Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/_DRYEaHuBZ9JZxS_7dr4WSeJ2NY.roa
File:                     _DRYEaHuBZ9JZxS_7dr4WSeJ2NY.roa (raw, json)
Hash identifier:          DkT6nTO+F5C20plKkL+17scNuazPJPQ/ROmRI9wO19Q=
Subject key identifier:   FC:34:58:11:A1:EE:05:9F:49:67:14:BF:ED:DA:F8:59:27:89:D8:D6
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B67F4B682788914BBC928F5DFE2C8
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/_DRYEaHuBZ9JZxS_7dr4WSeJ2NY.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62468
IP address blocks:        45.137.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:67:f4:b6:82:78:89:14:bb:c9:28:f5:df:e2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc345811a1ee059f496714bfeddaf8592789d8d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:46:fb:98:2c:6e:57:54:eb:6d:21:32:21:60:
                    23:27:07:43:27:af:33:78:a5:ba:e6:6c:5c:87:2f:
                    ab:a7:62:c3:64:ac:c5:6a:be:65:bb:f0:fb:7e:9d:
                    81:12:15:59:58:f2:2e:f7:5b:f8:96:2c:ad:99:00:
                    15:30:fd:5d:f6:29:da:49:52:ad:0c:d9:2c:80:90:
                    89:eb:08:50:1d:35:7b:d6:43:6c:75:a1:2b:da:94:
                    03:28:57:47:b3:76:35:43:48:34:ac:30:ee:7c:4b:
                    e5:26:b5:49:0c:96:0e:74:27:97:df:f1:6e:1d:37:
                    f8:d8:45:52:b0:02:b1:42:68:cb:4e:d3:39:c9:66:
                    65:97:50:b1:70:44:89:65:5c:cf:49:9c:e0:f8:2b:
                    39:22:1c:66:94:78:a8:b9:11:8a:c2:a0:3d:72:79:
                    78:02:3e:69:76:50:22:99:a7:e9:0d:40:23:3f:fd:
                    28:00:bc:17:f7:4b:4c:38:cd:9a:fc:82:9b:11:1c:
                    95:67:51:44:5e:2d:71:d7:0a:5c:13:4d:40:46:db:
                    d0:2c:fa:a3:45:ff:42:cb:52:c1:a1:11:06:48:4c:
                    82:a2:95:3a:2b:97:98:35:82:65:ce:c4:26:8f:39:
                    e3:70:ef:16:dc:38:2f:ba:75:e6:10:a6:8d:3c:af:
                    8a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:34:58:11:A1:EE:05:9F:49:67:14:BF:ED:DA:F8:59:27:89:D8:D6
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/_DRYEaHuBZ9JZxS_7dr4WSeJ2NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:f7:a7:dd:35:6e:88:d8:b3:12:0f:3c:83:f0:ed:dd:f0:ee:
         9e:d2:4e:27:a0:bd:cc:e4:65:83:9f:6e:74:a1:32:2f:d1:62:
         51:bc:78:c0:e1:af:8b:db:e0:03:fb:45:cc:3f:71:2b:20:19:
         df:40:29:77:28:c7:27:f9:af:8d:88:b3:84:d7:1a:09:1c:f4:
         79:f2:53:9c:85:21:e3:26:83:8b:c6:86:b4:36:85:6c:03:63:
         32:16:8d:00:43:0e:e0:ea:82:73:01:d6:bc:3e:64:99:fe:98:
         8c:1f:0b:16:27:86:9f:59:7e:33:9c:33:1e:c6:74:c5:c9:ca:
         62:08:93:9c:6f:1d:02:bc:c7:14:4a:fe:ad:9c:1c:1c:0a:e0:
         76:64:ce:71:4e:d3:3c:48:d7:fe:dd:cd:48:f9:09:15:73:21:
         9b:35:a7:f2:61:5e:bf:e5:87:88:ea:1a:9f:5f:f5:80:04:fe:
         d9:7d:ad:8d:8a:ca:6b:a3:08:2f:74:92:39:8e:a6:ea:e1:5d:
         73:fa:c2:88:34:2d:5e:8a:9b:93:54:b8:38:2a:c4:e1:c2:fb:
         b0:5f:a3:64:05:09:61:10:bb:54:48:8c:53:63:2a:e6:57:2b:
         60:61:02:eb:e6:d4:5a:22:bb:09:17:6b:35:b9:4a:a5:c4:1e:
         3e:e7:c7:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2f0toJ4iRS7ySj13+LIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzM0NTgxMWExZWUwNTlmNDk2NzE0YmZlZGRhZjg1OTI3ODlkOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUb7mCxuV1TrbSEyIWAjJwdDJ68z
eKW65mxchy+rp2LDZKzFar5lu/D7fp2BEhVZWPIu91v4liytmQAVMP1d9inaSVKt
DNksgJCJ6whQHTV71kNsdaEr2pQDKFdHs3Y1Q0g0rDDufEvlJrVJDJYOdCeX3/Fu
HTf42EVSsAKxQmjLTtM5yWZll1CxcESJZVzPSZzg+Cs5IhxmlHiouRGKwqA9cnl4
Aj5pdlAimafpDUAjP/0oALwX90tMOM2a/IKbERyVZ1FEXi1x1wpcE01ARtvQLPqj
Rf9Cy1LBoREGSEyCopU6K5eYNYJlzsQmjznjcO8W3DgvunXmEKaNPK+KAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPw0WBGh7gWfSWcUv+3a+FknidjWMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvX0RSWUVhSHVCWjlKWnhTXzdkcjRXU2VKMk5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYkJMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ96fdNW6I2LMSDzyD8O3d8O6e0k4noL3M5GWDn250
oTIv0WJRvHjA4a+L2+AD+0XMP3ErIBnfQCl3KMcn+a+NiLOE1xoJHPR58lOchSHj
JoOLxoa0NoVsA2MyFo0AQw7g6oJzAda8PmSZ/piMHwsWJ4afWX4znDMexnTFycpi
CJOcbx0CvMcUSv6tnBwcCuB2ZM5xTtM8SNf+3c1I+QkVcyGbNafyYV6/5YeI6hqf
X/WABP7Zfa2NisprowgvdJI5jqbq4V1z+sKINC1eipuTVLg4KsThwvuwX6NkBQlh
ELtUSIxTYyrmVytgYQLr5tRaIrsJF2s1uUqlxB4+58dq
-----END CERTIFICATE-----