Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/iULy8Djl5_TRgw9hP5o9m5dr8_I.roa
File:                     iULy8Djl5_TRgw9hP5o9m5dr8_I.roa (raw, json)
Hash identifier:          X9gVLxAwGXxjXDVoXh2pcgB/+kq9kXhcfltwOHw8Pjw=
Subject key identifier:   89:42:F2:F0:38:E5:E7:F4:D1:83:0F:61:3F:9A:3D:9B:97:6B:F3:F2
Certificate issuer:       /CN=411a2a9405bda1671c10776f4426273c904e4ad0
Certificate serial:       018CC801E97F87C00D29C3AAB783C863A298
Authority key identifier: 41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/iULy8Djl5_TRgw9hP5o9m5dr8_I.roa
Signing time:             Tue 02 Jan 2024 02:30:17 +0000
ROA not before:           Tue 02 Jan 2024 02:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.11.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e9:7f:87:c0:0d:29:c3:aa:b7:83:c8:63:a2:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a2a9405bda1671c10776f4426273c904e4ad0
        Validity
            Not Before: Jan  2 02:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8942f2f038e5e7f4d1830f613f9a3d9b976bf3f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:e2:1b:3f:e8:77:35:00:f9:84:8d:07:bf:01:
                    1c:27:21:ca:83:82:fe:ec:4e:2f:00:cc:f6:7a:fd:
                    81:66:d7:ef:af:03:ce:10:11:fd:b3:d0:81:c0:5b:
                    61:59:96:32:50:8b:a8:15:09:33:40:d3:5f:f8:d5:
                    bb:8e:94:0e:b3:86:2b:ea:df:ed:43:5d:49:30:98:
                    6b:99:3d:31:97:c5:72:96:73:09:bf:be:ab:a0:14:
                    c8:49:63:6d:b5:1d:6d:ec:9e:f8:04:af:a8:b3:16:
                    5f:fc:88:37:83:d3:9e:8c:9e:11:87:37:af:4c:b4:
                    b7:fe:9a:20:99:79:f9:ea:8c:5e:06:f0:c4:d8:e2:
                    8c:a8:e4:79:d2:1d:ce:d5:7d:ea:ef:13:70:c8:8d:
                    a8:8c:9f:55:8b:7e:71:7d:5f:4d:8f:b4:16:40:5d:
                    6e:77:f0:4c:83:a2:67:36:d4:2f:48:2f:73:b6:4f:
                    bb:98:6e:43:6b:7e:16:a4:ac:de:04:23:7a:4e:09:
                    5c:ba:85:5e:42:d0:75:b8:6a:d8:22:96:45:d8:ec:
                    58:ef:0a:1c:a6:1f:80:aa:ba:b4:25:46:0f:85:31:
                    f5:3a:d5:a8:b1:dd:09:28:c2:4c:c7:22:24:38:e4:
                    9d:da:e2:3a:d5:c6:f9:d0:04:fd:a4:ae:d9:3d:37:
                    52:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:42:F2:F0:38:E5:E7:F4:D1:83:0F:61:3F:9A:3D:9B:97:6B:F3:F2
            X509v3 Authority Key Identifier:
                keyid:41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/iULy8Djl5_TRgw9hP5o9m5dr8_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:13:43:6a:b8:c1:f6:51:c3:1a:7d:ff:dc:05:44:aa:8f:60:
         24:10:6d:58:e0:ac:40:93:c3:8b:59:90:28:17:42:95:a4:bd:
         c9:e4:28:ca:0b:a1:67:d9:43:cb:e5:98:0a:1f:e6:68:8b:bf:
         cf:76:b4:e6:0a:33:57:0b:b5:a7:bb:f3:f9:f5:c2:fd:4d:d9:
         dc:fa:a3:80:c6:e3:d0:34:63:3e:36:e4:87:76:d4:b0:35:9f:
         7d:2e:13:bb:74:c8:44:a7:62:a8:eb:36:0d:d2:57:33:c1:b8:
         4c:a9:b4:91:51:3f:dd:4b:60:a3:4f:c6:ec:aa:2a:2d:86:c8:
         da:d8:1b:74:07:e3:97:53:8b:be:65:c9:56:af:ab:e3:c0:79:
         bd:08:c1:97:13:b4:de:45:2b:68:77:29:4f:e8:bd:e3:e7:f3:
         bd:46:78:50:77:64:14:2d:aa:bb:24:c7:48:e1:93:af:07:f6:
         21:ed:97:ca:51:04:f0:bc:4f:ff:6e:e8:e2:8f:ec:c9:e7:0b:
         2a:0f:93:93:9c:32:f6:8c:d7:33:ec:d0:78:e4:e0:bf:d2:45:
         aa:1d:7e:e2:9f:68:e2:36:53:8b:38:51:ae:f0:89:b8:47:9c:
         c0:e3:08:65:22:f5:d8:8b:0d:94:98:52:ae:41:a9:59:da:5c:
         a3:f5:2f:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAel/h8ANKcOqt4PIY6KYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWEyYTk0MDViZGExNjcxYzEwNzc2ZjQ0MjYyNzNjOTA0
ZTRhZDAwHhcNMjQwMTAyMDIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQyZjJmMDM4ZTVlN2Y0ZDE4MzBmNjEzZjlhM2Q5Yjk3NmJmM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8eIbP+h3NQD5hI0HvwEcJyHKg4L+
7E4vAMz2ev2BZtfvrwPOEBH9s9CBwFthWZYyUIuoFQkzQNNf+NW7jpQOs4Yr6t/t
Q11JMJhrmT0xl8VylnMJv76roBTISWNttR1t7J74BK+osxZf/Ig3g9OejJ4Rhzev
TLS3/pogmXn56oxeBvDE2OKMqOR50h3O1X3q7xNwyI2ojJ9Vi35xfV9Nj7QWQF1u
d/BMg6JnNtQvSC9ztk+7mG5Da34WpKzeBCN6TglcuoVeQtB1uGrYIpZF2OxY7woc
ph+Aqrq0JUYPhTH1OtWosd0JKMJMxyIkOOSd2uI61cb50AT9pK7ZPTdSIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlC8vA45ef00YMPYT+aPZuXa/PyMB8GA1UdIwQY
MBaAFEEaKpQFvaFnHBB3b0QmJzyQTkrQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQt
OGM1MmU2NjZhOGEyLzEvaVVMeThEamw1X1RSZ3c5aFA1bzltNWRyOF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQtOGM1MmU2NjZhOGEy
LzEvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCqE0NquMH2UcMaff/cBUSqj2AkEG1Y4KxAk8OLWZAo
F0KVpL3J5CjKC6Fn2UPL5ZgKH+Zoi7/PdrTmCjNXC7Wnu/P59cL9Tdnc+qOAxuPQ
NGM+NuSHdtSwNZ99LhO7dMhEp2Ko6zYN0lczwbhMqbSRUT/dS2CjT8bsqiothsja
2Bt0B+OXU4u+ZclWr6vjwHm9CMGXE7TeRStodylP6L3j5/O9RnhQd2QULaq7JMdI
4ZOvB/Yh7ZfKUQTwvE//bujij+zJ5wsqD5OTnDL2jNcz7NB45OC/0kWqHX7in2ji
NlOLOFGu8Im4R5zA4whlIvXYiw2UmFKuQalZ2lyj9S8N
-----END CERTIFICATE-----