Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/t5R1-ZkJ4C59QSdf1_Sv19SGBNU.roa
File:                     t5R1-ZkJ4C59QSdf1_Sv19SGBNU.roa (raw, json)
Hash identifier:          FKbUay8c7MIkjkvFlLAVX/n9ii9E/emMfurJHAXOyvc=
Subject key identifier:   B7:94:75:F9:99:09:E0:2E:7D:41:27:5F:D7:F4:AF:D7:D4:86:04:D5
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948DF8FFB9F871D023CCB6CCE4EEED
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/t5R1-ZkJ4C59QSdf1_Sv19SGBNU.roa
Signing time:             Tue 02 Jan 2024 00:30:50 +0000
ROA not before:           Tue 02 Jan 2024 00:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197731
IP address blocks:        45.91.118.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 11:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8d:f8:ff:b9:f8:71:d0:23:cc:b6:cc:e4:ee:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b79475f99909e02e7d41275fd7f4afd7d48604d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5d:94:d7:d3:b3:b3:87:e6:9c:87:27:44:3e:
                    b4:cb:bc:2c:f2:73:fd:bb:6d:4f:8a:d0:8f:c6:7f:
                    02:c5:b8:0f:49:e3:3d:ca:fa:e6:25:f7:d9:b9:13:
                    62:6b:0c:6b:6b:3b:cf:14:ea:7e:24:f5:f0:93:8d:
                    78:f8:40:51:e3:bd:17:f3:42:83:57:bf:6b:1a:09:
                    47:9c:c2:90:78:c4:c9:65:0b:63:13:1f:05:b5:51:
                    2d:03:eb:0a:e3:75:00:29:b4:4e:36:6d:5d:a6:0f:
                    7d:19:ec:ea:e9:be:a1:3a:db:37:38:80:16:cb:f1:
                    c8:fb:4f:e0:05:f7:4c:68:cd:e8:96:b6:4c:cd:b8:
                    52:32:a5:d2:b1:42:d7:6e:c3:0b:e7:ec:c6:b2:d4:
                    bb:6c:9d:8e:6f:f0:b4:d4:92:4e:ca:5c:41:d9:34:
                    fb:60:64:6b:8d:b2:06:77:97:74:19:ec:a4:b0:6b:
                    3c:a9:79:31:ea:dc:3d:4b:9f:5e:60:83:f8:c8:84:
                    e5:48:a0:b0:a4:21:08:92:4d:a2:f1:a0:e3:9a:f7:
                    dd:01:bb:7b:48:68:81:fa:cd:c1:38:c9:55:19:ec:
                    8c:79:f7:ac:22:cb:2e:d2:5f:6f:19:66:34:a2:42:
                    6d:0e:36:f7:7d:cb:84:64:f3:b7:99:50:08:87:38:
                    08:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:94:75:F9:99:09:E0:2E:7D:41:27:5F:D7:F4:AF:D7:D4:86:04:D5
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/t5R1-ZkJ4C59QSdf1_Sv19SGBNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:6e:c5:d9:91:a6:45:16:35:24:e5:cf:94:95:51:06:12:41:
         80:0a:97:ac:eb:7f:4d:1a:a4:63:0d:d9:d8:5b:40:ba:6c:f2:
         0c:23:ea:8f:43:64:36:4d:48:61:6f:55:5d:f3:d6:6d:94:5c:
         96:7b:4e:b1:91:c0:d1:31:bf:ae:5d:27:26:47:86:d4:6a:43:
         04:db:e2:c5:9e:91:91:4c:6d:74:1a:56:e8:96:ff:5e:b8:5a:
         df:d2:a7:29:79:26:b4:3e:09:bd:1f:f0:7c:af:30:91:c4:44:
         7f:2e:87:97:59:2b:80:61:0c:0b:4b:9f:04:49:7d:42:e7:1c:
         a0:dc:2f:9a:05:6d:26:f1:6d:ca:05:70:24:3b:c4:85:5d:e0:
         26:e6:0d:6d:d0:71:9d:8b:21:f3:05:8e:f0:e3:30:2d:9b:4c:
         3d:7e:94:75:30:56:42:dd:27:66:f5:02:b1:fe:21:0e:63:6a:
         52:d7:56:e4:e6:d2:b1:1b:c2:27:10:6d:b9:1e:e8:24:ee:af:
         8f:6f:44:2e:18:a4:3a:18:7b:62:05:ec:f7:ab:66:b4:c3:c9:
         8e:cc:56:7c:43:77:69:5b:39:17:cd:04:3b:a5:d2:1d:13:6c:
         e4:e2:54:94:c5:ac:a4:20:dd:12:23:c0:a2:f0:18:5f:95:bd:
         20:06:d4:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlI34/7n4cdAjzLbM5O7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk0NzVmOTk5MDllMDJlN2Q0MTI3NWZkN2Y0YWZkN2Q0ODYwNGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhV2U19Ozs4fmnIcnRD60y7ws8nP9
u21PitCPxn8CxbgPSeM9yvrmJffZuRNiawxrazvPFOp+JPXwk414+EBR470X80KD
V79rGglHnMKQeMTJZQtjEx8FtVEtA+sK43UAKbRONm1dpg99Gezq6b6hOts3OIAW
y/HI+0/gBfdMaM3olrZMzbhSMqXSsULXbsML5+zGstS7bJ2Ob/C01JJOylxB2TT7
YGRrjbIGd5d0GeyksGs8qXkx6tw9S59eYIP4yITlSKCwpCEIkk2i8aDjmvfdAbt7
SGiB+s3BOMlVGeyMefesIssu0l9vGWY0okJtDjb3fcuEZPO3mVAIhzgIWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeUdfmZCeAufUEnX9f0r9fUhgTVMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvdDVSMS1aa0o0QzU5UVNkZjFfU3YxOVNHQk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVt2MA0G
CSqGSIb3DQEBCwUAA4IBAQCBbsXZkaZFFjUk5c+UlVEGEkGACpes639NGqRjDdnY
W0C6bPIMI+qPQ2Q2TUhhb1Vd89ZtlFyWe06xkcDRMb+uXScmR4bUakME2+LFnpGR
TG10Glbolv9euFrf0qcpeSa0Pgm9H/B8rzCRxER/LoeXWSuAYQwLS58ESX1C5xyg
3C+aBW0m8W3KBXAkO8SFXeAm5g1t0HGdiyHzBY7w4zAtm0w9fpR1MFZC3Sdm9QKx
/iEOY2pS11bk5tKxG8InEG25Hugk7q+Pb0QuGKQ6GHtiBez3q2a0w8mOzFZ8Q3dp
WzkXzQQ7pdIdE2zk4lSUxaykIN0SI8Ci8Bhflb0gBtTo
-----END CERTIFICATE-----