Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/YNsr_5P4r55GcYRgepoJw-2CgE0.roa
File:                     YNsr_5P4r55GcYRgepoJw-2CgE0.roa (raw, json)
Hash identifier:          WHzCxv5o3dL4wse8Q9+m9HzdHwqPlfDZUDoafDrKxec=
Subject key identifier:   60:DB:2B:FF:93:F8:AF:9E:46:71:84:60:7A:9A:09:C3:ED:82:80:4D
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018D222C1890017B28469938D7C82995C2AF
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/YNsr_5P4r55GcYRgepoJw-2CgE0.roa
Signing time:             Fri 19 Jan 2024 14:42:11 +0000
ROA not before:           Fri 19 Jan 2024 14:42:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.81.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:2c:18:90:01:7b:28:46:99:38:d7:c8:29:95:c2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 19 14:42:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60db2bff93f8af9e467184607a9a09c3ed82804d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:81:91:3b:e9:92:39:8c:83:7e:52:f2:f3:df:
                    55:41:28:f5:db:eb:00:54:57:a4:a1:0e:37:70:9f:
                    2c:d3:a6:b4:0d:a3:20:f4:99:d6:1f:6f:67:0c:f7:
                    8b:f2:43:2d:3b:4f:8e:b1:6d:89:92:ce:63:71:2f:
                    74:19:bc:4a:11:96:37:e6:1f:11:be:b1:c0:11:ee:
                    a2:49:ac:99:c4:e0:9c:a5:82:aa:07:12:70:b9:c1:
                    8b:5a:1c:b6:42:e8:e8:3c:5f:33:f8:ba:2d:35:1d:
                    11:89:73:10:e5:1b:aa:b9:a2:1e:7a:ba:dc:c7:cb:
                    a1:52:48:a7:3e:25:b6:08:db:35:6e:29:bd:2d:65:
                    5f:43:11:db:49:14:43:0b:e2:02:f2:e6:e4:af:84:
                    0f:52:6b:4a:6c:2a:46:eb:67:68:ec:5c:30:3a:fc:
                    5d:f4:3b:4c:6c:78:a1:e8:fa:f5:0f:81:72:81:f9:
                    58:d7:88:40:33:ae:05:af:8c:70:36:2a:fb:78:5c:
                    e4:37:b9:85:30:10:98:16:42:d6:d8:dc:07:e4:93:
                    47:ab:e4:90:57:59:23:a2:fc:7c:c1:f5:65:4a:38:
                    a7:97:6c:55:66:6a:1b:64:71:e9:4a:60:97:6b:c4:
                    e2:76:24:9c:a7:18:fb:6f:87:70:93:b4:37:aa:fe:
                    b3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DB:2B:FF:93:F8:AF:9E:46:71:84:60:7A:9A:09:C3:ED:82:80:4D
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/YNsr_5P4r55GcYRgepoJw-2CgE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:d5:9c:eb:dc:a8:b0:66:85:f0:fa:70:d5:3e:76:aa:02:3c:
         87:6e:cd:29:1e:53:d7:bb:fd:94:1f:08:42:7f:0c:cc:4f:06:
         2f:58:51:5a:6e:cf:8e:76:06:fe:6b:92:2e:d3:c1:fd:e7:07:
         09:5d:a7:e3:28:ae:68:79:a5:59:bf:97:9c:0e:4c:01:5e:51:
         61:cb:74:ec:18:40:2e:20:b3:a8:53:81:a1:b2:94:1b:0a:b9:
         2e:84:8d:8b:17:c1:eb:a8:f3:d0:7d:29:e8:3b:bb:fe:a3:2a:
         42:ef:1f:86:b7:05:98:75:89:d1:88:3e:c4:88:d2:b0:68:2b:
         4b:84:ef:03:63:b3:78:df:89:3c:98:a0:13:47:c8:9d:87:2c:
         33:c7:86:11:e7:f8:9b:8d:08:7d:a4:6e:64:a9:91:53:63:d8:
         7b:cf:f4:18:fa:66:b9:6d:fd:26:7c:76:a6:a4:5b:78:29:10:
         19:71:ca:cf:79:9f:62:2d:e7:1e:ab:66:44:de:88:b6:fc:b9:
         91:fb:63:fa:b5:6a:40:f7:3e:10:99:81:a6:84:f0:df:36:bf:
         2b:7f:b7:c3:a6:30:c1:86:e0:df:6f:b3:9c:a9:88:9a:ac:db:
         d1:51:e0:0d:cc:4a:d8:1e:89:12:4b:0d:ac:00:10:c6:5e:93:
         7b:54:67:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0iLBiQAXsoRpk418gplcKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTE5MTQ0MjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRiMmJmZjkzZjhhZjllNDY3MTg0NjA3YTlhMDljM2VkODI4MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYGRO+mSOYyDflLy899VQSj12+sA
VFekoQ43cJ8s06a0DaMg9JnWH29nDPeL8kMtO0+OsW2Jks5jcS90GbxKEZY35h8R
vrHAEe6iSayZxOCcpYKqBxJwucGLWhy2QujoPF8z+LotNR0RiXMQ5RuquaIeerrc
x8uhUkinPiW2CNs1bim9LWVfQxHbSRRDC+IC8ubkr4QPUmtKbCpG62do7FwwOvxd
9DtMbHih6Pr1D4FygflY14hAM64Fr4xwNir7eFzkN7mFMBCYFkLW2NwH5JNHq+SQ
V1kjovx8wfVlSjinl2xVZmobZHHpSmCXa8TidiScpxj7b4dwk7Q3qv6zYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDbK/+T+K+eRnGEYHqaCcPtgoBNMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvWU5zcl81UDRyNTVHY1lSZ2Vwb0p3LTJDZ0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVFwMA0G
CSqGSIb3DQEBCwUAA4IBAQCL1Zzr3KiwZoXw+nDVPnaqAjyHbs0pHlPXu/2UHwhC
fwzMTwYvWFFabs+Odgb+a5Iu08H95wcJXafjKK5oeaVZv5ecDkwBXlFhy3TsGEAu
ILOoU4GhspQbCrkuhI2LF8HrqPPQfSnoO7v+oypC7x+GtwWYdYnRiD7EiNKwaCtL
hO8DY7N434k8mKATR8idhywzx4YR5/ibjQh9pG5kqZFTY9h7z/QY+ma5bf0mfHam
pFt4KRAZccrPeZ9iLeceq2ZE3oi2/LmR+2P6tWpA9z4QmYGmhPDfNr8rf7fDpjDB
huDfb7OcqYiarNvRUeANzErYHokSSw2sABDGXpN7VGc8
-----END CERTIFICATE-----