Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/ohjvghtqJIakmbhvKxR7ocuVfCE.roa
File:                     ohjvghtqJIakmbhvKxR7ocuVfCE.roa (raw, json)
Hash identifier:          QzyoITJveDQ3vPMd2IfW2VcTnwBRMah7st7zGnLLNpw=
Subject key identifier:   A2:18:EF:82:1B:6A:24:86:A4:99:B8:6F:2B:14:7B:A1:CB:95:7C:21
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018E191E374D647DAA90DD4EEDCAF7E18D74
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/ohjvghtqJIakmbhvKxR7ocuVfCE.roa
Signing time:             Thu 07 Mar 2024 13:33:14 +0000
ROA not before:           Thu 07 Mar 2024 13:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209155
IP address blocks:        45.93.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:1e:37:4d:64:7d:aa:90:dd:4e:ed:ca:f7:e1:8d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Mar  7 13:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a218ef821b6a2486a499b86f2b147ba1cb957c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:08:1e:63:01:e4:95:f6:52:0f:57:d3:6c:47:
                    86:54:92:c4:e3:f4:26:95:34:44:68:96:13:5f:f0:
                    ff:9a:bd:3a:3a:00:e6:d2:7b:58:d2:5e:a4:1c:75:
                    0d:86:80:b4:3d:f8:9e:4d:5d:ed:fa:cb:dc:ff:1f:
                    36:54:f4:be:f4:ad:4b:15:7e:99:1e:ee:56:57:e1:
                    dc:3b:bb:ee:15:2b:3a:68:d3:86:7a:51:8d:db:96:
                    6a:e8:90:18:2d:84:e9:fd:ff:54:cd:52:b0:38:a5:
                    fa:69:5d:e3:0f:23:e8:a6:10:79:20:39:01:33:10:
                    0e:f7:ed:20:d0:1e:33:4e:58:fa:c7:82:10:90:fe:
                    57:53:6f:a7:53:1d:bb:63:f8:03:df:b5:94:75:74:
                    f2:e6:7f:34:8f:10:9a:44:05:ef:b9:48:7a:33:df:
                    24:1e:a2:ce:9e:8b:4e:49:6f:82:2e:a0:33:a8:ab:
                    00:de:03:86:29:87:4a:05:9e:f7:5d:9a:10:7c:8a:
                    72:a4:45:2c:84:4b:db:95:70:43:35:1a:1d:67:11:
                    b5:d9:19:58:39:9e:1a:3f:9a:22:6d:1d:d7:ac:e9:
                    f8:46:85:37:30:46:5d:fc:8a:8f:73:8c:48:b8:e0:
                    f3:d1:7b:c5:ee:c5:85:6b:b5:b2:25:47:60:ff:74:
                    ed:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:18:EF:82:1B:6A:24:86:A4:99:B8:6F:2B:14:7B:A1:CB:95:7C:21
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/ohjvghtqJIakmbhvKxR7ocuVfCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:96:2f:cb:53:8a:ce:7a:00:e3:61:84:cb:6b:a3:90:4c:3c:
         34:cc:47:c1:1a:29:bd:51:6c:ee:8a:25:e4:ca:ee:5f:34:3f:
         49:d9:ba:1c:12:ab:1d:a1:4a:53:58:db:6c:db:20:3b:38:7a:
         b7:55:3d:2d:7c:cb:2c:e4:f2:7e:1a:92:6f:94:a9:c6:1a:66:
         81:cb:14:a8:4d:f3:09:44:ce:b1:50:5b:3a:38:37:1a:3e:7b:
         7c:0d:ac:ff:0d:08:6e:07:8a:f2:b3:d3:1d:b9:b2:26:94:11:
         a6:63:2f:63:03:f3:5b:fa:dc:b0:74:87:6c:6c:32:a3:9e:e3:
         7a:ca:b1:0b:6a:b9:1d:db:79:97:1a:7b:cf:6a:3a:a8:e4:a6:
         9a:1c:a4:94:ac:45:bb:34:7e:b7:d2:dc:3c:a0:4e:09:b1:0d:
         de:ac:e1:68:16:c5:75:1e:5a:6b:87:8e:08:ba:01:d2:f8:e8:
         26:4c:52:05:78:87:5e:6c:82:8a:af:0d:74:50:43:7f:c5:c6:
         e4:ec:1b:a9:bf:50:cb:03:1e:48:84:c1:d6:94:eb:c1:2e:2d:
         87:67:74:78:42:1b:ec:83:eb:16:b2:e1:a7:ae:ae:42:8e:9d:
         1c:e4:02:20:d8:21:7d:e6:3e:e9:ee:33:93:62:f0:b9:e3:29:
         3a:38:42:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ZHjdNZH2qkN1O7cr34Y10MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMzA3MTMzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE4ZWY4MjFiNmEyNDg2YTQ5OWI4NmYyYjE0N2JhMWNiOTU3YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswgeYwHklfZSD1fTbEeGVJLE4/Qm
lTREaJYTX/D/mr06OgDm0ntY0l6kHHUNhoC0PfieTV3t+svc/x82VPS+9K1LFX6Z
Hu5WV+HcO7vuFSs6aNOGelGN25Zq6JAYLYTp/f9UzVKwOKX6aV3jDyPophB5IDkB
MxAO9+0g0B4zTlj6x4IQkP5XU2+nUx27Y/gD37WUdXTy5n80jxCaRAXvuUh6M98k
HqLOnotOSW+CLqAzqKsA3gOGKYdKBZ73XZoQfIpypEUshEvblXBDNRodZxG12RlY
OZ4aP5oibR3XrOn4RoU3MEZd/IqPc4xIuODz0XvF7sWFa7WyJUdg/3TtfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIY74IbaiSGpJm4bysUe6HLlXwhMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvb2hqdmdodHFKSWFrbWJodkt4UjdvY3VWZkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV0/MA0G
CSqGSIb3DQEBCwUAA4IBAQCNli/LU4rOegDjYYTLa6OQTDw0zEfBGim9UWzuiiXk
yu5fND9J2bocEqsdoUpTWNts2yA7OHq3VT0tfMss5PJ+GpJvlKnGGmaByxSoTfMJ
RM6xUFs6ODcaPnt8Daz/DQhuB4rys9MdubImlBGmYy9jA/Nb+tywdIdsbDKjnuN6
yrELarkd23mXGnvPajqo5KaaHKSUrEW7NH630tw8oE4JsQ3erOFoFsV1Hlprh44I
ugHS+OgmTFIFeIdebIKKrw10UEN/xcbk7Bupv1DLAx5IhMHWlOvBLi2HZ3R4Qhvs
g+sWsuGnrq5Cjp0c5AIg2CF95j7p7jOTYvC54yk6OELl
-----END CERTIFICATE-----