Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/yPZJDZv80_bSOLjRSpo-gn4xeTs.roa
File:                     yPZJDZv80_bSOLjRSpo-gn4xeTs.roa (raw, json)
Hash identifier:          6XzeAfTVVHta2osgwIzqFw/1gCx3SwrlG1AmYQncnXw=
Subject key identifier:   C8:F6:49:0D:9B:FC:D3:F6:D2:38:B8:D1:4A:9A:3E:82:7E:31:79:3B
Certificate issuer:       /CN=e8d062a969d2142bb8506a571180b45bd0fab934
Certificate serial:       018CC5DC020E9B0934DBA8F30120B8C79F5B
Authority key identifier: E8:D0:62:A9:69:D2:14:2B:B8:50:6A:57:11:80:B4:5B:D0:FA:B9:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/yPZJDZv80_bSOLjRSpo-gn4xeTs.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42521
IP address blocks:        45.150.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:02:0e:9b:09:34:db:a8:f3:01:20:b8:c7:9f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8d062a969d2142bb8506a571180b45bd0fab934
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8f6490d9bfcd3f6d238b8d14a9a3e827e31793b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e9:ef:6f:2a:bc:ef:8f:f4:46:04:a0:61:33:
                    86:7d:2d:47:9a:7a:1c:73:63:59:be:f7:c5:f7:3b:
                    11:51:2a:62:94:aa:a0:3f:e5:f6:1e:c9:6e:e7:bc:
                    85:85:2f:17:12:1f:74:47:80:01:58:d4:fe:70:96:
                    ee:63:59:68:c5:9f:f1:ff:59:05:16:01:b2:de:dd:
                    10:6b:68:53:1e:d6:1d:e4:b8:82:73:70:94:50:9d:
                    13:1b:40:21:12:6d:4b:de:fa:44:4e:a8:40:0f:ec:
                    96:92:17:1b:68:64:0e:73:36:d7:ec:d9:94:7a:87:
                    ae:d6:63:01:83:e2:d4:d6:ee:80:f7:75:dc:57:f7:
                    58:bc:86:16:b1:39:88:77:e6:62:d9:62:85:2f:90:
                    83:7b:e3:76:a7:b6:fe:ba:5f:14:1e:c8:e3:f8:00:
                    21:11:7f:c9:6a:66:19:19:95:7f:c3:1f:1d:d1:9e:
                    9b:17:56:2c:22:92:70:ee:3b:24:97:96:96:75:5b:
                    23:aa:16:84:01:28:dd:82:09:75:9b:3e:ec:07:09:
                    39:0d:4b:16:d7:99:4e:48:53:35:3a:80:91:3c:73:
                    99:49:f5:38:c9:b7:3b:fa:8b:11:f1:86:3b:0d:06:
                    af:d9:8d:88:95:d7:b3:e3:19:54:68:f9:52:28:6d:
                    26:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F6:49:0D:9B:FC:D3:F6:D2:38:B8:D1:4A:9A:3E:82:7E:31:79:3B
            X509v3 Authority Key Identifier:
                keyid:E8:D0:62:A9:69:D2:14:2B:B8:50:6A:57:11:80:B4:5B:D0:FA:B9:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/yPZJDZv80_bSOLjRSpo-gn4xeTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:05:9a:5d:91:ba:e7:20:c1:cf:85:c1:1b:45:e1:ab:03:69:
         f7:61:81:5e:57:6b:11:1c:00:b0:10:d6:78:73:13:36:1a:cc:
         4f:6d:b3:b7:f8:79:ec:1c:0a:08:7a:14:a3:31:e7:79:d8:56:
         ee:b2:13:70:2b:da:3d:8a:4c:cf:ec:cc:d6:bb:a3:8b:63:f2:
         05:d2:06:40:cd:d3:27:87:9f:4f:35:9d:75:db:2f:b6:ae:8e:
         d1:74:c8:d4:79:c8:c7:c2:7c:fa:02:ac:cd:85:36:d1:eb:9e:
         c0:65:a1:aa:04:58:28:77:78:7b:f7:e7:9d:80:87:70:e4:6b:
         9a:13:83:bd:59:68:b1:d3:3a:7f:c1:a1:75:74:76:3f:c1:1a:
         b6:86:01:b1:4f:36:fe:b2:49:ad:c6:8c:de:06:38:77:bb:6e:
         92:60:88:92:be:ca:d9:f4:60:d4:4c:a0:b1:1f:cc:92:72:e0:
         ee:9f:93:50:cb:df:bc:44:60:e7:81:bb:52:91:f9:b4:71:ac:
         d2:ca:9d:63:d4:05:e7:b9:59:10:02:a7:cd:af:10:3a:cc:33:
         c2:46:95:f4:1c:83:57:98:89:90:21:92:d6:b7:a7:66:a4:15:
         eb:6c:d3:e6:8f:43:45:44:07:43:29:23:cc:5a:70:86:af:30:
         ed:3a:06:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AIOmwk026jzASC4x59bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZDA2MmE5NjlkMjE0MmJiODUwNmE1NzExODBiNDViZDBm
YWI5MzQwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY2NDkwZDliZmNkM2Y2ZDIzOGI4ZDE0YTlhM2U4MjdlMzE3OTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArunvbyq874/0RgSgYTOGfS1Hmnoc
c2NZvvfF9zsRUSpilKqgP+X2Hslu57yFhS8XEh90R4ABWNT+cJbuY1loxZ/x/1kF
FgGy3t0Qa2hTHtYd5LiCc3CUUJ0TG0AhEm1L3vpETqhAD+yWkhcbaGQOczbX7NmU
eoeu1mMBg+LU1u6A93XcV/dYvIYWsTmId+Zi2WKFL5CDe+N2p7b+ul8UHsjj+AAh
EX/JamYZGZV/wx8d0Z6bF1YsIpJw7jskl5aWdVsjqhaEASjdggl1mz7sBwk5DUsW
15lOSFM1OoCRPHOZSfU4ybc7+osR8YY7DQav2Y2Ildez4xlUaPlSKG0mewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMj2SQ2b/NP20ji40UqaPoJ+MXk7MB8GA1UdIwQY
MBaAFOjQYqlp0hQruFBqVxGAtFvQ+rk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk5CaXFXblNGQ3U0VUdwWEVZQzBXOUQ2dVRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hOTkxNmEtMTNiZi00NzcwLThlNDQt
NThiNmE1Nzg0YWI3LzEveVBaSkRadjgwX2JTT0xqUlNwby1nbjR4ZVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hOTkxNmEtMTNiZi00NzcwLThlNDQtNThiNmE1Nzg0YWI3
LzEvNk5CaXFXblNGQ3U0VUdwWEVZQzBXOUQ2dVRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZbOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5BZpdkbrnIMHPhcEbReGrA2n3YYFeV2sRHACwENZ4
cxM2GsxPbbO3+HnsHAoIehSjMed52FbushNwK9o9ikzP7MzWu6OLY/IF0gZAzdMn
h59PNZ112y+2ro7RdMjUecjHwnz6AqzNhTbR657AZaGqBFgod3h79+edgIdw5Gua
E4O9WWix0zp/waF1dHY/wRq2hgGxTzb+skmtxozeBjh3u26SYIiSvsrZ9GDUTKCx
H8yScuDun5NQy9+8RGDngbtSkfm0cazSyp1j1AXnuVkQAqfNrxA6zDPCRpX0HINX
mImQIZLWt6dmpBXrbNPmj0NFRAdDKSPMWnCGrzDtOgb0
-----END CERTIFICATE-----