Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/ny2ogYkY-fwYCU8DV1KM_WJv6Ec.roa
File:                     ny2ogYkY-fwYCU8DV1KM_WJv6Ec.roa (raw, json)
Hash identifier:          7Kcw+Rn+RlvVA241bjWXf7uWhacM4dSlAU194THthhA=
Subject key identifier:   9F:2D:A8:81:89:18:F9:FC:18:09:4F:03:57:52:8C:FD:62:6F:E8:47
Certificate issuer:       /CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
Certificate serial:       018CC50135F310F7DCD1FDEDC0212D453633
Authority key identifier: C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/ny2ogYkY-fwYCU8DV1KM_WJv6Ec.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35617
IP address blocks:        45.131.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:35:f3:10:f7:dc:d1:fd:ed:c0:21:2d:45:36:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f2da8818918f9fc18094f0357528cfd626fe847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ca:6b:b7:5b:ad:2e:f4:52:32:d5:74:69:9d:
                    a3:c6:98:e3:ab:92:a0:70:ac:0a:d6:33:6a:df:7c:
                    66:8c:50:a8:c1:4d:40:a5:cb:fa:47:f8:c0:18:fb:
                    bb:c5:e1:8a:db:b3:a3:10:c0:8b:1d:a6:b1:04:ab:
                    9e:06:8e:30:1b:ac:af:17:c2:08:64:7d:81:ac:34:
                    b5:c6:16:23:f5:75:85:ac:fe:3c:c7:e5:51:d8:ea:
                    46:2e:2a:e3:52:a2:57:a6:31:2e:6e:05:05:c2:ce:
                    b4:15:be:73:71:3f:a9:2a:73:87:04:3b:f4:6f:39:
                    be:51:4b:14:19:6f:c2:f7:ab:4b:72:98:c6:f4:5b:
                    ec:8b:30:ca:96:ef:03:fb:05:34:7b:11:e2:12:05:
                    6d:42:ff:b0:53:9a:05:b3:aa:14:a1:40:ca:68:51:
                    d8:c5:31:f5:1b:92:1a:02:3b:ad:b7:54:80:73:e4:
                    6f:50:3b:de:f8:91:96:17:92:e0:8b:37:30:b2:3c:
                    e7:6f:88:10:b8:ba:b9:b2:9c:2b:4c:dd:fb:21:ce:
                    67:f4:aa:14:54:d8:b4:a4:83:65:e1:5f:dc:9d:ee:
                    b5:65:cf:4b:5a:33:76:cd:9e:d9:4f:d7:30:24:6c:
                    da:05:ad:44:f7:a5:22:f5:3c:58:c6:a9:10:1e:51:
                    e5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2D:A8:81:89:18:F9:FC:18:09:4F:03:57:52:8C:FD:62:6F:E8:47
            X509v3 Authority Key Identifier:
                keyid:C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/ny2ogYkY-fwYCU8DV1KM_WJv6Ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:8f:48:37:a5:2b:6b:cc:cf:7d:53:7a:8a:b5:bd:8b:93:5c:
         42:29:f8:ec:89:b1:3b:e4:3e:3f:88:fb:83:ff:a1:9d:88:eb:
         89:fa:6b:28:08:ca:33:28:89:40:14:0d:01:4c:cc:8a:9f:59:
         3b:ea:2e:b8:02:3d:9f:0f:02:5e:21:6b:77:f2:72:7b:ea:87:
         09:57:9c:fb:25:81:6b:bd:67:35:bd:63:c9:4a:32:a8:08:1f:
         f1:88:94:4d:fe:7c:79:b7:42:2b:44:cc:17:ba:12:86:ee:aa:
         e7:54:42:6c:af:cb:8c:35:5d:0e:a4:82:12:34:98:7d:2a:37:
         21:81:46:62:c0:8b:37:2e:16:ff:f8:cc:c7:53:8b:c6:88:c9:
         6c:42:a3:f8:38:45:4d:b2:ce:99:12:24:8b:71:fa:1b:37:ca:
         57:14:4e:ad:a3:4f:12:f4:cc:06:c9:d2:ad:40:b3:64:93:e7:
         2d:22:ed:ae:2b:01:18:fa:e6:d2:e0:5e:f3:c6:11:d0:59:c1:
         9f:a6:a0:fc:c9:45:ae:d8:52:ff:d8:ac:24:de:e2:1c:c0:6e:
         55:c5:34:fc:32:5d:49:9b:7d:50:7f:75:43:0f:c1:4e:ec:07:
         27:d2:56:64:55:27:ba:87:c9:8f:93:c0:9b:11:1d:21:ba:12:
         b1:e3:6e:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATXzEPfc0f3twCEtRTYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Y2ZhOTRmNjEzNGUzOTYwZWE1ZjMxODg0NmEzMGNmM2U5
MjJkZDcwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJkYTg4MTg5MThmOWZjMTgwOTRmMDM1NzUyOGNmZDYyNmZlODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcprt1utLvRSMtV0aZ2jxpjjq5Kg
cKwK1jNq33xmjFCowU1Apcv6R/jAGPu7xeGK27OjEMCLHaaxBKueBo4wG6yvF8II
ZH2BrDS1xhYj9XWFrP48x+VR2OpGLirjUqJXpjEubgUFws60Fb5zcT+pKnOHBDv0
bzm+UUsUGW/C96tLcpjG9FvsizDKlu8D+wU0exHiEgVtQv+wU5oFs6oUoUDKaFHY
xTH1G5IaAjutt1SAc+RvUDve+JGWF5Lgizcwsjznb4gQuLq5spwrTN37Ic5n9KoU
VNi0pINl4V/cne61Zc9LWjN2zZ7ZT9cwJGzaBa1E96Ui9TxYxqkQHlHlDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8tqIGJGPn8GAlPA1dSjP1ib+hHMB8GA1UdIwQY
MBaAFMbPqU9hNOOWDqXzGIRqMM8+ki3XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUt
ZjlhNDM3MDlkMDBiLzEvbnkyb2dZa1ktZndZQ1U4RFYxS01fV0p2NkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUtZjlhNDM3MDlkMDBi
LzEveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAqj0g3pStrzM99U3qKtb2Lk1xCKfjsibE75D4/iPuD
/6GdiOuJ+msoCMozKIlAFA0BTMyKn1k76i64Aj2fDwJeIWt38nJ76ocJV5z7JYFr
vWc1vWPJSjKoCB/xiJRN/nx5t0IrRMwXuhKG7qrnVEJsr8uMNV0OpIISNJh9Kjch
gUZiwIs3Lhb/+MzHU4vGiMlsQqP4OEVNss6ZEiSLcfobN8pXFE6to08S9MwGydKt
QLNkk+ctIu2uKwEY+ubS4F7zxhHQWcGfpqD8yUWu2FL/2Kwk3uIcwG5VxTT8Ml1J
m31Qf3VDD8FO7Acn0lZkVSe6h8mPk8CbER0huhKx426y
-----END CERTIFICATE-----