Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ktcGU-uD7bDJqjQs81ERtI__Vws.roa
File:                     ktcGU-uD7bDJqjQs81ERtI__Vws.roa (raw, json)
Hash identifier:          Qyb8FHZiI7+ZqS2CR0eGqA5wFTAQYXv/1SmptFlFdSY=
Subject key identifier:   92:D7:06:53:EB:83:ED:B0:C9:AA:34:2C:F3:51:11:B4:8F:FF:57:0B
Certificate issuer:       /CN=ca51789a23135ac2268c22a285600a5f9b053770
Certificate serial:       018CC8DF0458EBC634A022FF68052DA57CD9
Authority key identifier: CA:51:78:9A:23:13:5A:C2:26:8C:22:A2:85:60:0A:5F:9B:05:37:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ylF4miMTWsImjCKihWAKX5sFN3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ktcGU-uD7bDJqjQs81ERtI__Vws.roa
Signing time:             Tue 02 Jan 2024 06:31:47 +0000
ROA not before:           Tue 02 Jan 2024 06:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        45.129.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ylF4miMTWsImjCKihWAKX5sFN3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ylF4miMTWsImjCKihWAKX5sFN3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ylF4miMTWsImjCKihWAKX5sFN3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:04:58:eb:c6:34:a0:22:ff:68:05:2d:a5:7c:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca51789a23135ac2268c22a285600a5f9b053770
        Validity
            Not Before: Jan  2 06:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92d70653eb83edb0c9aa342cf35111b48fff570b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:52:b5:ac:6b:48:5a:22:21:78:06:b0:a2:8f:
                    83:40:ee:f7:25:01:bb:33:0d:55:be:f5:c3:2b:c2:
                    51:a0:de:86:e9:84:04:e4:ca:9b:77:47:07:d7:15:
                    8f:8d:8b:4f:5d:eb:4d:63:70:dc:6c:48:6f:6f:a4:
                    33:a2:88:86:a7:e8:ae:d8:4a:ad:ce:23:cf:e4:05:
                    5a:4d:ad:3e:e5:3f:30:86:d3:74:d7:14:c0:55:6a:
                    21:57:6c:85:80:c0:2d:61:f3:8a:ed:5d:96:13:93:
                    1b:5b:d0:e8:a8:ea:37:63:75:7b:b3:6c:d8:ed:c6:
                    8f:30:55:b2:d2:45:07:ea:35:03:12:56:63:78:30:
                    25:ad:92:ca:45:bf:9d:ca:69:f8:e6:34:a4:69:ea:
                    55:42:75:73:c3:8e:8c:cf:cd:f1:94:4b:7c:76:0c:
                    0b:73:ea:75:ab:92:be:41:a6:61:ac:4f:50:04:c7:
                    00:27:f8:d6:ee:26:33:f6:f5:95:7d:c0:a8:9b:b8:
                    29:fe:1d:cf:b1:66:56:17:42:5c:3a:b7:28:9d:98:
                    33:39:7a:ec:77:97:69:33:b0:df:05:f7:1e:f7:cb:
                    b4:6e:9d:e4:e7:6a:fd:78:fe:92:40:45:1f:a2:78:
                    d7:9a:b3:5a:7f:c2:d0:4f:e7:fa:6f:07:c6:ca:7a:
                    46:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D7:06:53:EB:83:ED:B0:C9:AA:34:2C:F3:51:11:B4:8F:FF:57:0B
            X509v3 Authority Key Identifier:
