Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/3298e3-9a50-4cfb-84e6-d137ade166d1/1/_XvHpMGuz3-SsQBXn1besiVoOow.roa
File:                     _XvHpMGuz3-SsQBXn1besiVoOow.roa (raw, json)
Hash identifier:          9NaDIG8xMtmyk7XvKbBrcwzMin+GC7XIW56ITeHxjUA=
Subject key identifier:   FD:7B:C7:A4:C1:AE:CF:7F:92:B1:00:57:9F:56:DE:B2:25:68:3A:8C
Certificate issuer:       /CN=706d64134faa746293c0384edac0371950f3b224
Certificate serial:       018CC348B816B9A135A091D6521A32B47573
Authority key identifier: 70:6D:64:13:4F:AA:74:62:93:C0:38:4E:DA:C0:37:19:50:F3:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG1kE0-qdGKTwDhO2sA3GVDzsiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/3298e3-9a50-4cfb-84e6-d137ade166d1/1/_XvHpMGuz3-SsQBXn1besiVoOow.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201933
IP address blocks:        45.90.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/3298e3-9a50-4cfb-84e6-d137ade166d1/1/cG1kE0-qdGKTwDhO2sA3GVDzsiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/3298e3-9a50-4cfb-84e6-d137ade166d1/1/cG1kE0-qdGKTwDhO2sA3GVDzsiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG1kE0-qdGKTwDhO2sA3GVDzsiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b8:16:b9:a1:35:a0:91:d6:52:1a:32:b4:75:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d64134faa746293c0384edac0371950f3b224
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd7bc7a4c1aecf7f92b100579f56deb225683a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fb:eb:e0:33:56:6e:f1:cc:53:c3:bc:ad:de:
                    87:03:15:2d:85:fc:59:a0:a1:c9:21:f6:84:21:e0:
                    43:fc:96:4b:e2:ad:ca:c4:6a:ff:02:28:54:24:57:
                    d7:cc:37:b2:82:38:53:4a:11:b3:08:e0:9b:ff:06:
                    1f:9b:67:d8:62:e6:f3:98:4d:41:36:56:fe:34:65:
                    5f:82:39:8b:02:76:1a:9e:71:70:38:a9:40:cb:29:
                    8f:c1:9b:ae:e5:e5:b5:d1:8a:8b:cd:0b:48:56:6c:
                    6c:3a:a6:00:21:82:1f:2e:3c:3e:35:1f:5c:2a:94:
                    a7:7a:ad:20:9f:34:e3:42:8f:a2:6f:a4:eb:a0:66:
                    40:db:b6:a1:8d:05:a0:65:f9:0e:cc:60:6f:85:cd:
                    22:6d:59:18:04:97:57:e8:6e:7f:29:1b:e8:6c:a3:
                    6a:dc:28:36:fb:53:b1:9b:ec:50:0e:96:10:ef:e1:
                    82:49:41:2a:c3:7a:40:a1:50:51:2c:9b:88:c8:02:
                    bd:8d:a3:52:cb:69:2c:63:83:d9:60:c6:5b:56:70:
                    4c:7a:60:74:0f:ae:6c:ec:14:70:15:33:b3:96:b8:
                    e6:b7:61:43:47:3f:7c:c4:73:de:b5:4f:cf:0e:fe:
                    ed:45:ec:e8:8b:59:6d:29:5f:77:e5:b6:33:f0:e3:
                    cf:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:7B:C7:A4:C1:AE:CF:7F:92:B1:00:57:9F:56:DE:B2:25:68:3A:8C
            X509v3 Authority Key Identifier:
