Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/k9cjJislu3oJGdl3ut_nMHIl2jw.roa
File:                     k9cjJislu3oJGdl3ut_nMHIl2jw.roa (raw, json)
Hash identifier:          YIxF3hK5O//WNji6VHvQKERR8hb87ZRhk24J767nGlI=
Subject key identifier:   93:D7:23:26:2B:25:BB:7A:09:19:D9:77:BA:DF:E7:30:72:25:DA:3C
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F47D18E4DB21E7F76C7B9C7E32A16
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/k9cjJislu3oJGdl3ut_nMHIl2jw.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        45.151.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:47:d1:8e:4d:b2:1e:7f:76:c7:b9:c7:e3:2a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93d723262b25bb7a0919d977badfe7307225da3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:30:11:6b:a5:38:07:40:01:10:99:bb:d5:c6:
                    b4:fc:6f:25:c7:28:f9:a1:67:b3:95:ac:4b:da:cc:
                    a4:1a:62:4f:78:85:1f:c7:4e:08:54:40:ae:6e:5f:
                    76:36:96:67:da:f5:04:d6:8a:93:64:fa:04:5d:91:
                    42:29:4d:ad:02:36:bf:29:f3:1f:1a:3e:66:d3:b3:
                    3d:0c:16:c8:fb:30:2a:dc:8f:f5:f7:2a:f7:5f:46:
                    24:69:a5:6b:02:2d:70:68:19:fc:7c:c4:7e:f0:3b:
                    68:d0:b4:a9:45:71:df:7a:6b:a9:3b:63:ee:d9:0d:
                    fb:d7:14:c4:be:18:3d:4c:4d:94:cc:bc:c8:b4:a5:
                    c7:18:c0:48:3b:d5:3a:ab:e1:ca:75:84:b0:0c:37:
                    13:02:ba:be:e5:14:ad:cf:e9:ad:36:5c:c6:2b:85:
                    10:23:0c:b0:40:f8:33:51:bb:cf:50:c4:d7:a6:f2:
                    8b:d8:33:d5:8a:14:3b:1e:39:65:90:18:65:56:ae:
                    71:81:ba:ba:38:9e:66:09:1e:63:6e:c2:ee:17:c8:
                    96:08:12:74:bf:6d:68:dd:cd:d5:cd:e9:b9:c0:50:
                    cf:8e:66:8a:21:78:a3:24:b2:ab:4b:84:29:28:44:
                    c3:b3:0b:60:90:fc:dc:b4:a1:e9:e8:ec:82:91:9c:
                    a7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D7:23:26:2B:25:BB:7A:09:19:D9:77:BA:DF:E7:30:72:25:DA:3C
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/k9cjJislu3oJGdl3ut_nMHIl2jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a8:90:bf:ea:03:5b:2c:82:d3:43:be:da:38:c8:e7:44:f4:
         f7:26:89:ab:7b:69:c7:5f:12:2e:81:31:80:aa:5a:b4:cc:ab:
         0a:69:e4:17:1d:53:af:1e:8e:32:0e:72:94:25:d5:e5:7f:7a:
         ee:b6:80:44:6b:b0:ec:df:73:e7:22:2e:1a:86:1c:14:1d:63:
         22:2b:a0:2b:c1:42:b5:cb:91:39:cb:d8:b8:a2:96:a7:02:b6:
         76:d9:f5:ac:f4:4b:62:10:3b:35:ef:32:a8:5f:9b:a6:a5:16:
         c7:ed:e8:55:36:65:28:68:4c:43:49:f0:9b:7d:40:c4:74:39:
         0d:e8:ca:ed:ea:04:d0:97:95:2c:f3:fc:ad:7f:6a:5d:0f:3e:
         55:9b:5e:c2:e0:a5:77:db:48:41:c4:38:0b:8a:42:e0:e5:2c:
         49:f0:57:c8:e1:14:93:30:06:2c:44:68:08:47:e2:39:ed:cc:
         e3:cc:80:de:84:9f:09:94:eb:c8:b6:ee:9e:c7:9f:28:37:6e:
         81:bc:19:ef:17:19:49:80:49:89:5b:ab:ac:ee:70:a2:c7:1b:
         ba:c5:d3:6d:18:be:2f:b3:9d:a6:39:25:ef:ae:47:23:31:5d:
         42:dd:ee:6f:ad:f3:4a:00:2a:22:1c:db:a7:34:85:8b:f2:b3:
         08:1d:a4:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0fRjk2yHn92x7nH4yoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2Q3MjMyNjJiMjViYjdhMDkxOWQ5NzdiYWRmZTczMDcyMjVkYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizARa6U4B0ABEJm71ca0/G8lxyj5
oWezlaxL2sykGmJPeIUfx04IVECubl92NpZn2vUE1oqTZPoEXZFCKU2tAja/KfMf
Gj5m07M9DBbI+zAq3I/19yr3X0YkaaVrAi1waBn8fMR+8Dto0LSpRXHfemupO2Pu
2Q371xTEvhg9TE2UzLzItKXHGMBIO9U6q+HKdYSwDDcTArq+5RStz+mtNlzGK4UQ
IwywQPgzUbvPUMTXpvKL2DPVihQ7HjllkBhlVq5xgbq6OJ5mCR5jbsLuF8iWCBJ0
v21o3c3Vzem5wFDPjmaKIXijJLKrS4QpKETDswtgkPzctKHp6OyCkZynsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPXIyYrJbt6CRnZd7rf5zByJdo8MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvazljakppc2x1M29KR2RsM3V0X25NSElsMmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZcBMA0G
CSqGSIb3DQEBCwUAA4IBAQBDqJC/6gNbLILTQ77aOMjnRPT3Jomre2nHXxIugTGA
qlq0zKsKaeQXHVOvHo4yDnKUJdXlf3rutoBEa7Ds33PnIi4ahhwUHWMiK6ArwUK1
y5E5y9i4opanArZ22fWs9EtiEDs17zKoX5umpRbH7ehVNmUoaExDSfCbfUDEdDkN
6Mrt6gTQl5Us8/ytf2pdDz5Vm17C4KV320hBxDgLikLg5SxJ8FfI4RSTMAYsRGgI
R+I57czjzIDehJ8JlOvItu6ex58oN26BvBnvFxlJgEmJW6us7nCixxu6xdNtGL4v
s52mOSXvrkcjMV1C3e5vrfNKACoiHNunNIWL8rMIHaSr
-----END CERTIFICATE-----