Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/x8ES8-wuUnFMg9g5iPcWOxTlQKk.roa
File:                     x8ES8-wuUnFMg9g5iPcWOxTlQKk.roa (raw, json)
Hash identifier:          rDiqHaQekSo3O8264aihBX5gadc0PZC8QaOJqpyI3s4=
Subject key identifier:   C7:C1:12:F3:EC:2E:52:71:4C:83:D8:39:88:F7:16:3B:14:E5:40:A9
Certificate issuer:       /CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
Certificate serial:       018CC86F4FF35C13BDE42363E374198660A2
Authority key identifier: 99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/x8ES8-wuUnFMg9g5iPcWOxTlQKk.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47969
IP address blocks:        45.95.112.0/24 maxlen: 24
                          45.158.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4f:f3:5c:13:bd:e4:23:63:e3:74:19:86:60:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7c112f3ec2e52714c83d83988f7163b14e540a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d2:1f:82:b9:90:ac:14:87:e1:71:01:d1:b8:
                    1f:f6:6c:d7:3f:f1:cf:58:ef:c2:00:40:b3:1c:95:
                    bf:ab:da:d3:4a:8d:6c:b1:ef:d9:88:7c:a9:cc:0c:
                    ab:01:0f:62:bd:9d:4d:ff:2a:1c:5b:e0:73:bc:2c:
                    f0:36:0b:c9:3b:a7:60:6b:11:75:1b:ad:cc:35:a1:
                    58:00:da:21:8d:47:9f:7c:6c:c6:cd:72:a0:f7:47:
                    5a:3b:a1:ee:87:26:b2:0e:d1:8d:de:b3:9f:83:fa:
                    86:b4:c5:ea:c3:e9:76:1e:ed:1c:43:6b:79:fa:64:
                    df:b3:c4:5e:00:e3:42:e3:74:08:8e:99:6d:7a:0a:
                    a4:81:ff:dd:9f:3a:60:80:0f:5d:c6:6c:1e:83:0a:
                    42:ea:65:30:0a:61:83:10:b4:6a:71:f0:b7:5a:3e:
                    72:2e:68:20:5d:60:98:5e:32:5b:4f:75:75:41:6b:
                    39:b0:66:97:f7:21:89:aa:c3:21:27:59:5a:01:b5:
                    d2:c7:ac:a9:de:cf:b8:c5:0e:3b:10:b1:57:85:ca:
                    f6:17:4e:a6:b1:c3:8d:df:4b:d3:15:49:89:61:cd:
                    c3:c9:87:3f:93:9f:db:a7:93:cc:18:ad:24:72:43:
                    cd:48:9f:c9:a6:4a:89:cd:11:bf:6b:4a:69:58:d0:
                    3b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C1:12:F3:EC:2E:52:71:4C:83:D8:39:88:F7:16:3B:14:E5:40:A9
            X509v3 Authority Key Identifier:
                keyid:99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/x8ES8-wuUnFMg9g5iPcWOxTlQKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.112.0/24
                  45.158.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         dc:4b:3b:a3:c3:27:7f:db:a5:da:a1:4a:d8:61:b6:de:76:d7:
         26:ba:29:de:b1:70:a2:99:3d:a1:fa:33:f2:16:43:3f:8f:56:
         1f:e8:25:a9:58:be:1a:ea:ae:81:8d:8b:9f:06:ce:fe:23:4c:
         db:7c:ea:57:e9:de:9f:62:8b:ec:a2:88:3f:8e:aa:b9:e6:bd:
         7b:26:10:b6:d3:56:6e:8c:2d:be:51:cd:6d:04:ca:22:10:54:
         07:68:44:ca:e9:9c:14:92:1c:25:68:ff:b2:d9:3e:c1:5f:f4:
         ca:35:be:5e:7c:6c:c3:0f:f6:9f:e9:d3:2c:f0:45:d1:72:af:
         5e:34:57:27:ee:08:b4:33:55:45:3a:5e:87:75:1c:a4:93:07:
         ab:63:c0:8e:c7:50:37:cd:b6:be:31:38:58:43:a0:f6:4c:dc:
         93:56:9a:ed:52:da:77:c8:35:04:f8:3f:03:78:dd:98:57:bb:
         de:a9:15:1c:c1:88:f1:6b:9f:84:c1:7a:a9:49:e0:b8:c7:41:
         da:b8:12:1a:dc:20:59:f9:c2:fd:54:e2:e9:5c:68:37:64:40:
         6d:97:d0:54:bc:23:18:e4:e2:53:0c:55:71:85:7c:05:f9:47:
         48:d6:4f:61:f6:41:37:13:1c:8a:70:c0:0c:34:fe:0a:d3:6e:
         84:ca:dc:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb0/zXBO95CNj43QZhmCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVlN2NiZDhlNzhkMWYxNGE0NTNhMDRiOTE2ZjdjMTU4
MWQyMDQwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2MxMTJmM2VjMmU1MjcxNGM4M2Q4Mzk4OGY3MTYzYjE0ZTU0MGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNIfgrmQrBSH4XEB0bgf9mzXP/HP
WO/CAECzHJW/q9rTSo1sse/ZiHypzAyrAQ9ivZ1N/yocW+BzvCzwNgvJO6dgaxF1
G63MNaFYANohjUeffGzGzXKg90daO6HuhyayDtGN3rOfg/qGtMXqw+l2Hu0cQ2t5
+mTfs8ReAONC43QIjpltegqkgf/dnzpggA9dxmwegwpC6mUwCmGDELRqcfC3Wj5y
LmggXWCYXjJbT3V1QWs5sGaX9yGJqsMhJ1laAbXSx6yp3s+4xQ47ELFXhcr2F06m
scON30vTFUmJYc3DyYc/k5/bp5PMGK0kckPNSJ/JpkqJzRG/a0ppWNA7HQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMfBEvPsLlJxTIPYOYj3FjsU5UCpMB8GA1UdIwQY
MBaAFJn+58vY540fFKRToEuRb3wVgdIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTct
MWMyMmVmZjcyODE4LzEveDhFUzgtd3VVbkZNZzlnNWlQY1dPeFRsUUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTctMWMyMmVmZjcyODE4
LzEvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV9wAwQB
LZ5OMA0GCSqGSIb3DQEBCwUAA4IBAQDcSzujwyd/26XaoUrYYbbedtcmuinesXCi
mT2h+jPyFkM/j1Yf6CWpWL4a6q6BjYufBs7+I0zbfOpX6d6fYovsoog/jqq55r17
JhC201ZujC2+Uc1tBMoiEFQHaETK6ZwUkhwlaP+y2T7BX/TKNb5efGzDD/af6dMs
8EXRcq9eNFcn7gi0M1VFOl6HdRykkwerY8COx1A3zba+MThYQ6D2TNyTVprtUtp3
yDUE+D8DeN2YV7veqRUcwYjxa5+EwXqpSeC4x0HauBIa3CBZ+cL9VOLpXGg3ZEBt
l9BUvCMY5OJTDFVxhXwF+UdI1k9h9kE3ExyKcMAMNP4K026EytyM
-----END CERTIFICATE-----