                keyid:70:6D:64:13:4F:AA:74:62:93:C0:38:4E:DA:C0:37:19:50:F3:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG1kE0-qdGKTwDhO2sA3GVDzsiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3298e3-9a50-4cfb-84e6-d137ade166d1/1/_XvHpMGuz3-SsQBXn1besiVoOow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3298e3-9a50-4cfb-84e6-d137ade166d1/1/cG1kE0-qdGKTwDhO2sA3GVDzsiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:94:30:ee:a7:b3:eb:3e:05:68:b3:63:da:eb:dc:99:d0:d0:
         1e:27:c6:7a:b0:a3:1f:15:47:68:c4:33:bd:91:c3:1b:47:a7:
         62:79:83:24:92:9b:b9:61:13:ac:61:de:82:e3:af:cd:c4:07:
         ba:37:8f:6d:d8:67:eb:8d:a8:93:26:2c:6d:ac:c1:1d:5a:ca:
         2e:44:0b:5a:a4:42:01:98:48:0f:00:84:94:32:dc:29:6f:b8:
         81:ef:d1:68:19:18:e6:bf:16:79:b8:ca:f8:9b:37:1a:c9:ad:
         33:31:98:95:b7:10:80:ad:ea:29:39:47:91:01:cd:08:8a:d8:
         ab:6a:1e:97:21:6f:a2:d3:96:bb:99:76:07:22:2a:e7:0f:bf:
         c9:a6:11:af:b4:08:0b:62:ac:f5:69:75:89:bf:04:35:5a:24:
         95:bf:48:fd:bd:7f:0a:3a:b3:cb:0c:aa:c5:e8:26:83:4c:36:
         fc:20:9c:91:13:ff:42:1d:92:42:d4:8b:ae:31:c8:01:79:70:
         2e:e8:c1:8e:1a:84:d9:35:1f:b5:12:f6:82:4f:62:4f:70:f0:
         1d:13:2b:31:8c:32:b9:b3:ed:1f:44:bb:bf:94:50:a3:8c:07:
         42:0e:d5:b3:22:d2:25:a6:66:71:6e:c7:b7:af:78:69:a1:e0:
         06:a7:66:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLgWuaE1oJHWUhoytHVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQ2NDEzNGZhYTc0NjI5M2MwMzg0ZWRhYzAzNzE5NTBm
M2IyMjQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDdiYzdhNGMxYWVjZjdmOTJiMTAwNTc5ZjU2ZGViMjI1NjgzYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvvr4DNWbvHMU8O8rd6HAxUthfxZ
oKHJIfaEIeBD/JZL4q3KxGr/AihUJFfXzDeygjhTShGzCOCb/wYfm2fYYubzmE1B
Nlb+NGVfgjmLAnYannFwOKlAyymPwZuu5eW10YqLzQtIVmxsOqYAIYIfLjw+NR9c
KpSneq0gnzTjQo+ib6TroGZA27ahjQWgZfkOzGBvhc0ibVkYBJdX6G5/KRvobKNq
3Cg2+1Oxm+xQDpYQ7+GCSUEqw3pAoVBRLJuIyAK9jaNSy2ksY4PZYMZbVnBMemB0
D65s7BRwFTOzlrjmt2FDRz98xHPetU/PDv7tRezoi1ltKV935bYz8OPPswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP17x6TBrs9/krEAV59W3rIlaDqMMB8GA1UdIwQY
MBaAFHBtZBNPqnRik8A4TtrANxlQ87IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cxa0UwLXFkR0tUd0RoTzJzQTNHVkR6c2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zMjk4ZTMtOWE1MC00Y2ZiLTg0ZTYt
ZDEzN2FkZTE2NmQxLzEvX1h2SHBNR3V6My1Tc1FCWG4xYmVzaVZvT293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zMjk4ZTMtOWE1MC00Y2ZiLTg0ZTYtZDEzN2FkZTE2NmQx
LzEvY0cxa0UwLXFkR0tUd0RoTzJzQTNHVkR6c2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVoqMA0G
CSqGSIb3DQEBCwUAA4IBAQCAlDDup7PrPgVos2Pa69yZ0NAeJ8Z6sKMfFUdoxDO9
kcMbR6dieYMkkpu5YROsYd6C46/NxAe6N49t2GfrjaiTJixtrMEdWsouRAtapEIB
mEgPAISUMtwpb7iB79FoGRjmvxZ5uMr4mzcaya0zMZiVtxCAreopOUeRAc0Iitir
ah6XIW+i05a7mXYHIirnD7/JphGvtAgLYqz1aXWJvwQ1WiSVv0j9vX8KOrPLDKrF
6CaDTDb8IJyRE/9CHZJC1IuuMcgBeXAu6MGOGoTZNR+1EvaCT2JPcPAdEysxjDK5
s+0fRLu/lFCjjAdCDtWzItIlpmZxbse3r3hpoeAGp2ZN
-----END CERTIFICATE-----