Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/YQ1mVr3oYRZIKJ5OpKHeQo2AE38.roa
File:                     YQ1mVr3oYRZIKJ5OpKHeQo2AE38.roa (raw, json)
Hash identifier:          H5iUtvWvgRxUqcEr7pRadkpRbNZQ9bIbYIXL2KvLR00=
Subject key identifier:   61:0D:66:56:BD:E8:61:16:48:28:9E:4E:A4:A1:DE:42:8D:80:13:7F
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       018CC492FF80063C8D7164C78CDEF4EB52A9
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/YQ1mVr3oYRZIKJ5OpKHeQo2AE38.roa
Signing time:             Mon 01 Jan 2024 10:30:17 +0000
ROA not before:           Mon 01 Jan 2024 10:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        45.90.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ff:80:06:3c:8d:71:64:c7:8c:de:f4:eb:52:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Jan  1 10:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=610d6656bde8611648289e4ea4a1de428d80137f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:06:be:40:c1:29:dc:df:82:96:2e:f9:8a:81:
                    b2:a7:47:f3:bd:ae:b1:3c:58:d5:ae:11:27:3f:31:
                    4f:44:9f:f9:48:44:ae:8c:80:0d:c8:cb:55:4f:6e:
                    b9:5d:8b:3b:d7:3f:16:73:4e:5d:bf:1e:f5:54:18:
                    b5:d4:a7:89:fd:e3:92:f3:d5:ca:43:79:49:45:eb:
                    7f:ab:ce:3b:f1:4d:e6:da:0f:08:e4:11:f0:ac:5b:
                    33:b4:53:55:3b:3d:87:04:bc:38:a2:45:c8:53:b1:
                    ce:01:bc:b9:22:1c:10:a3:9c:3b:a2:a6:f8:fd:1d:
                    22:0a:55:89:c5:cd:22:42:ee:85:19:af:b0:33:15:
                    34:1c:0b:af:7e:8b:dd:69:41:73:45:36:f2:41:79:
                    40:32:67:be:e1:6e:40:99:ee:37:5f:b6:b2:b8:4c:
                    ce:91:ed:5d:1b:2d:0c:21:73:31:09:31:a5:4d:f8:
                    54:be:3d:80:a3:b9:64:61:9e:a5:46:e1:07:4e:3a:
                    89:db:e4:e1:0f:13:f2:47:22:ef:a8:46:d6:6f:fc:
                    90:2b:35:58:b3:15:b7:54:9b:b8:b1:e3:6f:5f:9f:
                    a0:43:d1:d6:9e:a1:e6:2a:ee:23:0d:08:a6:f5:54:
                    a9:26:b8:77:de:73:3b:af:97:73:f2:4f:b8:15:fb:
                    58:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:0D:66:56:BD:E8:61:16:48:28:9E:4E:A4:A1:DE:42:8D:80:13:7F
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/YQ1mVr3oYRZIKJ5OpKHeQo2AE38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:78:fe:b8:53:14:e7:3f:bf:d3:4f:a8:d2:62:38:f5:04:8f:
         49:68:81:c6:1a:c5:a9:cb:e6:18:68:b3:ff:8b:8c:0f:7f:fa:
         1b:e5:25:31:09:47:f6:72:e5:06:36:99:51:ef:e4:44:76:da:
         2a:2f:45:da:56:a8:2d:67:c5:9e:db:b6:64:7b:23:bb:bc:12:
         82:7d:bd:b5:ab:75:5a:46:73:da:94:ec:d6:fa:2e:87:84:86:
         15:25:fc:a9:01:bf:10:45:ab:f9:d8:d1:d3:ef:16:d5:b3:b0:
         85:16:1b:e9:86:c7:16:b3:f7:4f:c6:cf:22:02:b3:2d:c2:a6:
         8d:4b:bb:71:35:d4:4b:2f:78:88:4f:ac:96:0b:ae:b8:92:96:
         ee:a7:27:79:8b:a8:4d:57:36:14:f4:6a:73:2a:92:e7:f0:68:
         1c:e6:e4:1c:e5:94:63:0d:b4:1e:ff:b6:af:7e:44:75:0c:e6:
         11:45:45:4a:81:8d:7f:5b:54:ff:0c:e3:a0:5a:55:8a:b8:b5:
         43:cf:89:5f:a4:29:d5:9b:14:52:17:7a:c6:40:25:fd:be:7a:
         ce:75:2c:d2:55:4d:41:7d:07:87:14:41:79:22:d7:c7:41:47:
         04:76:66:7d:32:ce:b3:62:94:59:c1:f0:44:34:63:0c:3b:30:
         e8:05:1d:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkv+ABjyNcWTHjN7061KpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjQwMTAxMTAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTBkNjY1NmJkZTg2MTE2NDgyODllNGVhNGExZGU0MjhkODAxMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQa+QMEp3N+Cli75ioGyp0fzva6x
PFjVrhEnPzFPRJ/5SESujIANyMtVT265XYs71z8Wc05dvx71VBi11KeJ/eOS89XK
Q3lJRet/q8478U3m2g8I5BHwrFsztFNVOz2HBLw4okXIU7HOAby5IhwQo5w7oqb4
/R0iClWJxc0iQu6FGa+wMxU0HAuvfovdaUFzRTbyQXlAMme+4W5Ame43X7ayuEzO
ke1dGy0MIXMxCTGlTfhUvj2Ao7lkYZ6lRuEHTjqJ2+ThDxPyRyLvqEbWb/yQKzVY
sxW3VJu4seNvX5+gQ9HWnqHmKu4jDQim9VSpJrh33nM7r5dz8k+4FftY7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGENZla96GEWSCieTqSh3kKNgBN/MB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvWVExbVZyM29ZUlpJS0o1T3BLSGVRbzJBRTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVowMA0G
CSqGSIb3DQEBCwUAA4IBAQBieP64UxTnP7/TT6jSYjj1BI9JaIHGGsWpy+YYaLP/
i4wPf/ob5SUxCUf2cuUGNplR7+REdtoqL0XaVqgtZ8We27ZkeyO7vBKCfb21q3Va
RnPalOzW+i6HhIYVJfypAb8QRav52NHT7xbVs7CFFhvphscWs/dPxs8iArMtwqaN
S7txNdRLL3iIT6yWC664kpbupyd5i6hNVzYU9GpzKpLn8Ggc5uQc5ZRjDbQe/7av
fkR1DOYRRUVKgY1/W1T/DOOgWlWKuLVDz4lfpCnVmxRSF3rGQCX9vnrOdSzSVU1B
fQeHFEF5ItfHQUcEdmZ9Ms6zYpRZwfBENGMMOzDoBR37
-----END CERTIFICATE-----