Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a40066-05ea-403e-b8e7-07cf0b33a849/1/oC9Clq9P7k9UJciJrjcorNkTK5I.roa
File:                     oC9Clq9P7k9UJciJrjcorNkTK5I.roa (raw, json)
Hash identifier:          X5cs66ioLqxy9bt/27qnoxTdDUJjsglaa9Mh08PBnbA=
Subject key identifier:   A0:2F:42:96:AF:4F:EE:4F:54:25:C8:89:AE:37:28:AC:D9:13:2B:92
Certificate issuer:       /CN=c06cb5642e87d4e4e0309084228e29e6999ed0b7
Certificate serial:       018CC50079BE7CAA682899D802DD53AA6FC7
Authority key identifier: C0:6C:B5:64:2E:87:D4:E4:E0:30:90:84:22:8E:29:E6:99:9E:D0:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGy1ZC6H1OTgMJCEIo4p5pme0Lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a40066-05ea-403e-b8e7-07cf0b33a849/1/oC9Clq9P7k9UJciJrjcorNkTK5I.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        45.85.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a40066-05ea-403e-b8e7-07cf0b33a849/1/wGy1ZC6H1OTgMJCEIo4p5pme0Lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a40066-05ea-403e-b8e7-07cf0b33a849/1/wGy1ZC6H1OTgMJCEIo4p5pme0Lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGy1ZC6H1OTgMJCEIo4p5pme0Lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:79:be:7c:aa:68:28:99:d8:02:dd:53:aa:6f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c06cb5642e87d4e4e0309084228e29e6999ed0b7
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a02f4296af4fee4f5425c889ae3728acd9132b92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3c:24:cd:d4:7e:fa:f8:0a:83:b2:71:0e:ab:
                    11:13:d7:91:4a:96:f5:68:c6:a3:4d:d7:c1:ed:b5:
                    0a:09:97:29:a4:fc:f9:15:e9:bf:1c:cf:d1:52:db:
                    bf:00:b1:ab:13:dd:86:9c:e1:58:d5:bb:78:8c:60:
                    2d:70:2b:80:53:6b:4e:5d:c7:f7:e6:10:42:06:a5:
                    a7:b8:35:32:14:fc:dc:ef:c2:cb:77:e1:82:f9:3c:
                    71:d1:6c:74:2c:73:a1:1c:40:b0:ae:1c:53:62:14:
                    bf:82:5d:f0:28:72:45:71:fe:ed:9c:09:66:4d:4b:
                    02:18:c8:c6:45:8f:39:4d:05:01:b8:b6:32:d1:a2:
                    76:19:0d:74:e5:67:cd:1b:c5:f3:22:32:36:d2:63:
                    4f:96:77:ba:fd:f5:1c:84:b2:1b:8a:3e:7a:b2:e0:
                    ec:2c:c6:61:24:08:c5:d2:c3:7e:b6:c0:c9:44:81:
                    83:3a:2e:05:b3:05:f3:99:b9:bd:70:d5:c5:00:04:
                    64:0c:c1:66:6f:e5:8a:82:bb:a2:c2:d2:f2:cc:e3:
                    be:67:1b:5c:fb:81:44:41:44:76:71:10:8c:bd:46:
                    84:19:15:bd:eb:a3:74:70:14:10:f8:e2:fa:10:8d:
                    6a:9f:5b:74:bf:c9:50:bf:5b:8e:4d:00:9b:b0:59:
                    af:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2F:42:96:AF:4F:EE:4F:54:25:C8:89:AE:37:28:AC:D9:13:2B:92
            X509v3 Authority Key Identifier:
