Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/6OqCmnhjs8nHpEFsYmpLOTlLlKw.roa
File:                     6OqCmnhjs8nHpEFsYmpLOTlLlKw.roa (raw, json)
Hash identifier:          BwhOn9eN2weN5wxRt5fWFuznfQCYbMxJLRCMBNadWDk=
Subject key identifier:   E8:EA:82:9A:78:63:B3:C9:C7:A4:41:6C:62:6A:4B:39:39:4B:94:AC
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       018CC725A1C5CD90EEB5D107117431C5B5A2
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/6OqCmnhjs8nHpEFsYmpLOTlLlKw.roa
Signing time:             Mon 01 Jan 2024 22:29:41 +0000
ROA not before:           Mon 01 Jan 2024 22:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        45.151.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a1:c5:cd:90:ee:b5:d1:07:11:74:31:c5:b5:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  1 22:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8ea829a7863b3c9c7a4416c626a4b39394b94ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a4:1b:e6:34:8d:db:58:8d:85:92:b9:5b:d0:
                    e2:b4:39:c1:19:42:9d:e6:e3:2c:f7:df:4f:c3:b5:
                    85:a2:4a:ea:3b:ee:86:cb:c6:77:93:27:68:d8:24:
                    b7:9e:40:cc:23:68:98:2c:fb:ee:63:e6:ed:f3:0b:
                    76:90:8b:16:91:be:63:45:7d:67:5b:bd:ce:d5:46:
                    c4:c4:0f:22:c2:da:e1:df:e4:a3:37:29:15:80:6e:
                    a2:26:f0:62:80:7d:fc:56:b2:89:d6:3d:cc:95:4c:
                    d1:1c:96:fe:cf:bb:65:c1:cd:7d:03:eb:6c:e9:aa:
                    6c:ed:98:28:90:d8:34:11:5a:13:9e:29:68:c9:05:
                    ef:e0:a6:99:f8:0d:26:d7:93:c0:3e:94:e5:7e:d3:
                    fe:7b:ea:3e:41:bb:f4:48:9a:ba:50:a8:c6:c0:39:
                    33:65:f1:7e:6e:ad:9d:e1:ed:9d:c1:8e:cb:82:ea:
                    5c:32:b9:92:40:94:dd:74:61:43:7a:85:b6:72:39:
                    67:d5:cf:c9:ae:63:18:83:53:c5:5d:d8:81:01:5f:
                    21:3d:eb:c4:4d:bd:93:69:c1:ff:6a:9f:8b:46:37:
                    8e:6a:f3:7d:41:23:9a:2c:b9:b9:0d:9d:ea:81:7c:
                    90:c0:8d:48:a3:f2:0b:ad:fe:09:0e:5e:b7:fe:8c:
                    7c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:EA:82:9A:78:63:B3:C9:C7:A4:41:6C:62:6A:4B:39:39:4B:94:AC
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/6OqCmnhjs8nHpEFsYmpLOTlLlKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d5:f5:82:e0:04:f2:6a:49:e7:19:ac:65:b9:24:70:75:2b:
         73:b2:30:35:0b:6d:23:b9:69:fb:7a:60:f7:a6:c6:e4:7b:14:
         56:50:99:94:93:c1:e3:af:2b:06:42:57:fb:02:b8:ec:41:d9:
         f7:f6:be:e6:f0:db:82:47:15:07:2e:8a:84:73:b6:4f:99:98:
         9a:ca:0e:33:b2:11:9c:51:46:75:b6:9a:1f:80:c3:a4:ce:c1:
         f0:02:26:00:ca:f5:bb:e0:7c:57:f3:4b:5f:1f:a2:2e:e6:ff:
         04:71:ee:e5:06:07:00:d4:b8:e6:bf:06:bd:ff:1f:c5:49:38:
         09:6c:d5:15:d2:08:d1:e5:5d:58:ba:ff:6a:39:bc:a8:21:5f:
         54:1c:e5:4d:a4:bb:31:d8:95:ea:eb:3d:c7:33:a5:2e:7f:d0:
         87:a9:99:8b:43:17:6e:a0:3c:0c:55:03:5c:07:30:c3:bb:74:
         76:65:a8:48:9c:f4:00:fb:a0:9a:a2:ee:6d:c6:15:49:4e:3a:
         bb:cd:06:1c:ca:d9:27:d1:fb:7a:a5:05:bb:d7:43:23:a1:0b:
         bf:8c:9f:5e:24:ac:80:fa:0d:f2:1e:65:63:36:5e:33:e1:b1:
         93:ee:15:43:9f:b6:f3:3f:c2:47:1f:9e:91:79:dd:50:ac:10:
         56:3c:ef:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJaHFzZDutdEHEXQxxbWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwMTAxMjIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGVhODI5YTc4NjNiM2M5YzdhNDQxNmM2MjZhNGIzOTM5NGI5NGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaQb5jSN21iNhZK5W9DitDnBGUKd
5uMs999Pw7WFokrqO+6Gy8Z3kydo2CS3nkDMI2iYLPvuY+bt8wt2kIsWkb5jRX1n
W73O1UbExA8iwtrh3+SjNykVgG6iJvBigH38VrKJ1j3MlUzRHJb+z7tlwc19A+ts
6aps7ZgokNg0EVoTniloyQXv4KaZ+A0m15PAPpTlftP+e+o+Qbv0SJq6UKjGwDkz
ZfF+bq2d4e2dwY7LgupcMrmSQJTddGFDeoW2cjln1c/JrmMYg1PFXdiBAV8hPevE
Tb2TacH/ap+LRjeOavN9QSOaLLm5DZ3qgXyQwI1Io/ILrf4JDl63/ox8xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjqgpp4Y7PJx6RBbGJqSzk5S5SsMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvNk9xQ21uaGpzOG5IcEVGc1ltcExPVGxMbEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdjMA0G
CSqGSIb3DQEBCwUAA4IBAQAa1fWC4ATyaknnGaxluSRwdStzsjA1C20juWn7emD3
psbkexRWUJmUk8HjrysGQlf7ArjsQdn39r7m8NuCRxUHLoqEc7ZPmZiayg4zshGc
UUZ1tpofgMOkzsHwAiYAyvW74HxX80tfH6Iu5v8Ece7lBgcA1Ljmvwa9/x/FSTgJ
bNUV0gjR5V1Yuv9qObyoIV9UHOVNpLsx2JXq6z3HM6Uuf9CHqZmLQxduoDwMVQNc
BzDDu3R2ZahInPQA+6Caou5txhVJTjq7zQYcytkn0ft6pQW710MjoQu/jJ9eJKyA
+g3yHmVjNl4z4bGT7hVDn7bzP8JHH56Red1QrBBWPO+y
-----END CERTIFICATE-----