Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/TYQeQD1ysn5li6VJeZeQK_3erL0.roa
File:                     TYQeQD1ysn5li6VJeZeQK_3erL0.roa (raw, json)
Hash identifier:          dzi+R7+ToyVVvJOw2iGEvYCWff6UR0ILPu26gb5MVQE=
Subject key identifier:   4D:84:1E:40:3D:72:B2:7E:65:8B:A5:49:79:97:90:2B:FD:DE:AC:BD
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018F5D86592DDD0A88C0F18FC9DA637A97AF
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/TYQeQD1ysn5li6VJeZeQK_3erL0.roa
Signing time:             Thu 09 May 2024 13:23:56 +0000
ROA not before:           Thu 09 May 2024 13:23:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.43.140.0/24 maxlen: 24
                          45.43.141.0/24 maxlen: 24
                          104.239.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5d:86:59:2d:dd:0a:88:c0:f1:8f:c9:da:63:7a:97:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  9 13:23:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d841e403d72b27e658ba5497997902bfddeacbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:81:e0:76:d3:f4:44:ba:b4:ce:66:b7:5a:73:
                    b0:00:a5:ff:6b:7e:9c:38:19:d3:d1:1a:db:9c:c1:
                    d5:04:e5:96:7e:2b:4b:c7:2e:40:fb:1f:ba:ef:7b:
                    c2:32:78:9d:f9:cb:46:f3:57:e1:ab:3d:f5:32:5f:
                    43:4e:36:21:82:92:10:73:77:7e:db:ff:75:e5:fb:
                    0d:fb:07:90:00:e8:80:d2:3e:87:ab:1f:0b:34:7d:
                    b6:39:50:3e:76:d1:a8:dc:95:45:65:cb:54:dd:57:
                    4b:1d:e0:a6:68:2a:11:82:df:ff:8d:84:53:0f:6b:
                    c9:52:64:22:f0:1b:70:9d:53:1d:c1:40:51:dd:15:
                    f0:a6:2a:32:e7:10:a2:4c:1f:fb:c5:c0:26:3f:46:
                    ad:43:e2:44:32:95:56:60:15:e9:bc:bc:0e:7e:28:
                    75:b8:92:32:02:cc:96:99:a5:05:2e:ad:1a:1c:9e:
                    1e:06:c4:86:9c:a2:ff:4f:61:d3:7f:87:34:87:2e:
                    26:1e:5f:9a:0b:b1:fd:47:0c:ed:c9:71:ad:16:49:
                    3d:70:fc:35:48:74:89:88:69:04:ef:ad:2f:54:63:
                    4b:2e:c3:c9:b9:ca:68:e6:0e:3e:d9:a0:96:d8:6c:
                    11:d7:80:32:8f:00:98:e5:f6:cb:ee:68:4e:5b:25:
                    ca:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:84:1E:40:3D:72:B2:7E:65:8B:A5:49:79:97:90:2B:FD:DE:AC:BD
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/TYQeQD1ysn5li6VJeZeQK_3erL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.140.0/23
                  104.239.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b2:2b:86:1e:4a:02:b8:cc:cb:e2:ce:85:0b:68:84:dc:2d:
         c7:91:4a:e5:56:f9:9e:4d:aa:1d:6c:c2:59:88:1e:53:b8:d2:
         f5:dd:3f:20:64:ee:ec:e5:fe:d9:94:99:3b:ed:34:ea:12:e1:
         aa:69:8e:06:d3:72:5b:e7:37:01:0e:80:b8:5b:f8:8c:9f:5d:
         31:b3:24:d9:02:ae:10:e0:c0:85:e6:fd:3d:bb:29:f8:81:15:
         24:18:42:e6:38:ae:2c:77:28:af:eb:a3:73:35:29:1b:b6:6a:
         b6:9f:96:4a:d7:11:19:72:35:01:35:01:92:80:5f:dd:bb:ae:
         59:cb:8f:f1:2a:7e:64:61:d3:a8:a3:fb:2f:f5:9f:8e:a3:0d:
         e0:4d:08:02:83:97:3d:3b:4d:22:00:13:0b:ac:f8:18:f8:f0:
         3e:53:d7:08:29:16:16:2a:ae:f4:1f:4e:0f:7d:ed:02:58:12:
         3c:97:37:a1:83:00:e9:71:d5:ff:0e:ae:41:46:3f:16:a5:07:
         df:e9:3c:57:ee:a9:f7:5b:44:63:8d:a1:fe:a6:e8:44:5e:7a:
         ef:a6:ce:fb:09:ee:3d:b8:fe:50:89:54:bc:61:7f:c6:5b:30:
         8d:9f:01:18:48:4f:f3:c1:31:2c:93:9e:71:cf:e0:77:1c:29:
         35:b5:86:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9dhlkt3QqIwPGPydpjepevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNTA5MTMyMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDg0MWU0MDNkNzJiMjdlNjU4YmE1NDk3OTk3OTAyYmZkZGVhY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYHgdtP0RLq0zma3WnOwAKX/a36c
OBnT0RrbnMHVBOWWfitLxy5A+x+673vCMnid+ctG81fhqz31Ml9DTjYhgpIQc3d+
2/915fsN+weQAOiA0j6Hqx8LNH22OVA+dtGo3JVFZctU3VdLHeCmaCoRgt//jYRT
D2vJUmQi8BtwnVMdwUBR3RXwpioy5xCiTB/7xcAmP0atQ+JEMpVWYBXpvLwOfih1
uJIyAsyWmaUFLq0aHJ4eBsSGnKL/T2HTf4c0hy4mHl+aC7H9RwztyXGtFkk9cPw1
SHSJiGkE760vVGNLLsPJucpo5g4+2aCW2GwR14AyjwCY5fbL7mhOWyXKDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE2EHkA9crJ+ZYulSXmXkCv93qy9MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvVFlRZVFEMXlzbjVsaTZWSmVaZVFLXzNlckwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLSuMAwQA
aO9DMA0GCSqGSIb3DQEBCwUAA4IBAQB8siuGHkoCuMzL4s6FC2iE3C3HkUrlVvme
TaodbMJZiB5TuNL13T8gZO7s5f7ZlJk77TTqEuGqaY4G03Jb5zcBDoC4W/iMn10x
syTZAq4Q4MCF5v09uyn4gRUkGELmOK4sdyiv66NzNSkbtmq2n5ZK1xEZcjUBNQGS
gF/du65Zy4/xKn5kYdOoo/sv9Z+Oow3gTQgCg5c9O00iABMLrPgY+PA+U9cIKRYW
Kq70H04Pfe0CWBI8lzehgwDpcdX/Dq5BRj8WpQff6TxX7qn3W0RjjaH+puhEXnrv
ps77Ce49uP5QiVS8YX/GWzCNnwEYSE/zwTEsk55xz+B3HCk1tYZV
-----END CERTIFICATE-----