Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/g7bUe-XEO535PLlzmkkAaQaOYbI.roa
File:                     g7bUe-XEO535PLlzmkkAaQaOYbI.roa (raw, json)
Hash identifier:          IKhWteG8zk9LMzyMjzaQ7lr2AZ3UINsHdfECYS0cxc4=
Subject key identifier:   83:B6:D4:7B:E5:C4:3B:9D:F9:3C:B9:73:9A:49:00:69:06:8E:61:B2
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E66019B5EB4F024B91B2046E7D0FDBEFF
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/g7bUe-XEO535PLlzmkkAaQaOYbI.roa
Signing time:             Fri 22 Mar 2024 11:52:45 +0000
ROA not before:           Fri 22 Mar 2024 11:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        45.94.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:01:9b:5e:b4:f0:24:b9:1b:20:46:e7:d0:fd:be:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 22 11:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83b6d47be5c43b9df93cb9739a490069068e61b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:df:0a:db:33:73:09:d0:1a:e0:23:70:ab:d7:
                    3d:02:29:2c:64:b4:79:f2:75:f1:6f:e2:97:6d:16:
                    63:1a:b8:ec:29:32:da:22:47:e4:ff:5a:4c:22:2d:
                    75:5f:de:83:0d:63:4d:5c:06:e2:e6:8d:6f:8c:ef:
                    bf:7e:51:27:8f:9e:03:b4:2b:ff:9d:d1:b6:24:74:
                    b3:d9:e2:0b:14:55:9d:de:3a:81:3e:24:af:46:e8:
                    66:7f:b4:51:87:52:77:78:35:27:b1:2b:81:d9:ab:
                    a1:0c:85:6b:38:5a:51:58:b5:17:bf:e2:2b:6b:c6:
                    0b:5b:35:12:1c:8a:5c:85:83:e8:34:2d:3f:a8:dc:
                    f7:f4:87:98:66:ca:bf:df:44:48:ca:bd:23:28:15:
                    74:59:0c:6d:3e:cf:07:c6:f2:94:67:34:cf:5c:c3:
                    6b:d9:3a:1b:0b:a3:10:da:c2:52:74:8e:f3:80:85:
                    2b:b6:c1:9d:cc:44:11:c7:68:de:5b:06:54:04:c4:
                    a2:e1:ed:c3:af:e8:93:6e:a9:18:32:be:41:b0:66:
                    48:4d:df:28:cd:7c:6f:2d:ae:f6:66:64:90:d7:ae:
                    f6:24:ff:5b:d3:c5:33:1e:2c:ce:c0:dc:1c:ab:63:
                    48:8c:13:03:22:b2:a9:65:79:56:82:f7:aa:29:57:
                    ef:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B6:D4:7B:E5:C4:3B:9D:F9:3C:B9:73:9A:49:00:69:06:8E:61:B2
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/g7bUe-XEO535PLlzmkkAaQaOYbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:2c:93:fd:50:66:0d:f0:9e:7e:92:8f:81:d2:3f:80:df:90:
         23:f5:28:8e:9c:8a:0f:d4:c8:4f:47:e3:e0:d2:1c:12:49:b3:
         4d:8f:e4:55:96:f7:dc:72:73:31:94:72:5c:14:43:aa:b1:15:
         27:63:a7:0d:1c:00:20:79:bc:66:d8:6c:33:f6:1a:5a:57:19:
         6b:b4:8e:a7:80:a8:27:87:81:ff:15:25:7a:5f:19:1f:80:c6:
         eb:78:6d:13:97:46:53:24:01:b1:f6:07:8a:07:25:6b:94:2a:
         f6:e4:72:be:9c:9d:88:b0:a0:2c:e9:ea:2c:df:5b:4a:1e:a3:
         3a:44:50:48:7d:71:50:aa:eb:19:be:2a:b8:07:cf:26:58:ac:
         a1:ab:5d:c0:4c:43:08:60:61:29:be:ba:24:b6:04:24:34:9a:
         e9:78:61:fb:3b:f9:b0:58:fa:1f:02:eb:d4:fc:97:80:0e:d3:
         38:68:a6:19:4e:8b:49:07:e6:b8:bb:4b:2b:98:24:f8:ce:c0:
         95:9c:2c:11:f4:a4:57:d4:c0:67:9a:2e:f8:6b:81:a6:a2:3b:
         86:8d:38:bc:87:79:44:51:8a:cb:10:25:8d:2c:7e:91:8a:b7:
         f3:b0:ca:0b:d9:02:e6:da:d1:b3:69:f2:e8:46:6f:02:16:77:
         32:0d:ca:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mAZtetPAkuRsgRufQ/b7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzIyMTE1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I2ZDQ3YmU1YzQzYjlkZjkzY2I5NzM5YTQ5MDA2OTA2OGU2MWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid8K2zNzCdAa4CNwq9c9AiksZLR5
8nXxb+KXbRZjGrjsKTLaIkfk/1pMIi11X96DDWNNXAbi5o1vjO+/flEnj54DtCv/
ndG2JHSz2eILFFWd3jqBPiSvRuhmf7RRh1J3eDUnsSuB2auhDIVrOFpRWLUXv+Ir
a8YLWzUSHIpchYPoNC0/qNz39IeYZsq/30RIyr0jKBV0WQxtPs8HxvKUZzTPXMNr
2TobC6MQ2sJSdI7zgIUrtsGdzEQRx2jeWwZUBMSi4e3Dr+iTbqkYMr5BsGZITd8o
zXxvLa72ZmSQ1672JP9b08UzHizOwNwcq2NIjBMDIrKpZXlWgveqKVfvKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO21HvlxDud+Ty5c5pJAGkGjmGyMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZzdiVWUtWEVPNTM1UExsem1ra0FhUWFPWWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6rMA0G
CSqGSIb3DQEBCwUAA4IBAQA7LJP9UGYN8J5+ko+B0j+A35Aj9SiOnIoP1MhPR+Pg
0hwSSbNNj+RVlvfccnMxlHJcFEOqsRUnY6cNHAAgebxm2Gwz9hpaVxlrtI6ngKgn
h4H/FSV6XxkfgMbreG0Tl0ZTJAGx9geKByVrlCr25HK+nJ2IsKAs6eos31tKHqM6
RFBIfXFQqusZviq4B88mWKyhq13ATEMIYGEpvroktgQkNJrpeGH7O/mwWPofAuvU
/JeADtM4aKYZTotJB+a4u0srmCT4zsCVnCwR9KRX1MBnmi74a4GmojuGjTi8h3lE
UYrLECWNLH6RirfzsMoL2QLm2tGzafLoRm8CFncyDcoJ
-----END CERTIFICATE-----