                keyid:C0:6C:B5:64:2E:87:D4:E4:E0:30:90:84:22:8E:29:E6:99:9E:D0:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGy1ZC6H1OTgMJCEIo4p5pme0Lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a40066-05ea-403e-b8e7-07cf0b33a849/1/oC9Clq9P7k9UJciJrjcorNkTK5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a40066-05ea-403e-b8e7-07cf0b33a849/1/wGy1ZC6H1OTgMJCEIo4p5pme0Lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9c:c2:05:dc:63:19:30:7a:09:d6:1b:cb:8f:cc:43:19:56:
         e4:3a:e2:49:ea:16:e4:b4:87:b9:53:00:3d:6c:dc:50:ac:d8:
         93:8a:b4:f9:3b:fe:ef:d9:20:5f:5b:92:49:1f:e9:f8:97:94:
         67:d1:28:38:17:67:2e:01:88:16:a9:f4:57:38:ae:f1:3c:07:
         93:97:06:4b:a7:1f:16:7a:37:e7:70:6b:10:19:b7:68:8e:22:
         76:fc:43:e6:0f:3f:df:e2:0c:4d:ee:05:00:be:c7:2a:f4:0d:
         a3:44:a7:57:ab:23:ec:2c:6c:d6:e0:4a:a2:8c:a2:b4:06:ff:
         e0:31:59:47:56:8f:3c:aa:43:0d:3d:72:51:15:cb:c6:1a:5f:
         08:35:2b:54:d4:4b:27:71:07:42:4c:69:5f:cf:1a:63:9c:95:
         04:d5:16:63:d1:55:16:48:49:0a:5e:4d:7d:b1:04:ae:d5:4f:
         9b:bf:c7:86:4c:d6:63:4e:28:35:88:dd:ed:8a:fb:0e:42:f2:
         fe:ae:00:e9:a9:a4:5f:0e:86:83:ad:3c:40:91:6d:f5:20:e6:
         49:a1:39:03:c4:f9:ed:41:aa:9b:63:6e:b1:e9:e4:2b:e7:22:
         ab:dd:34:4d:06:02:22:66:9d:e2:93:a4:4c:93:13:9f:4c:9a:
         46:4b:91:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHm+fKpoKJnYAt1Tqm/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNmNiNTY0MmU4N2Q0ZTRlMDMwOTA4NDIyOGUyOWU2OTk5
ZWQwYjcwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDJmNDI5NmFmNGZlZTRmNTQyNWM4ODlhZTM3MjhhY2Q5MTMyYjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDwkzdR++vgKg7JxDqsRE9eRSpb1
aMajTdfB7bUKCZcppPz5Fem/HM/RUtu/ALGrE92GnOFY1bt4jGAtcCuAU2tOXcf3
5hBCBqWnuDUyFPzc78LLd+GC+Txx0Wx0LHOhHECwrhxTYhS/gl3wKHJFcf7tnAlm
TUsCGMjGRY85TQUBuLYy0aJ2GQ105WfNG8XzIjI20mNPlne6/fUchLIbij56suDs
LMZhJAjF0sN+tsDJRIGDOi4FswXzmbm9cNXFAARkDMFmb+WKgruiwtLyzOO+Zxtc
+4FEQUR2cRCMvUaEGRW966N0cBQQ+OL6EI1qn1t0v8lQv1uOTQCbsFmvuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAvQpavT+5PVCXIia43KKzZEyuSMB8GA1UdIwQY
MBaAFMBstWQuh9Tk4DCQhCKOKeaZntC3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0d5MVpDNkgxT1RnTUpDRUlvNHA1cG1lMExjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hNDAwNjYtMDVlYS00MDNlLWI4ZTct
MDdjZjBiMzNhODQ5LzEvb0M5Q2xxOVA3azlVSmNpSnJqY29yTmtUSzVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hNDAwNjYtMDVlYS00MDNlLWI4ZTctMDdjZjBiMzNhODQ5
LzEvd0d5MVpDNkgxT1RnTUpDRUlvNHA1cG1lMExjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVjMA0G
CSqGSIb3DQEBCwUAA4IBAQB2nMIF3GMZMHoJ1hvLj8xDGVbkOuJJ6hbktIe5UwA9
bNxQrNiTirT5O/7v2SBfW5JJH+n4l5Rn0Sg4F2cuAYgWqfRXOK7xPAeTlwZLpx8W
ejfncGsQGbdojiJ2/EPmDz/f4gxN7gUAvscq9A2jRKdXqyPsLGzW4EqijKK0Bv/g
MVlHVo88qkMNPXJRFcvGGl8INStU1EsncQdCTGlfzxpjnJUE1RZj0VUWSEkKXk19
sQSu1U+bv8eGTNZjTig1iN3tivsOQvL+rgDpqaRfDoaDrTxAkW31IOZJoTkDxPnt
QaqbY26x6eQr5yKr3TRNBgIiZp3ik6RMkxOfTJpGS5EV
-----END CERTIFICATE-----