Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/fb2a45-8d94-4a8d-bcb0-6191b9d0cda3/1/Z9ef8Z9xVJqROk528L17EBpkqBc.roa
File:                     Z9ef8Z9xVJqROk528L17EBpkqBc.roa (raw, json)
Hash identifier:          76kSg5wwCRxAVuPO6BxQc4qLKwylAsh84bgg7+Tf1OA=
Subject key identifier:   67:D7:9F:F1:9F:71:54:9A:91:3A:4E:76:F0:BD:7B:10:1A:64:A8:17
Certificate issuer:       /CN=61b1e31c09fe826fe4d792e7fa8855e0ad39342a
Certificate serial:       018CC3B70E6A1C1A058C307E87698FE42AC5
Authority key identifier: 61:B1:E3:1C:09:FE:82:6F:E4:D7:92:E7:FA:88:55:E0:AD:39:34:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbHjHAn-gm_k15Ln-ohV4K05NCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/fb2a45-8d94-4a8d-bcb0-6191b9d0cda3/1/Z9ef8Z9xVJqROk528L17EBpkqBc.roa
Signing time:             Mon 01 Jan 2024 06:30:03 +0000
ROA not before:           Mon 01 Jan 2024 06:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199803
IP address blocks:        185.45.200.0/22 maxlen: 22
                          2a01:7fe0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/fb2a45-8d94-4a8d-bcb0-6191b9d0cda3/1/YbHjHAn-gm_k15Ln-ohV4K05NCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/fb2a45-8d94-4a8d-bcb0-6191b9d0cda3/1/YbHjHAn-gm_k15Ln-ohV4K05NCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbHjHAn-gm_k15Ln-ohV4K05NCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0e:6a:1c:1a:05:8c:30:7e:87:69:8f:e4:2a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1e31c09fe826fe4d792e7fa8855e0ad39342a
        Validity
            Not Before: Jan  1 06:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67d79ff19f71549a913a4e76f0bd7b101a64a817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:dd:26:1e:a6:89:24:ad:3d:5a:9f:ca:cc:5b:
                    06:ff:ac:68:d3:a7:a5:bb:0a:d2:9e:03:fd:45:d5:
                    1b:15:5a:ed:2c:ff:f0:b7:69:4a:10:95:20:92:cf:
                    da:8f:5e:ca:91:3e:08:a6:bf:41:8f:8c:97:0e:ca:
                    21:0d:10:5c:f9:1e:b4:68:29:8c:74:bc:ca:99:e4:
                    1b:63:e4:d8:e7:ba:6a:15:6f:b9:86:89:ec:74:6e:
                    54:eb:b2:2f:67:bb:e3:c2:99:97:38:0c:14:c3:7c:
                    5a:ce:56:09:0b:96:79:05:c5:75:2f:5b:91:8b:66:
                    ac:ab:70:d3:2b:88:d2:74:c0:ba:a3:8b:e4:47:17:
                    db:7b:8f:66:7d:cf:ef:2d:e5:95:86:d1:71:39:b8:
                    bb:65:dc:13:61:df:0c:49:02:7e:30:a4:5e:7c:c3:
                    77:ac:ba:2c:65:a0:07:36:ef:3f:93:6d:c0:f8:1a:
                    55:c1:ee:20:46:fe:19:85:89:db:dc:10:61:5b:99:
                    eb:46:62:25:e9:9b:a6:45:f5:30:15:1a:97:78:f3:
                    f5:6e:94:5b:5a:46:83:59:76:36:6f:ce:05:f0:be:
                    27:28:53:9e:dd:9f:1e:69:e5:93:95:9d:e8:10:95:
                    bc:11:6e:ab:f6:40:19:20:38:00:c9:22:96:41:b6:
                    77:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D7:9F:F1:9F:71:54:9A:91:3A:4E:76:F0:BD:7B:10:1A:64:A8:17
            X509v3 Authority Key Identifier:
                keyid:61:B1:E3:1C:09:FE:82:6F:E4:D7:92:E7:FA:88:55:E0:AD:39:34:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbHjHAn-gm_k15Ln-ohV4K05NCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/fb2a45-8d94-4a8d-bcb0-6191b9d0cda3/1/Z9ef8Z9xVJqROk528L17EBpkqBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/fb2a45-8d94-4a8d-bcb0-6191b9d0cda3/1/YbHjHAn-gm_k15Ln-ohV4K05NCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.200.0/22
                IPv6:
                  2a01:7fe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:6c:43:49:c6:10:92:bc:e6:7d:30:28:89:91:85:af:26:db:
         f3:7d:d4:63:68:7c:b8:2e:dd:92:de:33:0d:22:e9:18:4e:38:
         d4:dc:56:e0:69:fb:90:59:32:2f:aa:98:ba:2b:2f:95:2e:21:
         2a:a9:94:2f:f3:f0:1f:35:6e:ef:6b:56:e9:5a:1b:a8:58:ab:
         fe:88:e3:67:a2:e2:c2:72:be:9c:45:03:71:ce:4a:be:01:58:
         c1:fe:4a:de:f5:c4:13:ce:40:4b:36:41:b0:0c:e2:d9:ba:f9:
         dc:f3:93:5b:6c:bd:94:2c:58:bb:30:91:46:89:e8:75:65:f5:
         b0:77:43:ef:fe:10:67:c0:20:bb:21:fa:a7:33:11:d9:d1:87:
         c0:a5:2e:ae:c8:0c:7b:18:41:98:7e:2b:c4:10:fe:7f:52:b7:
         15:0a:99:c5:4d:6e:d9:94:f4:25:1c:a0:c5:02:3e:00:72:85:
         51:1f:dc:fc:00:4d:f6:5f:4b:78:19:76:e7:a2:b6:80:8d:3f:
         67:d2:bc:b6:98:d3:dd:ec:10:13:48:ec:b1:7e:be:64:74:79:
         07:e6:6c:fc:b5:c8:45:32:c8:eb:15:2e:13:d8:ed:a4:66:b9:
         e5:71:ae:1b:11:c8:49:e5:3e:57:0c:d3:64:7d:12:19:c3:3b:
         00:78:ee:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtw5qHBoFjDB+h2mP5CrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjFlMzFjMDlmZTgyNmZlNGQ3OTJlN2ZhODg1NWUwYWQz
OTM0MmEwHhcNMjQwMTAxMDYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q3OWZmMTlmNzE1NDlhOTEzYTRlNzZmMGJkN2IxMDFhNjRhODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt0mHqaJJK09Wp/KzFsG/6xo06el
uwrSngP9RdUbFVrtLP/wt2lKEJUgks/aj17KkT4Ipr9Bj4yXDsohDRBc+R60aCmM
dLzKmeQbY+TY57pqFW+5honsdG5U67IvZ7vjwpmXOAwUw3xazlYJC5Z5BcV1L1uR
i2asq3DTK4jSdMC6o4vkRxfbe49mfc/vLeWVhtFxObi7ZdwTYd8MSQJ+MKRefMN3
rLosZaAHNu8/k23A+BpVwe4gRv4ZhYnb3BBhW5nrRmIl6ZumRfUwFRqXePP1bpRb
WkaDWXY2b84F8L4nKFOe3Z8eaeWTlZ3oEJW8EW6r9kAZIDgAySKWQbZ3wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGfXn/GfcVSakTpOdvC9exAaZKgXMB8GA1UdIwQY
MBaAFGGx4xwJ/oJv5NeS5/qIVeCtOTQqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJIakhBbi1nbV9rMTVMbi1vaFY0SzA1TkNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mYjJhNDUtOGQ5NC00YThkLWJjYjAt
NjE5MWI5ZDBjZGEzLzEvWjllZjhaOXhWSnFST2s1MjhMMTdFQnBrcUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mYjJhNDUtOGQ5NC00YThkLWJjYjAtNjE5MWI5ZDBjZGEz
LzEvWWJIakhBbi1nbV9rMTVMbi1vaFY0SzA1TkNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS3IMA0E
AgACMAcDBQAqAX/gMA0GCSqGSIb3DQEBCwUAA4IBAQBRbENJxhCSvOZ9MCiJkYWv
JtvzfdRjaHy4Lt2S3jMNIukYTjjU3FbgafuQWTIvqpi6Ky+VLiEqqZQv8/AfNW7v
a1bpWhuoWKv+iONnouLCcr6cRQNxzkq+AVjB/kre9cQTzkBLNkGwDOLZuvnc85Nb
bL2ULFi7MJFGieh1ZfWwd0Pv/hBnwCC7IfqnMxHZ0YfApS6uyAx7GEGYfivEEP5/
UrcVCpnFTW7ZlPQlHKDFAj4AcoVRH9z8AE32X0t4GXbnoraAjT9n0ry2mNPd7BAT
SOyxfr5kdHkH5mz8tchFMsjrFS4T2O2kZrnlca4bEchJ5T5XDNNkfRIZwzsAeO67
-----END CERTIFICATE-----