Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/yS-sUQfBIeS03YvDIch5S3kAZc0.roa
File:                     yS-sUQfBIeS03YvDIch5S3kAZc0.roa (raw, json)
Hash identifier:          vmZ63NxUREbusbJ/Gia2Kf2jq2op0OnEW7ChqwGEH0Q=
Subject key identifier:   C9:2F:AC:51:07:C1:21:E4:B4:DD:8B:C3:21:C8:79:4B:79:00:65:CD
Certificate issuer:       /CN=da980a45fe487366e386b6064c2c652519f9fc93
Certificate serial:       018CC5012EFC69C59744A64888C5A04B5427
Authority key identifier: DA:98:0A:45:FE:48:73:66:E3:86:B6:06:4C:2C:65:25:19:F9:FC:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/yS-sUQfBIeS03YvDIch5S3kAZc0.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        45.154.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2e:fc:69:c5:97:44:a6:48:88:c5:a0:4b:54:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da980a45fe487366e386b6064c2c652519f9fc93
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c92fac5107c121e4b4dd8bc321c8794b790065cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6d:fd:67:a8:54:0b:09:7c:59:5a:ae:b8:1f:
                    93:87:69:b9:da:ca:57:18:0c:0b:f5:b1:0c:12:b9:
                    64:55:7c:57:fb:ae:01:03:ae:87:e7:27:7f:37:8f:
                    91:e7:90:96:a1:60:c3:f6:c7:58:72:75:af:53:eb:
                    4f:7a:e8:ae:cb:fb:64:59:51:70:81:1f:b9:38:6f:
                    80:da:f1:9d:2f:19:5a:ff:d9:e9:b3:c8:78:80:01:
                    3d:2f:51:a5:7b:52:07:42:ee:99:bb:14:d9:8e:97:
                    e0:54:8b:39:5e:20:15:c2:88:4d:65:83:a5:36:96:
                    82:19:b9:50:68:50:b2:3f:d5:d2:36:6b:27:da:be:
                    d4:c3:d6:cc:6a:43:8a:75:c1:7c:c0:43:55:b2:d7:
                    9a:5f:75:a5:59:16:11:0b:bf:f3:9c:3c:49:30:12:
                    f4:8f:86:30:9c:a5:d0:a2:a2:5b:0c:58:98:31:c8:
                    78:5f:fd:88:5c:74:f9:31:3f:ea:20:0d:56:ed:4f:
                    b4:8c:cf:18:cc:3f:42:1c:af:b6:60:0d:04:19:4d:
                    19:bb:6e:0a:a5:aa:62:5d:37:87:e4:df:59:56:49:
                    29:07:5d:d3:da:1a:e8:82:f7:92:e7:08:10:95:f6:
                    14:68:cc:40:ab:37:84:19:d9:0b:ce:b2:8a:05:b4:
                    60:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:2F:AC:51:07:C1:21:E4:B4:DD:8B:C3:21:C8:79:4B:79:00:65:CD
            X509v3 Authority Key Identifier:
                keyid:DA:98:0A:45:FE:48:73:66:E3:86:B6:06:4C:2C:65:25:19:F9:FC:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/yS-sUQfBIeS03YvDIch5S3kAZc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:14:7b:78:e0:f7:dd:a1:8a:98:fe:2e:4c:5c:cc:8d:ab:da:
         ec:cb:62:0a:43:eb:57:b1:2c:73:82:ab:8b:a5:c7:93:92:7d:
         c8:28:33:05:af:8b:9d:3e:03:9c:d2:8f:0f:4a:87:49:fb:55:
         df:2d:93:b4:ce:24:bc:ef:8f:00:62:ff:3a:8f:58:ad:c5:0f:
         17:e3:b4:c3:11:d9:c2:72:1c:b4:a0:6e:2d:ad:4b:04:b8:b9:
         99:8b:1d:08:48:ac:89:05:b6:00:b8:f5:4b:a7:50:82:72:68:
         23:76:b4:21:e5:7f:ab:0c:08:9b:af:b6:f3:5b:46:a7:df:22:
         78:e8:db:2b:e2:ea:1a:c4:5e:de:d8:ba:b9:2f:44:dd:f2:9f:
         1c:d1:0b:e1:7b:5f:e6:54:0b:92:94:26:b8:2c:7b:5a:1a:08:
         90:5e:97:54:2b:45:3f:7f:5f:de:1c:c8:31:58:75:67:bd:7e:
         99:53:ff:d2:f6:9e:65:9a:77:00:c4:e7:29:35:77:bb:f6:5a:
         4a:08:d1:05:6a:03:0b:74:6f:b1:00:8b:81:25:53:ae:a2:d2:
         c3:55:96:52:9e:0b:22:c3:f0:d8:99:af:5d:ba:01:05:19:ec:
         8a:5a:28:5b:ab:3e:8b:f4:29:12:1a:0d:ef:b5:c8:ae:42:57:
         2e:39:c9:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAS78acWXRKZIiMWgS1QnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOTgwYTQ1ZmU0ODczNjZlMzg2YjYwNjRjMmM2NTI1MTlm
OWZjOTMwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTJmYWM1MTA3YzEyMWU0YjRkZDhiYzMyMWM4Nzk0Yjc5MDA2NWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsW39Z6hUCwl8WVquuB+Th2m52spX
GAwL9bEMErlkVXxX+64BA66H5yd/N4+R55CWoWDD9sdYcnWvU+tPeuiuy/tkWVFw
gR+5OG+A2vGdLxla/9nps8h4gAE9L1Gle1IHQu6ZuxTZjpfgVIs5XiAVwohNZYOl
NpaCGblQaFCyP9XSNmsn2r7Uw9bMakOKdcF8wENVsteaX3WlWRYRC7/znDxJMBL0
j4YwnKXQoqJbDFiYMch4X/2IXHT5MT/qIA1W7U+0jM8YzD9CHK+2YA0EGU0Zu24K
papiXTeH5N9ZVkkpB13T2hrogveS5wgQlfYUaMxAqzeEGdkLzrKKBbRgcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkvrFEHwSHktN2LwyHIeUt5AGXNMB8GA1UdIwQY
MBaAFNqYCkX+SHNm44a2BkwsZSUZ+fyTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnBnS1JmNUljMmJqaHJZR1RDeGxKUm41X0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80MTBlMzktYjhhNi00NmNhLWFjZGMt
M2YxMmFmZjI3NGRhLzEveVMtc1VRZkJJZVMwM1l2REljaDVTM2tBWmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80MTBlMzktYjhhNi00NmNhLWFjZGMtM2YxMmFmZjI3NGRh
LzEvMnBnS1JmNUljMmJqaHJZR1RDeGxKUm41X0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpuMA0G
CSqGSIb3DQEBCwUAA4IBAQB6FHt44PfdoYqY/i5MXMyNq9rsy2IKQ+tXsSxzgquL
pceTkn3IKDMFr4udPgOc0o8PSodJ+1XfLZO0ziS8748AYv86j1itxQ8X47TDEdnC
chy0oG4trUsEuLmZix0ISKyJBbYAuPVLp1CCcmgjdrQh5X+rDAibr7bzW0an3yJ4
6Nsr4uoaxF7e2Lq5L0Td8p8c0Qvhe1/mVAuSlCa4LHtaGgiQXpdUK0U/f1/eHMgx
WHVnvX6ZU//S9p5lmncAxOcpNXe79lpKCNEFagMLdG+xAIuBJVOuotLDVZZSngsi
w/DYma9dugEFGeyKWihbqz6L9CkSGg3vtciuQlcuOclY
-----END CERTIFICATE-----