Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/b8ea83-4765-43a6-a54f-20d24900130a/1/LyKXgKcHepWGD2iWiCWTulZdsI0.roa
File:                     LyKXgKcHepWGD2iWiCWTulZdsI0.roa (raw, json)
Hash identifier:          VPJgPcDlo7wgCKLRqb0udOUyngY4AE8YHu0/YgQzNwk=
Subject key identifier:   2F:22:97:80:A7:07:7A:95:86:0F:68:96:88:25:93:BA:56:5D:B0:8D
Certificate issuer:       /CN=c9a3a5e411deaf2284ffd01530bfb41f816cbba3
Certificate serial:       019118486A3BB0017FDCBA382D2D755C4A9F
Authority key identifier: C9:A3:A5:E4:11:DE:AF:22:84:FF:D0:15:30:BF:B4:1F:81:6C:BB:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yaOl5BHeryKE_9AVML-0H4Fsu6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/b8ea83-4765-43a6-a54f-20d24900130a/1/LyKXgKcHepWGD2iWiCWTulZdsI0.roa
Signing time:             Sat 03 Aug 2024 12:48:04 +0000
ROA not before:           Sat 03 Aug 2024 12:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214570
IP address blocks:        45.137.16.0/23 maxlen: 23
                          45.137.19.0/24 maxlen: 24
                          185.254.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/b8ea83-4765-43a6-a54f-20d24900130a/1/yaOl5BHeryKE_9AVML-0H4Fsu6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/b8ea83-4765-43a6-a54f-20d24900130a/1/yaOl5BHeryKE_9AVML-0H4Fsu6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yaOl5BHeryKE_9AVML-0H4Fsu6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:18:48:6a:3b:b0:01:7f:dc:ba:38:2d:2d:75:5c:4a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9a3a5e411deaf2284ffd01530bfb41f816cbba3
        Validity
            Not Before: Aug  3 12:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f229780a7077a95860f6896882593ba565db08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ac:72:99:85:5e:e5:60:4c:e1:87:00:29:73:
                    5b:60:dd:8b:cf:19:d4:67:77:ee:4c:08:64:08:86:
                    2e:1b:31:8c:63:be:6b:1b:96:2b:cb:ff:1c:f1:51:
                    93:12:79:ff:8e:c4:27:0e:ea:3e:bd:69:7f:04:6c:
                    86:b8:59:bc:4f:83:d5:19:3e:7a:1c:01:ce:db:b1:
                    3d:a3:a3:25:52:56:50:3c:c1:43:1c:6d:70:ed:83:
                    e6:e4:82:c6:e8:a2:3c:b6:90:13:b8:ae:5b:ab:ef:
                    ed:91:aa:af:91:43:c1:2e:27:8e:4d:80:d0:54:d5:
                    8c:13:79:c7:82:bd:0a:7a:ef:58:05:48:a3:62:da:
                    b1:5c:0a:d9:16:48:06:79:22:07:01:12:de:e9:19:
                    9b:21:cb:66:00:cd:2b:3e:9c:9d:0d:17:dd:a4:97:
                    ee:57:78:05:b5:7b:48:ef:ab:54:33:40:6c:2b:5e:
                    46:46:be:77:22:87:57:fd:76:9b:66:95:7f:43:6d:
                    c3:27:b1:d8:a1:07:89:6e:19:ba:e7:78:1c:89:6d:
                    11:ac:e9:37:41:f5:f5:c2:2a:0b:84:4c:83:b2:d2:
                    5b:4d:b2:6c:8d:ba:c9:9b:e3:ee:c4:d3:7d:22:70:
                    71:c4:9d:5a:07:a8:49:0a:bc:0f:6a:ae:9e:1e:ec:
                    88:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:22:97:80:A7:07:7A:95:86:0F:68:96:88:25:93:BA:56:5D:B0:8D
            X509v3 Authority Key Identifier:
