Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/_VK5tMevNeVMTNtA9Jp3T4k9fDE.roa
File:                     _VK5tMevNeVMTNtA9Jp3T4k9fDE.roa (raw, json)
Hash identifier:          KViF5UWnXkTYU8A/QxCHXudv/utp3QfrAq4xM/0+2cs=
Subject key identifier:   FD:52:B9:B4:C7:AF:35:E5:4C:4C:DB:40:F4:9A:77:4F:89:3D:7C:31
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018CC5012CDDB33AF75321C74301E7CC5E2F
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/_VK5tMevNeVMTNtA9Jp3T4k9fDE.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.130.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2c:dd:b3:3a:f7:53:21:c7:43:01:e7:cc:5e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd52b9b4c7af35e54c4cdb40f49a774f893d7c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:89:53:d5:3c:66:8a:01:56:80:76:90:49:93:
                    3c:ea:f4:e2:c0:b8:d4:67:22:f7:33:f0:8d:d2:21:
                    d8:db:83:5b:98:1e:41:76:b9:48:01:ca:97:91:8b:
                    68:12:2d:74:54:be:56:09:5c:4a:38:13:cf:3c:49:
                    2c:88:d5:27:d9:cb:2e:2b:f8:80:16:b8:81:57:86:
                    95:8d:d1:a9:cb:2e:24:05:fb:80:5e:38:19:51:d0:
                    34:fd:e2:8c:1c:9a:2d:f2:07:2d:e4:27:90:27:29:
                    81:f4:96:11:dd:2d:70:b4:64:d1:ec:4f:19:e2:13:
                    5c:f1:9c:e6:6e:50:28:1c:46:aa:d8:ab:89:90:30:
                    51:86:ef:ad:57:43:39:b4:90:f4:b8:66:67:62:30:
                    e6:0f:49:ba:7f:a6:4b:e8:ad:54:c6:35:3f:79:19:
                    c0:bf:6c:44:e5:1c:65:da:15:43:e0:00:33:89:8e:
                    12:66:2e:e8:19:d8:11:df:67:69:15:d4:00:77:72:
                    e8:ff:ba:01:1c:4e:3e:c3:5c:d8:b6:c5:0c:ec:eb:
                    6b:23:0c:1f:0b:fc:af:7d:29:c9:6a:e2:76:99:7d:
                    79:1b:0c:64:44:02:ca:ea:d6:8d:aa:f3:1b:59:18:
                    f8:46:ea:72:4e:36:77:0c:d3:5c:f4:c9:c3:e9:ec:
                    35:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:52:B9:B4:C7:AF:35:E5:4C:4C:DB:40:F4:9A:77:4F:89:3D:7C:31
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/_VK5tMevNeVMTNtA9Jp3T4k9fDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:7a:7b:db:da:0f:a1:7a:7d:9b:24:71:09:b1:7f:44:16:80:
         65:ff:f8:62:c9:19:5a:84:f0:c4:88:b0:b9:53:c0:e8:1c:6d:
         54:ec:c5:23:8d:56:b8:4d:9e:af:c0:28:e1:f1:eb:9e:ca:30:
         21:f8:78:ae:e7:5d:85:1e:49:f7:18:96:f0:8e:fb:c2:fc:7a:
         25:72:ce:75:d2:1f:66:33:48:8a:10:aa:3b:cf:3f:9f:ca:9a:
         24:31:db:fb:df:69:b3:f2:17:b6:e1:9c:42:9c:ce:43:37:cb:
         ea:a8:95:64:8e:aa:af:ea:9f:78:a8:88:89:df:9a:57:9c:5b:
         9e:e2:d7:b0:0a:25:f3:4c:2d:81:64:c4:ef:88:0d:97:8c:b1:
         4e:f3:93:26:5d:2a:d7:48:3b:06:d4:a9:c5:48:9a:cc:d4:92:
         a2:fe:24:03:fc:3c:ba:7d:63:17:3c:dd:fc:5e:e8:da:cd:b2:
         9c:4a:bf:9c:47:34:30:a6:03:05:95:3a:1b:80:05:9e:22:b3:
         89:f6:4d:c7:6a:a3:74:27:c6:28:00:41:97:69:54:a6:03:ea:
         ef:a4:e2:db:5f:43:58:f2:2b:b0:93:26:40:cf:7f:eb:10:14:
         a1:81:5c:8c:e8:2f:69:29:ff:b9:d3:56:2c:bd:15:32:f9:3e:
         ba:4f:d9:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASzdszr3UyHHQwHnzF4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDUyYjliNGM3YWYzNWU1NGM0Y2RiNDBmNDlhNzc0Zjg5M2Q3YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuolT1TxmigFWgHaQSZM86vTiwLjU
ZyL3M/CN0iHY24NbmB5BdrlIAcqXkYtoEi10VL5WCVxKOBPPPEksiNUn2csuK/iA
FriBV4aVjdGpyy4kBfuAXjgZUdA0/eKMHJot8gct5CeQJymB9JYR3S1wtGTR7E8Z
4hNc8ZzmblAoHEaq2KuJkDBRhu+tV0M5tJD0uGZnYjDmD0m6f6ZL6K1UxjU/eRnA
v2xE5Rxl2hVD4AAziY4SZi7oGdgR32dpFdQAd3Lo/7oBHE4+w1zYtsUM7OtrIwwf
C/yvfSnJauJ2mX15GwxkRALK6taNqvMbWRj4RupyTjZ3DNNc9MnD6ew1nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1SubTHrzXlTEzbQPSad0+JPXwxMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvX1ZLNXRNZXZOZVZNVE50QTlKcDNUNGs5ZkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYIgMA0G
CSqGSIb3DQEBCwUAA4IBAQBSenvb2g+hen2bJHEJsX9EFoBl//hiyRlahPDEiLC5
U8DoHG1U7MUjjVa4TZ6vwCjh8eueyjAh+Hiu512FHkn3GJbwjvvC/Holcs510h9m
M0iKEKo7zz+fypokMdv732mz8he24ZxCnM5DN8vqqJVkjqqv6p94qIiJ35pXnFue
4tewCiXzTC2BZMTviA2XjLFO85MmXSrXSDsG1KnFSJrM1JKi/iQD/Dy6fWMXPN38
XujazbKcSr+cRzQwpgMFlTobgAWeIrOJ9k3HaqN0J8YoAEGXaVSmA+rvpOLbX0NY
8iuwkyZAz3/rEBShgVyM6C9pKf+501YsvRUy+T66T9kd
-----END CERTIFICATE-----