Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/k0dvZtgq6V-dLBS5au4CuRr6-i8.roa
File:                     k0dvZtgq6V-dLBS5au4CuRr6-i8.roa (raw, json)
Hash identifier:          Yf5qi0MN5qS0EcMcYTLHComeduZxyRDgtMzpRVl7Cv0=
Subject key identifier:   93:47:6F:66:D8:2A:E9:5F:9D:2C:14:B9:6A:EE:02:B9:1A:FA:FA:2F
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948CE611C6F4DF2E2A813C07814680
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/k0dvZtgq6V-dLBS5au4CuRr6-i8.roa
Signing time:             Tue 02 Jan 2024 00:30:50 +0000
ROA not before:           Tue 02 Jan 2024 00:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        45.85.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8c:e6:11:c6:f4:df:2e:2a:81:3c:07:81:46:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93476f66d82ae95f9d2c14b96aee02b91afafa2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:11:5b:09:84:65:47:cb:c5:e6:0b:7b:39:7e:
                    0f:7f:24:a8:de:3c:d1:50:5e:b2:87:47:8d:98:d3:
                    07:86:ba:92:af:d8:5e:76:7c:fb:8f:1a:c7:fb:a3:
                    26:50:16:4b:18:28:44:68:92:b7:5e:12:07:a9:a6:
                    28:2d:dc:fb:c0:f2:19:68:0c:95:fa:38:20:a1:75:
                    aa:b4:29:c5:76:d3:1b:78:ad:0d:8e:4f:a7:bf:0d:
                    29:61:e2:45:1e:3f:93:34:c0:fc:ab:5d:26:01:8e:
                    7c:12:dd:fe:bd:96:f4:ea:b2:f6:90:4d:71:c8:5f:
                    f6:f1:98:46:4e:d9:af:bb:14:fd:52:88:0f:8d:24:
                    09:9c:d6:7c:20:91:92:75:17:72:62:74:fa:41:e4:
                    8b:8d:5f:f2:6e:45:f8:89:8a:d5:3d:cf:a2:81:a1:
                    d3:17:eb:ca:1a:91:88:ad:e8:e0:e6:33:6b:d8:4b:
                    16:69:b7:7a:45:58:39:4b:77:92:65:1e:3b:81:dc:
                    5b:b6:8d:a1:17:cb:40:87:76:29:09:f5:54:ab:e0:
                    54:2d:14:1c:f0:da:09:36:ee:dc:06:ba:6d:f1:37:
                    77:38:34:b2:49:c7:76:88:cd:99:d6:c0:3d:f6:df:
                    76:d5:3b:7f:14:7c:1c:ed:c3:64:78:33:70:76:50:
                    da:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:47:6F:66:D8:2A:E9:5F:9D:2C:14:B9:6A:EE:02:B9:1A:FA:FA:2F
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/k0dvZtgq6V-dLBS5au4CuRr6-i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:99:e6:1a:a5:2e:9e:a1:07:fb:6a:8f:83:bf:6a:4d:98:36:
         44:b0:14:6b:15:29:ea:77:d8:40:41:f8:5c:c8:6d:43:35:c1:
         ad:f0:4c:54:a9:be:76:ee:ae:e7:5c:dc:04:8e:83:72:24:f7:
         24:6b:e9:81:61:12:65:05:90:aa:c7:a5:1c:9e:45:3e:98:e4:
         18:0a:20:25:55:77:bb:02:81:2f:0f:60:44:c7:2d:4a:24:5b:
         f0:c6:b8:ae:7f:07:07:02:e7:d9:53:79:72:8e:fd:27:a0:3a:
         b6:d0:e2:66:b0:9b:50:5a:e0:bd:fe:35:41:16:85:2b:8d:6e:
         93:40:39:96:03:be:23:b6:88:cb:1f:dc:83:78:39:7a:30:85:
         78:4e:e0:6a:98:42:a3:02:cd:48:ad:1b:39:48:87:65:e2:c6:
         64:40:db:06:e7:a0:2b:2c:70:4b:08:c0:89:10:14:3b:20:9b:
         f4:5c:ba:83:e4:9a:82:29:bc:52:60:c7:a8:45:1b:ab:10:76:
         6c:50:95:a8:e5:0b:8d:3b:bf:f0:a4:ee:7c:7e:06:71:4d:5f:
         50:a2:52:91:9e:01:48:01:f8:57:3d:12:c0:72:f7:94:b5:4e:
         da:cf:dc:3b:11:d0:19:a4:a1:d6:52:ed:8f:7d:39:2e:0d:4e:
         eb:11:6c:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlIzmEcb03y4qgTwHgUaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzQ3NmY2NmQ4MmFlOTVmOWQyYzE0Yjk2YWVlMDJiOTFhZmFmYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhFbCYRlR8vF5gt7OX4PfySo3jzR
UF6yh0eNmNMHhrqSr9hednz7jxrH+6MmUBZLGChEaJK3XhIHqaYoLdz7wPIZaAyV
+jggoXWqtCnFdtMbeK0Njk+nvw0pYeJFHj+TNMD8q10mAY58Et3+vZb06rL2kE1x
yF/28ZhGTtmvuxT9UogPjSQJnNZ8IJGSdRdyYnT6QeSLjV/ybkX4iYrVPc+igaHT
F+vKGpGIrejg5jNr2EsWabd6RVg5S3eSZR47gdxbto2hF8tAh3YpCfVUq+BULRQc
8NoJNu7cBrpt8Td3ODSyScd2iM2Z1sA99t921Tt/FHwc7cNkeDNwdlDaswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNHb2bYKulfnSwUuWruArka+vovMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvazBkdlp0Z3E2Vi1kTEJTNWF1NEN1UnI2LWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVW/MA0G
CSqGSIb3DQEBCwUAA4IBAQBfmeYapS6eoQf7ao+Dv2pNmDZEsBRrFSnqd9hAQfhc
yG1DNcGt8ExUqb527q7nXNwEjoNyJPcka+mBYRJlBZCqx6UcnkU+mOQYCiAlVXe7
AoEvD2BExy1KJFvwxriufwcHAufZU3lyjv0noDq20OJmsJtQWuC9/jVBFoUrjW6T
QDmWA74jtojLH9yDeDl6MIV4TuBqmEKjAs1IrRs5SIdl4sZkQNsG56ArLHBLCMCJ
EBQ7IJv0XLqD5JqCKbxSYMeoRRurEHZsUJWo5QuNO7/wpO58fgZxTV9QolKRngFI
AfhXPRLAcveUtU7az9w7EdAZpKHWUu2PfTkuDU7rEWxT
-----END CERTIFICATE-----