                keyid:CA:51:78:9A:23:13:5A:C2:26:8C:22:A2:85:60:0A:5F:9B:05:37:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ylF4miMTWsImjCKihWAKX5sFN3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ktcGU-uD7bDJqjQs81ERtI__Vws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ylF4miMTWsImjCKihWAKX5sFN3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:63:99:78:bd:3d:87:ab:9d:c0:de:16:d8:6c:2e:17:53:df:
         79:0d:6c:cc:61:7f:70:ba:ae:ed:c2:56:85:96:90:7f:d2:de:
         67:0d:c9:e4:a4:74:f6:8d:40:d8:6a:81:3c:1c:d7:53:38:96:
         13:47:11:c7:eb:ce:0f:dc:f3:83:a1:30:2d:0e:58:45:1e:a2:
         2a:69:d1:5f:91:22:90:42:9f:9a:ea:8d:b8:b9:c3:e4:aa:70:
         e8:6d:ab:e6:ba:55:09:a1:d7:f8:cf:98:0b:b0:95:d6:c0:7e:
         c4:e8:d8:ff:80:7f:68:c6:46:90:2f:aa:e4:02:cc:47:cc:17:
         3d:77:cb:18:4d:0e:4d:51:ea:ad:9a:2a:06:87:03:58:cf:01:
         ee:e4:fc:d9:9a:ab:ea:38:14:d9:35:37:f7:3c:06:ba:fb:c8:
         e4:bb:08:cb:d3:56:ce:11:11:a1:d3:05:c4:43:98:f3:68:bc:
         02:29:06:5f:b4:c7:96:5f:1d:b2:1e:57:f7:80:f0:bb:1e:75:
         a8:4e:2f:de:1d:02:a4:67:be:f1:a8:0f:6e:98:1c:76:a4:d6:
         19:23:6d:42:ef:47:c6:9f:04:81:21:34:58:c7:20:1a:9c:31:
         b1:c9:5e:2e:3c:87:77:b1:38:6a:19:79:84:82:3b:40:28:40:
         8b:62:19:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wRY68Y0oCL/aAUtpXzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNTE3ODlhMjMxMzVhYzIyNjhjMjJhMjg1NjAwYTVmOWIw
NTM3NzAwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQ3MDY1M2ViODNlZGIwYzlhYTM0MmNmMzUxMTFiNDhmZmY1NzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFK1rGtIWiIheAawoo+DQO73JQG7
Mw1VvvXDK8JRoN6G6YQE5Mqbd0cH1xWPjYtPXetNY3DcbEhvb6QzooiGp+iu2Eqt
ziPP5AVaTa0+5T8whtN01xTAVWohV2yFgMAtYfOK7V2WE5MbW9DoqOo3Y3V7s2zY
7caPMFWy0kUH6jUDElZjeDAlrZLKRb+dymn45jSkaepVQnVzw46Mz83xlEt8dgwL
c+p1q5K+QaZhrE9QBMcAJ/jW7iYz9vWVfcCom7gp/h3PsWZWF0JcOrconZgzOXrs
d5dpM7DfBfce98u0bp3k52r9eP6SQEUfonjXmrNaf8LQT+f6bwfGynpGHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLXBlPrg+2wyao0LPNREbSP/1cLMB8GA1UdIwQY
MBaAFMpReJojE1rCJowiooVgCl+bBTdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxGNG1pTVRXc0ltakNLaWhXQUtYNXNGTjNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iNGJmNjAtZDU5My00MGQyLTk3ODMt
MWUxOTE2OGY1ZDczLzEva3RjR1UtdUQ3YkRKcWpRczgxRVJ0SV9fVndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iNGJmNjAtZDU5My00MGQyLTk3ODMtMWUxOTE2OGY1ZDcz
LzEveWxGNG1pTVRXc0ltakNLaWhXQUtYNXNGTjNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFFMA0G
CSqGSIb3DQEBCwUAA4IBAQBrY5l4vT2Hq53A3hbYbC4XU995DWzMYX9wuq7twlaF
lpB/0t5nDcnkpHT2jUDYaoE8HNdTOJYTRxHH684P3PODoTAtDlhFHqIqadFfkSKQ
Qp+a6o24ucPkqnDobavmulUJodf4z5gLsJXWwH7E6Nj/gH9oxkaQL6rkAsxHzBc9
d8sYTQ5NUeqtmioGhwNYzwHu5PzZmqvqOBTZNTf3PAa6+8jkuwjL01bOERGh0wXE
Q5jzaLwCKQZftMeWXx2yHlf3gPC7HnWoTi/eHQKkZ77xqA9umBx2pNYZI21C70fG
nwSBITRYxyAanDGxyV4uPId3sThqGXmEgjtAKECLYhnt
-----END CERTIFICATE-----