Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/G7JRF3-555JOSTvI8_-x_0FAeBs.roa
File:                     G7JRF3-555JOSTvI8_-x_0FAeBs.roa (raw, json)
Hash identifier:          RNpuGh+YxHGPKYInbFqlg4jq2PLkkaAn4heQ3fAowdg=
Subject key identifier:   1B:B2:51:17:7F:B9:E7:92:4E:49:3B:C8:F3:FF:B1:FF:41:40:78:1B
Certificate issuer:       /CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
Certificate serial:       018CC86FCD45349BA6243B932B9AB93C9E74
Authority key identifier: 8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/G7JRF3-555JOSTvI8_-x_0FAeBs.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198433
IP address blocks:        45.9.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cd:45:34:9b:a6:24:3b:93:2b:9a:b9:3c:9e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bb251177fb9e7924e493bc8f3ffb1ff4140781b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cf:32:2e:2f:a5:68:71:4c:7c:42:59:12:49:
                    1a:79:fa:e4:1e:14:91:cc:16:47:50:50:90:2c:86:
                    e7:de:22:09:35:57:37:53:a3:b7:5f:b4:ae:bd:ed:
                    e1:d3:d1:df:c4:66:7f:41:1e:b3:41:29:3a:73:eb:
                    50:c4:60:53:5c:0d:aa:dd:32:ad:6b:4b:8d:a1:f8:
                    ed:d8:6c:c2:03:7e:25:16:c3:ab:0b:58:14:3f:b6:
                    ee:ff:35:a4:e6:ae:09:10:d1:9e:7d:76:b9:33:99:
                    7b:5b:48:05:10:f6:00:8c:17:f7:fc:8d:98:79:bb:
                    d2:cc:06:14:86:81:31:49:4c:77:3d:71:4b:1b:f4:
                    db:bc:d0:07:eb:70:3a:2c:65:e8:77:25:d3:dc:e8:
                    c7:2b:9b:7a:86:fe:a9:98:df:e6:dd:50:a1:e7:cf:
                    96:17:1c:eb:35:43:a9:05:8e:37:38:82:9b:62:59:
                    c7:10:3f:ab:40:82:fe:32:1c:f6:be:83:e4:85:e0:
                    58:a4:14:82:ea:37:f8:b2:63:d3:5a:68:3c:19:6b:
                    07:ca:51:8d:42:86:66:1d:62:02:43:f3:1c:af:47:
                    1d:13:90:1f:13:eb:9d:f2:68:c2:1d:62:3f:83:ef:
                    47:8d:75:c1:26:23:4a:7e:9b:92:d0:d5:1e:38:85:
                    a4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B2:51:17:7F:B9:E7:92:4E:49:3B:C8:F3:FF:B1:FF:41:40:78:1B
            X509v3 Authority Key Identifier:
                keyid:8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/G7JRF3-555JOSTvI8_-x_0FAeBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2a:26:c4:c0:f3:1d:86:e0:4d:c5:3d:ef:b7:77:16:af:41:
         9c:4c:db:be:af:ef:50:b8:94:d1:58:6b:8b:f4:7f:00:52:ab:
         40:81:00:e9:74:3f:e7:08:7d:fe:9e:4e:cd:dd:c7:ba:ed:8f:
         7b:31:20:79:26:96:5a:ec:be:89:97:63:fb:43:ef:23:ea:0a:
         27:09:b9:f5:44:61:9f:63:d1:94:d3:1b:a3:ce:72:4a:46:ec:
         28:12:e9:e1:65:ef:88:b1:37:71:4a:e3:c3:07:28:a7:99:ea:
         12:fa:e8:98:f0:74:14:b7:74:de:00:2a:02:26:70:b3:d8:7c:
         0b:e0:6d:b6:8f:4f:e9:04:9b:da:28:98:7f:6d:6f:94:76:d6:
         90:ca:72:21:97:ea:94:9b:31:7b:0f:c5:50:8a:04:e7:83:9b:
         24:ad:e9:32:3e:8c:fd:08:c8:bc:9a:7c:82:16:83:f1:27:90:
         27:c4:1c:71:a1:6a:53:d3:68:fa:2e:42:ae:a6:56:0e:10:84:
         bd:b3:ff:ea:2a:7b:85:73:50:d9:62:45:4e:2f:8f:98:97:98:
         8d:06:8e:b1:3a:3d:9c:ed:17:d1:ec:0a:90:ca:05:9c:59:0b:
         9d:21:c1:9b:c4:6e:fe:f1:38:e3:50:7e:f3:d6:a1:7d:94:f1:
         71:93:f3:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb81FNJumJDuTK5q5PJ50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGFjMThhN2FkNTAxYmE3ZWExMzU2NzkwOWYxN2U0Zjcz
Mjc0MTMwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmIyNTExNzdmYjllNzkyNGU0OTNiYzhmM2ZmYjFmZjQxNDA3ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms8yLi+laHFMfEJZEkkaefrkHhSR
zBZHUFCQLIbn3iIJNVc3U6O3X7Suve3h09HfxGZ/QR6zQSk6c+tQxGBTXA2q3TKt
a0uNofjt2GzCA34lFsOrC1gUP7bu/zWk5q4JENGefXa5M5l7W0gFEPYAjBf3/I2Y
ebvSzAYUhoExSUx3PXFLG/TbvNAH63A6LGXodyXT3OjHK5t6hv6pmN/m3VCh58+W
FxzrNUOpBY43OIKbYlnHED+rQIL+Mhz2voPkheBYpBSC6jf4smPTWmg8GWsHylGN
QoZmHWICQ/Mcr0cdE5AfE+ud8mjCHWI/g+9HjXXBJiNKfpuS0NUeOIWkQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuyURd/ueeSTkk7yPP/sf9BQHgbMB8GA1UdIwQY
MBaAFIvawYp61QG6fqE1Z5CfF+T3MnQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzkt
YzNjYzVkZTFlY2U5LzEvRzdKUkYzLTU1NUpPU1R2SThfLXhfMEZBZUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzktYzNjYzVkZTFlY2U5
LzEvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQmjMA0G
CSqGSIb3DQEBCwUAA4IBAQAQKibEwPMdhuBNxT3vt3cWr0GcTNu+r+9QuJTRWGuL
9H8AUqtAgQDpdD/nCH3+nk7N3ce67Y97MSB5JpZa7L6Jl2P7Q+8j6gonCbn1RGGf
Y9GU0xujznJKRuwoEunhZe+IsTdxSuPDByinmeoS+uiY8HQUt3TeACoCJnCz2HwL
4G22j0/pBJvaKJh/bW+UdtaQynIhl+qUmzF7D8VQigTng5skrekyPoz9CMi8mnyC
FoPxJ5AnxBxxoWpT02j6LkKuplYOEIS9s//qKnuFc1DZYkVOL4+Yl5iNBo6xOj2c
7RfR7AqQygWcWQudIcGbxG7+8TjjUH7z1qF9lPFxk/P1
-----END CERTIFICATE-----