Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/ye8sNWKX0Sk2732cjcyJoceyxNY.roa
File:                     ye8sNWKX0Sk2732cjcyJoceyxNY.roa (raw, json)
Hash identifier:          2IZkBa2CcNO4tQ9PL4CcBLvE82l4p/xlvY/xMKIeQeQ=
Subject key identifier:   C9:EF:2C:35:62:97:D1:29:36:EF:7D:9C:8D:CC:89:A1:C7:B2:C4:D6
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       018CC79463F888556BB93E85246992393E10
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/ye8sNWKX0Sk2732cjcyJoceyxNY.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203039
IP address blocks:        45.155.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:63:f8:88:55:6b:b9:3e:85:24:69:92:39:3e:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9ef2c356297d12936ef7d9c8dcc89a1c7b2c4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2a:df:fe:e7:75:c5:88:de:a3:21:bf:21:9e:
                    05:83:00:b7:ce:fe:eb:09:7b:ef:de:6c:98:e2:cb:
                    2f:29:b7:b0:61:0d:5b:f0:4d:45:3f:40:f1:0f:ff:
                    e8:51:51:f6:04:19:c0:a9:84:bb:23:d8:57:66:1b:
                    de:31:28:8f:11:76:01:b3:8a:e9:56:2a:6d:5e:8b:
                    c2:27:e7:98:a5:8e:39:fc:6e:f9:80:e1:70:60:7f:
                    16:42:1b:c5:e9:cf:d2:47:91:0b:ef:46:98:ec:09:
                    c0:19:0c:37:a9:37:4e:1b:97:c3:f5:d6:55:b6:57:
                    92:98:54:46:77:df:21:f0:66:41:0f:05:6c:9b:ee:
                    24:4b:05:2f:e9:06:05:7e:96:db:c4:99:8b:9d:af:
                    14:ad:4d:e4:55:e6:ec:bf:00:d3:63:75:f5:a5:4e:
                    7a:24:93:86:3e:08:1b:5b:f4:78:b7:eb:f1:0d:a4:
                    95:6e:99:82:bd:60:51:33:84:cd:c9:9b:54:fd:c1:
                    f8:13:00:80:64:96:20:4a:79:38:a7:52:7c:d1:57:
                    76:13:96:44:e1:f9:49:67:60:cc:e1:81:fc:81:99:
                    66:36:de:92:98:db:f0:bd:35:2f:b7:87:c5:71:07:
                    10:af:67:5b:8b:5e:3b:fa:ad:b3:ee:aa:2a:5f:41:
                    7d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:EF:2C:35:62:97:D1:29:36:EF:7D:9C:8D:CC:89:A1:C7:B2:C4:D6
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/ye8sNWKX0Sk2732cjcyJoceyxNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:85:f3:bc:ff:47:d0:6e:1f:77:d6:ec:28:d6:23:66:92:f3:
         71:cb:55:56:33:b2:53:0f:88:4b:41:3e:37:c8:c7:35:6b:69:
         17:13:c6:88:41:d7:6e:d6:51:45:3b:74:9a:b7:c6:0d:c1:25:
         37:ee:0c:2d:d7:70:aa:9e:6e:60:fe:91:d7:c8:96:1f:71:fc:
         b1:b1:dc:98:fe:b9:29:e3:04:fc:af:d8:a2:38:c5:7e:c5:33:
         01:c7:3b:a8:ca:6b:c5:68:87:5a:67:b9:b2:31:19:5f:0d:2b:
         63:72:69:d2:60:7e:18:ce:fb:d0:3c:01:f5:07:8b:c6:dd:16:
         90:36:54:d4:54:c4:b2:4a:98:51:26:c6:4f:d1:70:1a:da:a4:
         37:fe:bf:6f:99:20:be:a8:d5:c0:63:02:85:f7:1d:29:96:16:
         10:7d:7b:6e:4a:15:5f:ca:d7:d5:66:66:14:17:c5:14:8c:2f:
         32:d8:08:79:76:6a:34:43:b8:9b:4f:85:51:18:2d:33:53:ba:
         8b:b0:43:56:16:f6:ea:0e:ae:0d:fb:a9:04:cd:b6:28:bf:d2:
         bf:60:02:2e:a8:e6:94:c6:eb:31:4e:9d:bb:09:15:0c:c1:96:
         53:b1:7d:a5:18:88:c2:a3:fe:1e:b6:36:76:f2:46:20:34:40:
         68:dc:66:42
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlGP4iFVruT6FJGmSOT4QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWVmMmMzNTYyOTdkMTI5MzZlZjdkOWM4ZGNjODlhMWM3YjJjNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCrf/ud1xYjeoyG/IZ4FgwC3zv7r
CXvv3myY4ssvKbewYQ1b8E1FP0DxD//oUVH2BBnAqYS7I9hXZhveMSiPEXYBs4rp
ViptXovCJ+eYpY45/G75gOFwYH8WQhvF6c/SR5EL70aY7AnAGQw3qTdOG5fD9dZV
tleSmFRGd98h8GZBDwVsm+4kSwUv6QYFfpbbxJmLna8UrU3kVebsvwDTY3X1pU56
JJOGPggbW/R4t+vxDaSVbpmCvWBRM4TNyZtU/cH4EwCAZJYgSnk4p1J80Vd2E5ZE
4flJZ2DM4YH8gZlmNt6SmNvwvTUvt4fFcQcQr2dbi147+q2z7qoqX0F9NQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMnvLDVil9EpNu99nI3MiaHHssTWMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL3llOHNOV0tYMFNrMjczMmNqY3lKb2NleXhOWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtm6Uw
DQYJKoZIhvcNAQELBQADggEBABCF87z/R9BuH3fW7CjWI2aS83HLVVYzslMPiEtB
PjfIxzVraRcTxohB127WUUU7dJq3xg3BJTfuDC3XcKqebmD+kdfIlh9x/LGx3Jj+
uSnjBPyv2KI4xX7FMwHHO6jKa8Voh1pnubIxGV8NK2NyadJgfhjO+9A8AfUHi8bd
FpA2VNRUxLJKmFEmxk/RcBrapDf+v2+ZIL6o1cBjAoX3HSmWFhB9e25KFV/K19Vm
ZhQXxRSMLzLYCHl2ajRDuJtPhVEYLTNTuouwQ1YW9uoOrg37qQTNtii/0r9gAi6o
5pTG6zFOnbsJFQzBllOxfaUYiMKj/h62NnbyRiA0QGjcZkI=
-----END CERTIFICATE-----