3b:54:ed:ff:2d:eb:6f:
                    13:6e:d8:68:cd:94:4c:78:1d:04:36:32:5f:5d:17:
                    f3:5f:51:51:a4:bb:3e:42:a4:ed:01:1d:99:d3:be:
                    c2:ba:29:65:d9:ed:90:f4:e4:fc:bd:82:73:c1:29:
                    33:a7:f7:3d:86:0a:39:40:15:d0:ed:eb:3f:46:94:
                    06:2a:1b:a0:f5:c9:66:57:62:44:8e:72:89:2b:ef:
                    f9:de:4f:15:0c:1f:05:e3:d3:52:02:4d:c3:d2:a5:
                    15:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:09:51:06:B2:C3:7B:29:F7:4D:38:FC:66:D1:A1:75:5D:7E:C8:AD
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/yQlRBrLDeyn3TTj8ZtGhdV1-yK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:4f:12:c3:27:7a:3e:75:d2:2a:b2:87:78:f7:20:9e:e8:b9:
         79:ec:66:cb:56:e8:6d:b4:66:41:22:48:db:cf:79:96:f5:a0:
         78:db:89:66:04:83:dc:25:9a:95:ff:0c:50:bd:0c:67:8c:77:
         14:d1:95:2e:fc:68:1e:d1:36:95:90:0e:1e:b6:83:a3:40:28:
         69:b5:0f:99:60:25:5f:af:44:22:30:2b:5e:cc:0c:e9:e3:55:
         e3:8b:0e:80:e7:21:0d:5e:bd:f4:6a:d0:5e:8a:8e:11:c3:dc:
         af:11:91:20:d3:9e:70:75:52:1e:8d:15:ff:48:a3:30:aa:c9:
         ca:1f:b3:35:c7:cb:d4:d3:f9:fc:2a:74:42:49:d1:26:aa:02:
         04:64:4e:fa:34:13:c2:b5:a3:94:fe:b1:c5:7b:49:82:13:84:
         a1:12:33:b4:4a:80:90:1b:2a:c9:a2:8e:e4:8b:84:e0:ac:69:
         2d:20:e8:eb:4e:63:92:9a:b5:f7:b5:ad:3c:c7:53:67:c9:df:
         c5:6c:b5:8c:e5:b6:e1:32:b3:0e:e7:4d:71:1c:fb:98:c5:86:
         01:f7:91:5a:db:96:a6:1c:85:df:60:00:eb:f0:5b:35:be:d8:
         ac:d2:48:fd:85:22:5d:98:c0:8f:1a:09:19:5d:3e:d6:e8:28:
         a4:5a:53:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSaTttmwcT/FQdAPX0sBM2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTI0MjE1NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTA5NTEwNmIyYzM3YjI5Zjc0ZDM4ZmM2NmQxYTE3NTVkN2VjOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsawZCYn6zMXukGEJHDV8esIE+H9G
TZO0w6QnMRETpwngIrKPgYCypCVTyaK1tNXaquRdSKKO55aFOgF4zxhfx/2XinE2
VSI6s4d5/fxxeRDzTrROG0EI4HfLaz04+c5Y+bbLs1K7CV2E+UmCZgmVDstHcJVq
LVjKInwV8XADScYZHMEM/UIAWPpzpCDyMpLjdVll72BKf9nCc5YmjDtU7f8t628T
bthozZRMeB0ENjJfXRfzX1FRpLs+QqTtAR2Z077Cuill2e2Q9OT8vYJzwSkzp/c9
hgo5QBXQ7es/RpQGKhug9clmV2JEjnKJK+/53k8VDB8F49NSAk3D0qUVeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkJUQayw3sp9004/GbRoXVdfsitMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEveVFsUkJyTERleW4zVFRqOFp0R2hkVjEteUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY08MA0G
CSqGSIb3DQEBCwUAA4IBAQAETxLDJ3o+ddIqsod49yCe6Ll57GbLVuhttGZBIkjb
z3mW9aB424lmBIPcJZqV/wxQvQxnjHcU0ZUu/Gge0TaVkA4etoOjQChptQ+ZYCVf
r0QiMCtezAzp41Xjiw6A5yENXr30atBeio4Rw9yvEZEg055wdVIejRX/SKMwqsnK
H7M1x8vU0/n8KnRCSdEmqgIEZE76NBPCtaOU/rHFe0mCE4ShEjO0SoCQGyrJoo7k
i4TgrGktIOjrTmOSmrX3ta08x1Nnyd/FbLWM5bbhMrMO501xHPuYxYYB95Fa25am
HIXfYADr8Fs1vtis0kj9hSJdmMCPGgkZXT7W6CikWlNo
-----END CERTIFICATE-----