Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/CYFUFtBXinMco7TH1PiEpiFEfxo.roa
File:                     CYFUFtBXinMco7TH1PiEpiFEfxo.roa (raw, json)
Hash identifier:          1016wnrUTtBGlCS+fBWdGY57lWyOa1AiD8ccI6zK1WU=
Subject key identifier:   09:81:54:16:D0:57:8A:73:1C:A3:B4:C7:D4:F8:84:A6:21:44:7F:1A
Certificate issuer:       /CN=b68a994e42e60da4f4a5475b15f5e27516c7cf14
Certificate serial:       018CC8012A6ACC27B247183324B81BC7CB2A
Authority key identifier: B6:8A:99:4E:42:E6:0D:A4:F4:A5:47:5B:15:F5:E2:75:16:C7:CF:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toqZTkLmDaT0pUdbFfXidRbHzxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/CYFUFtBXinMco7TH1PiEpiFEfxo.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46616
IP address blocks:        45.149.121.0/24 maxlen: 24
                          45.149.120.0/22 maxlen: 22
                          45.149.120.0/24 maxlen: 24
                          45.149.123.0/24 maxlen: 24
                          45.149.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/toqZTkLmDaT0pUdbFfXidRbHzxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/toqZTkLmDaT0pUdbFfXidRbHzxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toqZTkLmDaT0pUdbFfXidRbHzxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2a:6a:cc:27:b2:47:18:33:24:b8:1b:c7:cb:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68a994e42e60da4f4a5475b15f5e27516c7cf14
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09815416d0578a731ca3b4c7d4f884a621447f1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ca:3a:69:43:7a:64:c3:17:ea:8c:d0:46:38:
                    0d:2c:df:77:0b:64:b6:f0:bf:0e:d4:02:65:0c:fa:
                    33:b9:49:c4:a5:f6:98:68:a1:6c:8b:98:a5:c5:88:
                    7c:1f:06:05:64:e7:4b:f3:3a:7d:6c:df:74:d6:ba:
                    f3:5d:f3:d4:89:24:23:a5:b1:05:27:62:88:79:b4:
                    a4:f7:1e:a8:68:48:07:ab:ee:e3:52:42:95:6e:1f:
                    bf:f7:da:3c:16:eb:5c:36:d5:ba:dd:07:89:66:17:
                    89:1c:07:64:ca:99:bd:9d:db:c7:db:3f:9c:61:61:
                    97:2e:f7:b9:67:5c:5e:fc:3c:f5:1b:5e:82:19:44:
                    6a:1b:37:c1:91:f6:6e:c0:3a:14:9a:f2:78:75:80:
                    6f:d8:c1:62:c8:33:1b:9d:2f:0b:1d:fc:fb:af:0b:
                    59:da:f3:a4:b9:e8:41:43:5d:80:ee:d5:fd:d8:01:
                    7e:06:27:f2:4f:5b:49:a4:83:e3:0d:28:5d:32:f4:
                    1e:a1:78:fe:9d:34:a8:14:f7:56:82:43:2f:eb:fa:
                    93:bf:36:9e:8b:73:79:9f:ee:43:8f:e1:9e:a7:2f:
                    e7:de:db:06:5f:d7:42:7c:35:ca:b4:97:db:25:e0:
                    e9:b4:ad:9f:28:57:a5:4d:49:6c:77:74:a0:00:cf:
                    a6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:81:54:16:D0:57:8A:73:1C:A3:B4:C7:D4:F8:84:A6:21:44:7F:1A
            X509v3 Authority Key Identifier:
