Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/kYDxjDpVodQ5VNjyT92okY4hztA.roa
File:                     kYDxjDpVodQ5VNjyT92okY4hztA.roa (raw, json)
Hash identifier:          uQj9tSMujkpWv4lC0T3XdmEw8hXp+xbZj3ESkD0kk+A=
Subject key identifier:   91:80:F1:8C:3A:55:A1:D4:39:54:D8:F2:4F:DD:A8:91:8E:21:CE:D0
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       01909B8FDA441BB4DCF5F651096B6DE91017
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/kYDxjDpVodQ5VNjyT92okY4hztA.roa
Signing time:             Wed 10 Jul 2024 07:33:34 +0000
ROA not before:           Wed 10 Jul 2024 07:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.87.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:8f:da:44:1b:b4:dc:f5:f6:51:09:6b:6d:e9:10:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jul 10 07:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9180f18c3a55a1d43954d8f24fdda8918e21ced0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:fb:dc:81:1a:5a:ff:52:e2:4c:dc:5c:52:12:
                    d9:51:e1:93:b2:4f:05:95:be:f7:7b:e4:8a:31:59:
                    d4:b0:4b:99:89:b2:6b:96:89:db:c9:fc:48:b2:cd:
                    68:c3:ae:98:52:b7:d4:b8:5b:9b:9a:75:22:04:d6:
                    c5:36:5e:63:95:15:0a:67:42:30:81:20:a9:59:cb:
                    56:e8:fa:55:ac:1e:3d:91:a7:db:13:3a:cb:81:63:
                    23:68:d5:f2:55:bc:ed:1c:56:2f:ca:d5:71:67:af:
                    cc:f4:2b:27:5f:dc:8e:ba:ea:f6:ea:f9:9a:36:c3:
                    a0:f3:9a:2e:2f:4a:71:4a:58:53:f5:54:f9:c2:72:
                    79:20:67:38:5d:09:1d:a9:17:12:52:30:d1:5c:69:
                    08:92:c0:d4:5c:74:e2:eb:01:11:4e:b5:1c:b3:58:
                    32:cc:b1:0f:72:5c:54:70:28:aa:d7:b6:30:d6:6b:
                    40:c7:18:45:ed:77:b2:5f:dc:05:32:1c:6e:d9:4f:
                    02:47:28:fa:73:c0:61:36:06:5b:a3:11:9e:3c:91:
                    e2:9c:bc:8b:10:78:54:c1:1c:75:96:6f:22:38:7e:
                    6b:9a:fb:50:92:6b:ac:4d:69:57:45:9b:86:aa:f4:
                    00:54:20:e4:11:9c:c0:17:8e:b2:55:f1:24:0b:7e:
                    cd:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:80:F1:8C:3A:55:A1:D4:39:54:D8:F2:4F:DD:A8:91:8E:21:CE:D0
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/kYDxjDpVodQ5VNjyT92okY4hztA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:a1:c1:dd:2b:71:6e:ef:3b:b2:04:27:b9:d3:a7:1c:d5:1e:
         ca:fe:59:f3:05:62:b5:25:2a:2d:af:cb:56:81:9e:ba:cd:a6:
         f6:ec:d3:fe:7c:89:17:11:93:a2:59:5e:1c:59:5f:0a:cc:84:
         40:2f:4a:13:e0:16:88:5a:1b:f2:5b:8d:32:77:06:11:d9:be:
         c4:b1:24:8c:5d:ff:8a:f9:bc:0e:b1:dc:35:f9:ff:d7:ca:69:
         eb:0b:c5:30:93:f6:d0:3b:05:4f:fd:a6:ba:a3:cd:59:d2:f9:
         45:b4:fd:57:51:26:28:e9:a1:02:85:f2:2c:6e:31:08:da:cd:
         31:1e:af:a4:68:c4:b9:96:31:e1:a6:5a:86:db:50:a9:dd:56:
         fc:8a:16:5f:b5:03:23:7e:26:aa:32:92:f5:1f:4a:55:70:96:
         a0:c1:ed:aa:5b:4b:30:cf:f1:97:b7:af:41:5a:50:f8:d6:51:
         c1:fc:88:0d:72:14:85:f0:51:e4:4d:b5:2b:df:fa:43:1b:03:
         2a:1f:16:f1:e2:5f:06:e7:68:69:78:37:1b:b5:d8:68:12:0c:
         e3:66:cd:45:70:0d:e7:8c:7d:a4:31:82:52:f3:ef:7c:79:7c:
         96:e9:c5:bf:56:e2:e5:29:1f:da:7a:d6:cd:f7:da:cd:28:23:
         81:7f:8e:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCbj9pEG7Tc9fZRCWtt6RAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjQwNzEwMDczMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTgwZjE4YzNhNTVhMWQ0Mzk1NGQ4ZjI0ZmRkYTg5MThlMjFjZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PvcgRpa/1LiTNxcUhLZUeGTsk8F
lb73e+SKMVnUsEuZibJrlonbyfxIss1ow66YUrfUuFubmnUiBNbFNl5jlRUKZ0Iw
gSCpWctW6PpVrB49kafbEzrLgWMjaNXyVbztHFYvytVxZ6/M9CsnX9yOuur26vma
NsOg85ouL0pxSlhT9VT5wnJ5IGc4XQkdqRcSUjDRXGkIksDUXHTi6wERTrUcs1gy
zLEPclxUcCiq17Yw1mtAxxhF7XeyX9wFMhxu2U8CRyj6c8BhNgZboxGePJHinLyL
EHhUwRx1lm8iOH5rmvtQkmusTWlXRZuGqvQAVCDkEZzAF46yVfEkC37NRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGA8Yw6VaHUOVTY8k/dqJGOIc7QMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEva1lEeGpEcFZvZFE1Vk5qeVQ5Mm9rWTRoenRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVeiMA0G
CSqGSIb3DQEBCwUAA4IBAQBIocHdK3Fu7zuyBCe506cc1R7K/lnzBWK1JSotr8tW
gZ66zab27NP+fIkXEZOiWV4cWV8KzIRAL0oT4BaIWhvyW40ydwYR2b7EsSSMXf+K
+bwOsdw1+f/XymnrC8Uwk/bQOwVP/aa6o81Z0vlFtP1XUSYo6aEChfIsbjEI2s0x
Hq+kaMS5ljHhplqG21Cp3Vb8ihZftQMjfiaqMpL1H0pVcJagwe2qW0swz/GXt69B
WlD41lHB/IgNchSF8FHkTbUr3/pDGwMqHxbx4l8G52hpeDcbtdhoEgzjZs1FcA3n
jH2kMYJS8+98eXyW6cW/VuLlKR/aetbN99rNKCOBf45n
-----END CERTIFICATE-----