Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/CyV98N9EMWyxflKPXQFcgiSjPHY.roa
File:                     CyV98N9EMWyxflKPXQFcgiSjPHY.roa (raw, json)
Hash identifier:          Rihov2ja8UcIkzpFTuydvoEHWoaig8C8yBkMG/T6o0o=
Subject key identifier:   0B:25:7D:F0:DF:44:31:6C:B1:7E:52:8F:5D:01:5C:82:24:A3:3C:76
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018DC169F08138AE93DF97DC081357D6349A
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/CyV98N9EMWyxflKPXQFcgiSjPHY.roa
Signing time:             Mon 19 Feb 2024 12:49:22 +0000
ROA not before:           Mon 19 Feb 2024 12:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134450
IP address blocks:        45.94.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:69:f0:81:38:ae:93:df:97:dc:08:13:57:d6:34:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Feb 19 12:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b257df0df44316cb17e528f5d015c8224a33c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:75:d9:93:fb:3b:79:34:a4:09:3f:ed:cb:dd:
                    75:34:b7:e2:c6:06:87:b7:aa:37:0d:56:76:60:1d:
                    4a:13:5d:59:93:59:86:d8:a1:78:dd:62:07:2e:2f:
                    82:ab:e1:26:79:3f:c7:a0:10:5e:51:3c:71:43:85:
                    86:63:31:72:76:eb:f3:b9:52:a2:c2:c9:4a:3c:9f:
                    fa:cf:9c:2e:d8:e8:f4:fb:0b:d7:db:42:e4:39:a4:
                    fb:ce:2d:14:4f:d1:04:e8:32:13:d1:ab:ac:83:18:
                    ee:3c:d1:12:c3:44:6f:21:a5:fc:1f:69:5d:ed:40:
                    1d:60:cb:62:7b:e8:4b:b2:a1:27:cb:da:26:dc:29:
                    bc:d0:19:39:e0:f6:31:e4:db:30:ff:49:a4:7b:4f:
                    9f:72:33:d0:ad:bd:fa:68:2f:0b:26:65:06:15:b5:
                    f3:e6:ec:09:f5:8a:f3:6d:4a:51:bd:95:95:c3:c2:
                    3a:d6:11:8c:2f:bf:e6:2c:ac:18:0f:bb:a3:9e:db:
                    0e:51:7b:ed:d3:43:f6:66:97:3c:b6:20:35:7d:27:
                    4d:17:88:c7:ab:99:5b:5b:73:4a:78:91:49:fd:fd:
                    34:72:f5:ca:be:21:4d:b2:8a:57:e1:3b:77:73:c2:
                    71:26:5e:dd:12:9b:8b:e2:7a:23:84:ad:59:94:02:
                    e8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:25:7D:F0:DF:44:31:6C:B1:7E:52:8F:5D:01:5C:82:24:A3:3C:76
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/CyV98N9EMWyxflKPXQFcgiSjPHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:b9:da:fc:e4:a6:70:74:d9:4d:e2:c8:d8:2c:60:c3:dc:78:
         54:ed:db:93:41:64:99:a0:82:db:1a:f7:c5:cd:ab:43:dd:cc:
         39:f0:bd:c1:3a:13:b7:52:7e:31:6c:fe:fc:df:a6:d4:37:da:
         fe:f5:2b:fb:40:32:23:20:91:06:58:20:ed:b9:af:cc:6d:99:
         2f:b3:69:ac:c3:ce:43:f5:c3:7b:c7:b8:f2:52:c8:20:93:e6:
         f2:c1:30:68:72:5d:b1:7b:82:55:a6:ca:8b:46:68:3d:e4:67:
         d3:78:9c:a2:f6:88:c6:e5:4b:87:04:32:6d:51:23:2e:c3:5b:
         52:49:19:6a:b3:21:53:7f:17:71:97:09:8b:7f:e6:88:67:e5:
         ed:a4:2a:9d:0a:25:a0:65:dd:6f:35:c5:bf:fd:7e:44:eb:41:
         7d:54:4e:67:0f:d1:32:df:f5:ea:0a:55:1a:c9:60:4d:f5:86:
         8f:5e:b9:76:6d:4d:5c:a5:4f:3b:16:57:a2:2d:7c:82:ac:bc:
         e1:50:e6:6f:35:6e:50:05:a1:33:61:a8:a1:f8:88:90:69:1b:
         d0:53:09:34:bc:59:ed:9e:0e:fc:3f:fa:0a:29:b7:73:c3:48:
         f0:04:86:30:cf:8c:bd:e1:43:95:5c:28:ae:09:61:ac:84:eb:
         bf:f9:fe:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BafCBOK6T35fcCBNX1jSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMjE5MTI0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI1N2RmMGRmNDQzMTZjYjE3ZTUyOGY1ZDAxNWM4MjI0YTMzYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3XZk/s7eTSkCT/ty911NLfixgaH
t6o3DVZ2YB1KE11Zk1mG2KF43WIHLi+Cq+EmeT/HoBBeUTxxQ4WGYzFyduvzuVKi
wslKPJ/6z5wu2Oj0+wvX20LkOaT7zi0UT9EE6DIT0ausgxjuPNESw0RvIaX8H2ld
7UAdYMtie+hLsqEny9om3Cm80Bk54PYx5Nsw/0mke0+fcjPQrb36aC8LJmUGFbXz
5uwJ9YrzbUpRvZWVw8I61hGML7/mLKwYD7ujntsOUXvt00P2Zpc8tiA1fSdNF4jH
q5lbW3NKeJFJ/f00cvXKviFNsopX4Tt3c8JxJl7dEpuL4nojhK1ZlALoDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAslffDfRDFssX5Sj10BXIIkozx2MB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvQ3lWOThOOUVNV3l4ZmxLUFhRRmNnaVNqUEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLV6KMA0G
CSqGSIb3DQEBCwUAA4IBAQBVudr85KZwdNlN4sjYLGDD3HhU7duTQWSZoILbGvfF
zatD3cw58L3BOhO3Un4xbP7836bUN9r+9Sv7QDIjIJEGWCDtua/MbZkvs2msw85D
9cN7x7jyUsggk+bywTBocl2xe4JVpsqLRmg95GfTeJyi9ojG5UuHBDJtUSMuw1tS
SRlqsyFTfxdxlwmLf+aIZ+XtpCqdCiWgZd1vNcW//X5E60F9VE5nD9Ey3/XqClUa
yWBN9YaPXrl2bU1cpU87FleiLXyCrLzhUOZvNW5QBaEzYaih+IiQaRvQUwk0vFnt
ng78P/oKKbdzw0jwBIYwz4y94UOVXCiuCWGshOu/+f4G
-----END CERTIFICATE-----