Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/e9RWqOmjdRD-tSWiD0uKC69xMvE.roa
File:                     e9RWqOmjdRD-tSWiD0uKC69xMvE.roa (raw, json)
Hash identifier:          8d3/Wvm+ox2nFYv2uInVyvaTfBC/xUFOZS5TLY61yYE=
Subject key identifier:   7B:D4:56:A8:E9:A3:75:10:FE:B5:25:A2:0F:4B:8A:0B:AF:71:32:F1
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       018CC86F4B9890957BFEDDBE06F0913DD23A
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/e9RWqOmjdRD-tSWiD0uKC69xMvE.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57179
IP address blocks:        45.94.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4b:98:90:95:7b:fe:dd:be:06:f0:91:3d:d2:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bd456a8e9a37510feb525a20f4b8a0baf7132f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:34:54:bd:e8:94:9a:19:71:00:86:87:5b:0c:
                    67:a7:24:83:65:4e:8f:0e:34:b7:29:32:07:ea:aa:
                    a3:c1:8a:3c:30:e5:48:d1:08:54:c0:4c:31:8a:f1:
                    60:b5:5e:4b:5d:a0:2f:d2:6d:f5:14:a2:2b:a4:5c:
                    6f:c2:f4:f8:9e:9a:e3:1a:0b:39:d0:5e:3b:f4:72:
                    ea:c3:28:1b:5e:0c:94:9d:38:77:bd:ce:4b:31:a2:
                    9a:c3:71:99:5d:ea:5d:1f:8d:b4:a4:dc:c4:4d:bd:
                    d3:1a:ad:84:6e:06:8f:54:46:7c:f6:a5:c7:15:5d:
                    9b:08:07:a5:71:71:56:60:3f:44:fc:e5:f4:ae:72:
                    53:93:ba:9b:1d:5c:1f:16:37:a7:a0:e6:60:bf:c1:
                    4a:d1:c4:73:1a:5b:c1:16:ea:09:8c:5f:99:59:a6:
                    77:8f:b9:c7:76:72:6c:7e:c2:a0:e3:7c:d5:2f:e3:
                    0d:48:b7:92:3e:a7:94:8e:0b:09:5f:2d:94:ad:d6:
                    1d:f0:7a:26:5e:2e:34:55:a1:d5:47:e4:18:23:06:
                    9a:ff:b7:de:46:82:46:88:82:e4:00:02:80:b1:7f:
                    81:49:e1:03:78:f7:fa:25:af:ef:1d:6c:43:a1:12:
                    23:65:ea:45:4c:79:3f:4b:35:e1:9d:7e:9b:4c:db:
                    1b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D4:56:A8:E9:A3:75:10:FE:B5:25:A2:0F:4B:8A:0B:AF:71:32:F1
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/e9RWqOmjdRD-tSWiD0uKC69xMvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:49:72:a0:07:ca:11:91:16:fd:2f:c1:82:7a:62:d7:5a:ec:
         d5:e9:6f:aa:49:77:f1:6a:58:f5:e8:e1:af:07:7c:ae:40:79:
         26:ce:d0:f0:ad:f3:35:1f:b6:28:3a:d7:9f:04:e8:87:e0:4b:
         03:cb:db:4b:79:64:0f:73:ea:88:39:c9:75:11:cc:9a:7b:d4:
         1a:eb:8b:7a:e2:3a:c4:b9:bb:f7:ff:9a:55:e5:be:99:29:41:
         91:a5:df:60:22:b4:b4:24:e7:91:3d:e7:af:0a:74:6e:10:93:
         7f:32:c5:c1:22:de:64:a4:ec:62:a9:cf:84:b6:11:e5:76:42:
         b6:63:27:8c:55:eb:26:38:0f:92:f3:03:2d:b5:b3:c5:00:d6:
         69:bb:ec:f4:b8:e8:e9:c5:66:14:e0:0a:94:52:1b:88:e9:8a:
         52:40:37:1f:6f:06:20:58:7e:9b:68:a7:5a:0a:58:9e:9b:f2:
         03:9e:54:56:a6:e0:b2:74:f4:79:0d:07:31:7d:d2:e0:ca:81:
         7a:01:ef:9e:e2:94:f1:fd:61:a7:69:9a:87:46:e3:bc:7b:3b:
         bc:54:b2:6d:ca:76:3f:2f:ab:95:33:21:e3:cc:e5:3d:14:0d:
         fd:1b:70:e8:ca:3f:0e:aa:51:1b:45:95:1c:53:03:2f:cd:23:
         56:63:31:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0uYkJV7/t2+BvCRPdI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ0NTZhOGU5YTM3NTEwZmViNTI1YTIwZjRiOGEwYmFmNzEzMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzRUveiUmhlxAIaHWwxnpySDZU6P
DjS3KTIH6qqjwYo8MOVI0QhUwEwxivFgtV5LXaAv0m31FKIrpFxvwvT4nprjGgs5
0F479HLqwygbXgyUnTh3vc5LMaKaw3GZXepdH420pNzETb3TGq2EbgaPVEZ89qXH
FV2bCAelcXFWYD9E/OX0rnJTk7qbHVwfFjenoOZgv8FK0cRzGlvBFuoJjF+ZWaZ3
j7nHdnJsfsKg43zVL+MNSLeSPqeUjgsJXy2UrdYd8HomXi40VaHVR+QYIwaa/7fe
RoJGiILkAAKAsX+BSeEDePf6Ja/vHWxDoRIjZepFTHk/SzXhnX6bTNsbAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvUVqjpo3UQ/rUlog9LiguvcTLxMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvZTlSV3FPbWpkUkQtdFNXaUQwdUtDNjl4TXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV6AMA0G
CSqGSIb3DQEBCwUAA4IBAQA6SXKgB8oRkRb9L8GCemLXWuzV6W+qSXfxalj16OGv
B3yuQHkmztDwrfM1H7YoOtefBOiH4EsDy9tLeWQPc+qIOcl1Ecyae9Qa64t64jrE
ubv3/5pV5b6ZKUGRpd9gIrS0JOeRPeevCnRuEJN/MsXBIt5kpOxiqc+EthHldkK2
YyeMVesmOA+S8wMttbPFANZpu+z0uOjpxWYU4AqUUhuI6YpSQDcfbwYgWH6baKda
Cliem/IDnlRWpuCydPR5DQcxfdLgyoF6Ae+e4pTx/WGnaZqHRuO8ezu8VLJtynY/
L6uVMyHjzOU9FA39G3Doyj8OqlEbRZUcUwMvzSNWYzEC
-----END CERTIFICATE-----