Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/YofeEmKkkFVx53c8qL986mkPobw.roa
File:                     YofeEmKkkFVx53c8qL986mkPobw.roa (raw, json)
Hash identifier:          8n8R9/FsWgBGc30CjDv0dAHDUWH7gvbrp1Wdj+GLCOs=
Subject key identifier:   62:87:DE:12:62:A4:90:55:71:E7:77:3C:A8:BF:7C:EA:69:0F:A1:BC
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EC46E16A2FC8647C114D7915CCFFBFBBA
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/YofeEmKkkFVx53c8qL986mkPobw.roa
Signing time:             Tue 09 Apr 2024 19:55:32 +0000
ROA not before:           Tue 09 Apr 2024 19:55:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51659
IP address blocks:        45.144.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:6e:16:a2:fc:86:47:c1:14:d7:91:5c:cf:fb:fb:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  9 19:55:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6287de1262a4905571e7773ca8bf7cea690fa1bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:01:1d:b5:4f:24:51:de:7f:4b:af:0e:28:64:
                    3d:07:05:31:25:73:cc:e0:b9:61:d4:49:ed:2c:9e:
                    54:0e:cf:76:e8:ca:21:e8:e7:db:0c:f2:67:81:0c:
                    a6:88:2d:5d:fb:06:c9:43:d0:9c:1a:7a:e9:48:ab:
                    dd:f8:3b:b6:6c:06:87:20:45:12:09:57:f6:65:a2:
                    0e:3b:ea:20:2a:c3:c1:ee:df:0c:2d:ac:44:04:e4:
                    67:ea:2b:ef:ff:8e:60:13:bb:05:05:31:fa:bd:7b:
                    62:de:d2:3f:34:a4:d2:72:47:d6:42:5a:6d:78:68:
                    13:e2:b3:7d:f1:07:63:ca:52:d5:50:47:ec:3d:31:
                    e8:24:94:ef:f7:9a:75:8b:e6:12:05:fa:69:a6:64:
                    e2:50:4a:a6:48:83:0b:dc:03:99:3e:dc:b7:a7:dd:
                    56:97:c0:fd:31:ff:b7:aa:cb:02:db:1d:da:6f:64:
                    ad:59:2e:d5:cb:df:70:d4:67:cc:00:ab:97:0b:12:
                    ab:79:3b:32:65:f0:2a:0f:6c:c0:60:f1:b0:15:51:
                    ce:a1:b7:72:a8:1b:15:1a:fe:23:64:fc:56:f5:36:
                    56:fd:b8:32:50:93:3e:17:95:27:89:11:74:54:f5:
                    3f:29:0f:56:a5:29:85:03:d7:18:36:d3:bb:7b:10:
                    6b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:87:DE:12:62:A4:90:55:71:E7:77:3C:A8:BF:7C:EA:69:0F:A1:BC
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/YofeEmKkkFVx53c8qL986mkPobw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:7e:46:d7:be:ed:16:7e:57:1d:88:82:98:d4:8e:b1:ee:1a:
         67:95:10:c6:a8:d1:49:f0:1f:05:42:09:68:a6:c7:91:99:94:
         e4:4a:29:76:95:b4:35:be:47:58:f9:09:50:5c:d3:e5:ec:02:
         62:6b:34:28:48:37:a2:d9:74:db:36:ce:47:cd:0c:db:81:ac:
         8d:1d:a2:b8:a1:6d:d9:35:7b:21:c0:4a:18:5d:5c:29:a7:b2:
         77:49:32:32:4e:59:89:05:fe:7c:cd:17:75:4d:31:1e:1b:fe:
         30:50:ef:49:4b:ec:f8:b9:d5:13:10:8f:d1:09:39:01:79:4d:
         43:e2:da:c5:93:e8:2b:29:5f:23:98:03:46:6c:cc:c8:13:b9:
         16:66:3c:fe:1a:61:73:a8:fd:d7:ee:7d:6d:9a:ef:a2:9b:41:
         a0:f0:ab:67:63:d9:70:67:0a:c2:a7:bd:e5:d2:53:69:33:ad:
         b1:02:0a:3f:dc:6a:7d:4a:91:96:95:d3:5d:5b:8b:57:d9:45:
         a1:b8:2f:98:cc:5d:36:7f:89:a2:2d:d2:66:34:24:f6:ae:79:
         30:a2:f4:f5:4d:4f:8b:57:c5:ed:94:19:62:69:f3:eb:b6:c1:
         9d:19:86:f0:23:42:5f:73:75:7f:f3:88:d7:1f:84:b7:fe:4d:
         31:8e:03:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Ebhai/IZHwRTXkVzP+/u6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA5MTk1NTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjg3ZGUxMjYyYTQ5MDU1NzFlNzc3M2NhOGJmN2NlYTY5MGZhMWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwEdtU8kUd5/S68OKGQ9BwUxJXPM
4Llh1EntLJ5UDs926Moh6OfbDPJngQymiC1d+wbJQ9CcGnrpSKvd+Du2bAaHIEUS
CVf2ZaIOO+ogKsPB7t8MLaxEBORn6ivv/45gE7sFBTH6vXti3tI/NKTSckfWQlpt
eGgT4rN98QdjylLVUEfsPTHoJJTv95p1i+YSBfpppmTiUEqmSIML3AOZPty3p91W
l8D9Mf+3qssC2x3ab2StWS7Vy99w1GfMAKuXCxKreTsyZfAqD2zAYPGwFVHOobdy
qBsVGv4jZPxW9TZW/bgyUJM+F5UniRF0VPU/KQ9WpSmFA9cYNtO7exBrHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKH3hJipJBVced3PKi/fOppD6G8MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWW9mZUVtS2trRlZ4NTNjOHFMOTg2bWtQb2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZACMA0G
CSqGSIb3DQEBCwUAA4IBAQBifkbXvu0WflcdiIKY1I6x7hpnlRDGqNFJ8B8FQglo
pseRmZTkSil2lbQ1vkdY+QlQXNPl7AJiazQoSDei2XTbNs5HzQzbgayNHaK4oW3Z
NXshwEoYXVwpp7J3STIyTlmJBf58zRd1TTEeG/4wUO9JS+z4udUTEI/RCTkBeU1D
4trFk+grKV8jmANGbMzIE7kWZjz+GmFzqP3X7n1tmu+im0Gg8KtnY9lwZwrCp73l
0lNpM62xAgo/3Gp9SpGWldNdW4tX2UWhuC+YzF02f4miLdJmNCT2rnkwovT1TU+L
V8XtlBliafPrtsGdGYbwI0Jfc3V/84jXH4S3/k0xjgP1
-----END CERTIFICATE-----