Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/_BY1IAVADsEASNh3JpvN2SJkRcs.roa
File:                     _BY1IAVADsEASNh3JpvN2SJkRcs.roa (raw, json)
Hash identifier:          i3aTkfJk7tJsJuiy6pHZ5KC7XR3uhGjpjKH6JILJaA0=
Subject key identifier:   FC:16:35:20:05:40:0E:C1:00:48:D8:77:26:9B:CD:D9:22:64:45:CB
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018CC8018E735E345F52CD45248FA3849AB5
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/_BY1IAVADsEASNh3JpvN2SJkRcs.roa
Signing time:             Tue 02 Jan 2024 02:29:54 +0000
ROA not before:           Tue 02 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        45.151.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8e:73:5e:34:5f:52:cd:45:24:8f:a3:84:9a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  2 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc16352005400ec10048d877269bcdd9226445cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:22:80:82:95:f6:a9:e1:71:4f:b1:4b:8d:86:
                    1b:73:ee:5c:99:79:9b:ae:04:c3:f7:21:94:ca:5f:
                    75:66:67:a3:f0:3b:44:a6:34:e4:8a:79:33:0d:3a:
                    3e:21:cb:c0:d3:b4:d5:a6:1c:64:fa:06:65:ef:d3:
                    72:60:fe:fd:49:f3:bf:e9:8a:4b:4b:ad:cf:8d:b4:
                    c1:80:9a:89:03:f6:63:61:31:8e:af:2e:4e:e8:51:
                    b4:c3:0a:36:1c:b9:65:e4:e6:5a:73:4a:a2:a2:e9:
                    ba:5c:a2:f6:c9:87:4a:0e:0b:47:fa:4e:6d:36:21:
                    ad:ad:e2:59:1f:67:64:5b:ef:6b:81:65:43:1a:67:
                    da:d1:51:d4:9c:3a:6f:e2:74:12:ff:9a:ac:43:30:
                    86:3e:b3:5d:e9:ed:22:30:e3:52:fb:83:d5:66:bc:
                    c2:e5:f2:3b:44:21:ff:08:61:c8:76:1c:bd:09:3d:
                    db:21:5a:8d:d3:9f:41:a9:e5:7e:6a:34:74:d9:92:
                    15:09:fe:47:c0:10:5b:e2:79:b6:8d:2e:47:be:ce:
                    78:5b:a8:8c:b3:dd:1e:58:67:21:07:e9:e5:1e:02:
                    2b:bf:0c:4f:bb:e8:da:5a:a1:41:b5:b1:17:14:c1:
                    38:94:ad:d0:52:91:94:bc:a9:67:36:c5:cd:41:ed:
                    af:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:16:35:20:05:40:0E:C1:00:48:D8:77:26:9B:CD:D9:22:64:45:CB
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/_BY1IAVADsEASNh3JpvN2SJkRcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:f7:3e:1c:e7:99:d5:f7:77:36:98:fc:d0:53:64:c1:5f:17:
         f2:70:1a:64:a3:40:4a:bd:a0:26:17:59:c5:88:d3:84:8d:c8:
         c2:29:30:08:d7:b4:6f:60:18:1f:de:c1:57:82:c2:6c:c4:3a:
         b8:40:51:7d:47:33:e0:19:cb:14:8c:5c:4b:a3:62:bc:68:df:
         ee:1f:b8:38:c6:53:3c:c0:6d:ad:65:57:e3:0b:af:d9:1d:fc:
         24:e5:32:dd:ee:2a:cb:cb:f8:e6:3b:3a:c4:f3:fe:40:62:16:
         79:c2:7c:ec:1b:5d:f7:39:3d:a4:88:1e:dc:6c:a0:d9:d2:a7:
         7d:a5:cb:89:8c:ca:f5:65:22:b7:f7:16:dc:1e:5c:1f:25:aa:
         a1:19:5b:90:28:e4:96:c5:23:29:4b:c5:df:63:c4:c6:35:48:
         ee:41:c2:e5:ee:d4:13:67:18:52:9b:0f:b7:bd:f5:01:2e:6c:
         d1:d1:e7:71:12:9e:09:ef:0a:a8:3b:fd:6d:a9:32:74:21:e9:
         31:f4:fd:dc:05:c6:56:8f:56:d3:43:2f:87:19:b2:c6:b1:4e:
         4f:b7:22:03:38:0e:d0:9a:07:ce:1b:28:02:30:58:d4:31:26:
         65:b8:85:3d:c3:48:48:27:82:95:a2:15:63:ac:3f:e9:ab:93:
         38:c6:3b:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAY5zXjRfUs1FJI+jhJq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTAyMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzE2MzUyMDA1NDAwZWMxMDA0OGQ4NzcyNjliY2RkOTIyNjQ0NWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSKAgpX2qeFxT7FLjYYbc+5cmXmb
rgTD9yGUyl91Zmej8DtEpjTkinkzDTo+IcvA07TVphxk+gZl79NyYP79SfO/6YpL
S63PjbTBgJqJA/ZjYTGOry5O6FG0wwo2HLll5OZac0qioum6XKL2yYdKDgtH+k5t
NiGtreJZH2dkW+9rgWVDGmfa0VHUnDpv4nQS/5qsQzCGPrNd6e0iMONS+4PVZrzC
5fI7RCH/CGHIdhy9CT3bIVqN059BqeV+ajR02ZIVCf5HwBBb4nm2jS5Hvs54W6iM
s90eWGchB+nlHgIrvwxPu+jaWqFBtbEXFME4lK3QUpGUvKlnNsXNQe2v0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwWNSAFQA7BAEjYdyabzdkiZEXLMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvX0JZMUlBVkFEc0VBU05oM0pwdk4yU0prUmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdHMA0G
CSqGSIb3DQEBCwUAA4IBAQCj9z4c55nV93c2mPzQU2TBXxfycBpko0BKvaAmF1nF
iNOEjcjCKTAI17RvYBgf3sFXgsJsxDq4QFF9RzPgGcsUjFxLo2K8aN/uH7g4xlM8
wG2tZVfjC6/ZHfwk5TLd7irLy/jmOzrE8/5AYhZ5wnzsG133OT2kiB7cbKDZ0qd9
pcuJjMr1ZSK39xbcHlwfJaqhGVuQKOSWxSMpS8XfY8TGNUjuQcLl7tQTZxhSmw+3
vfUBLmzR0edxEp4J7wqoO/1tqTJ0Iekx9P3cBcZWj1bTQy+HGbLGsU5PtyIDOA7Q
mgfOGygCMFjUMSZluIU9w0hIJ4KVohVjrD/pq5M4xjt4
-----END CERTIFICATE-----