                keyid:C9:A3:A5:E4:11:DE:AF:22:84:FF:D0:15:30:BF:B4:1F:81:6C:BB:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yaOl5BHeryKE_9AVML-0H4Fsu6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/b8ea83-4765-43a6-a54f-20d24900130a/1/LyKXgKcHepWGD2iWiCWTulZdsI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/b8ea83-4765-43a6-a54f-20d24900130a/1/yaOl5BHeryKE_9AVML-0H4Fsu6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.16.0/23
                  45.137.19.0/24
                  185.254.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:07:7c:14:1b:14:33:5f:56:b3:e1:e5:88:df:7a:6d:10:e4:
         8b:7b:54:d1:15:74:51:1f:0c:d2:71:e0:31:1d:db:1c:c9:44:
         63:a5:c3:13:e7:83:ec:83:e6:34:b3:cd:11:fb:67:7e:9a:e7:
         ba:23:87:0c:df:50:51:40:c6:f3:b1:69:1c:1d:ed:3f:ba:f8:
         9a:c6:b5:2d:03:ee:1b:25:ae:b7:98:79:62:ca:f8:bd:55:e5:
         41:4e:64:b8:c1:b6:fa:2a:8c:8a:eb:53:e3:66:06:c4:92:f5:
         55:f9:21:01:7e:d8:97:e5:a6:d6:87:c5:c2:a3:85:ad:9f:9a:
         45:4c:7e:f7:5b:1c:89:50:76:04:54:fe:36:9b:aa:aa:7f:75:
         b2:08:cf:eb:5f:05:43:2a:f1:45:12:4b:31:22:79:5f:ea:9f:
         1d:24:13:ba:65:f6:08:53:4b:aa:6d:86:f5:b6:bc:f8:8c:79:
         67:9b:d5:17:f6:3c:05:81:51:3e:b8:57:a6:f8:f5:f4:ba:f1:
         61:fd:b2:31:2c:62:df:a5:54:e2:e5:73:57:f1:90:34:b3:51:
         e4:d2:d8:ba:f5:d7:24:75:30:c8:5a:c3:4c:85:3d:25:20:26:
         6b:1a:79:35:50:36:b7:53:bc:27:e5:02:d2:ec:e6:29:20:47:
         77:9d:b1:a4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEYSGo7sAF/3Lo4LS11XEqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YTNhNWU0MTFkZWFmMjI4NGZmZDAxNTMwYmZiNDFmODE2
Y2JiYTMwHhcNMjQwODAzMTI0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjIyOTc4MGE3MDc3YTk1ODYwZjY4OTY4ODI1OTNiYTU2NWRiMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKxymYVe5WBM4YcAKXNbYN2LzxnU
Z3fuTAhkCIYuGzGMY75rG5Yry/8c8VGTEnn/jsQnDuo+vWl/BGyGuFm8T4PVGT56
HAHO27E9o6MlUlZQPMFDHG1w7YPm5ILG6KI8tpATuK5bq+/tkaqvkUPBLieOTYDQ
VNWME3nHgr0Keu9YBUijYtqxXArZFkgGeSIHARLe6RmbIctmAM0rPpydDRfdpJfu
V3gFtXtI76tUM0BsK15GRr53IodX/XabZpV/Q23DJ7HYoQeJbhm653gciW0RrOk3
QfX1wioLhEyDstJbTbJsjbrJm+PuxNN9InBxxJ1aB6hJCrwPaq6eHuyIKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC8il4CnB3qVhg9ologlk7pWXbCNMB8GA1UdIwQY
MBaAFMmjpeQR3q8ihP/QFTC/tB+BbLujMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWFPbDVCSGVyeUtFXzlBVk1MLTBINEZzdTZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iOGVhODMtNDc2NS00M2E2LWE1NGYt
MjBkMjQ5MDAxMzBhLzEvTHlLWGdLY0hlcFdHRDJpV2lDV1R1bFpkc0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iOGVhODMtNDc2NS00M2E2LWE1NGYtMjBkMjQ5MDAxMzBh
LzEveWFPbDVCSGVyeUtFXzlBVk1MLTBINEZzdTZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLYkQAwQA
LYkTAwQAuf6lMA0GCSqGSIb3DQEBCwUAA4IBAQCiB3wUGxQzX1az4eWI33ptEOSL
e1TRFXRRHwzSceAxHdscyURjpcMT54Psg+Y0s80R+2d+mue6I4cM31BRQMbzsWkc
He0/uviaxrUtA+4bJa63mHliyvi9VeVBTmS4wbb6KoyK61PjZgbEkvVV+SEBftiX
5abWh8XCo4Wtn5pFTH73WxyJUHYEVP42m6qqf3WyCM/rXwVDKvFFEksxInlf6p8d
JBO6ZfYIU0uqbYb1trz4jHlnm9UX9jwFgVE+uFem+PX0uvFh/bIxLGLfpVTi5XNX
8ZA0s1Hk0ti69dckdTDIWsNMhT0lICZrGnk1UDa3U7wn5QLS7OYpIEd3nbGk
-----END CERTIFICATE-----