                keyid:B6:8A:99:4E:42:E6:0D:A4:F4:A5:47:5B:15:F5:E2:75:16:C7:CF:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toqZTkLmDaT0pUdbFfXidRbHzxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/CYFUFtBXinMco7TH1PiEpiFEfxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/toqZTkLmDaT0pUdbFfXidRbHzxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:63:a4:5e:11:5d:b4:01:e0:5c:3a:38:54:81:08:fb:cc:9c:
         cd:f0:92:ae:7e:bc:4a:2b:c4:c5:15:0e:b5:ed:03:1a:59:6d:
         df:cf:36:19:cc:27:45:d7:31:42:3e:a5:a1:57:51:1a:36:a9:
         86:ce:64:2e:d7:58:41:62:6c:c4:0c:4e:4f:33:db:23:20:12:
         c8:18:51:22:65:ec:26:d7:a4:26:36:70:47:66:5a:aa:5e:10:
         58:cf:0d:d8:ec:89:a9:46:d5:3b:4e:19:a7:b4:ff:45:ec:a4:
         4d:bf:d0:71:f0:bc:8a:bc:49:9b:98:60:51:54:07:df:df:eb:
         3f:de:a0:b8:c2:ea:89:11:3c:6e:98:77:77:df:99:14:ce:53:
         b8:4f:c3:4d:49:c0:12:c2:5b:a9:3f:97:c4:44:22:8b:08:d9:
         d6:75:db:f1:60:9e:7d:36:16:43:f2:f1:2e:32:cc:f4:af:73:
         14:ba:83:37:5a:a7:c0:fe:07:b3:60:d7:6e:26:fe:97:fb:78:
         88:9d:d7:18:39:df:f2:09:ef:0e:d5:94:56:ef:f8:79:e4:6a:
         96:fe:66:7f:73:0f:64:9b:2c:2b:6f:c6:fb:1c:dd:ad:50:b4:
         a6:b4:5e:60:0e:8c:4f:07:98:30:68:59:61:f2:c5:83:be:9e:
         e8:39:f9:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASpqzCeyRxgzJLgbx8sqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGE5OTRlNDJlNjBkYTRmNGE1NDc1YjE1ZjVlMjc1MTZj
N2NmMTQwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTgxNTQxNmQwNTc4YTczMWNhM2I0YzdkNGY4ODRhNjIxNDQ3ZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsco6aUN6ZMMX6ozQRjgNLN93C2S2
8L8O1AJlDPozuUnEpfaYaKFsi5ilxYh8HwYFZOdL8zp9bN901rrzXfPUiSQjpbEF
J2KIebSk9x6oaEgHq+7jUkKVbh+/99o8FutcNtW63QeJZheJHAdkypm9ndvH2z+c
YWGXLve5Z1xe/Dz1G16CGURqGzfBkfZuwDoUmvJ4dYBv2MFiyDMbnS8LHfz7rwtZ
2vOkuehBQ12A7tX92AF+BifyT1tJpIPjDShdMvQeoXj+nTSoFPdWgkMv6/qTvzae
i3N5n+5Dj+Gepy/n3tsGX9dCfDXKtJfbJeDptK2fKFelTUlsd3SgAM+mSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmBVBbQV4pzHKO0x9T4hKYhRH8aMB8GA1UdIwQY
MBaAFLaKmU5C5g2k9KVHWxX14nUWx88UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG9xWlRrTG1EYVQwcFVkYkZmWGlkUmJIenhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9mMzgwNGQtZThhZC00ZDA4LTk5MGUt
YmQzYmViY2RkZWIzLzEvQ1lGVUZ0Qlhpbk1jbzdUSDFQaUVwaUZFZnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9mMzgwNGQtZThhZC00ZDA4LTk5MGUtYmQzYmViY2RkZWIz
LzEvdG9xWlRrTG1EYVQwcFVkYkZmWGlkUmJIenhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZV4MA0G
CSqGSIb3DQEBCwUAA4IBAQAUY6ReEV20AeBcOjhUgQj7zJzN8JKufrxKK8TFFQ61
7QMaWW3fzzYZzCdF1zFCPqWhV1EaNqmGzmQu11hBYmzEDE5PM9sjIBLIGFEiZewm
16QmNnBHZlqqXhBYzw3Y7ImpRtU7ThmntP9F7KRNv9Bx8LyKvEmbmGBRVAff3+s/
3qC4wuqJETxumHd335kUzlO4T8NNScASwlupP5fERCKLCNnWddvxYJ59NhZD8vEu
Msz0r3MUuoM3WqfA/gezYNduJv6X+3iIndcYOd/yCe8O1ZRW7/h55GqW/mZ/cw9k
mywrb8b7HN2tULSmtF5gDoxPB5gwaFlh8sWDvp7oOfnd
-----END CERTIFICATE-----