Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/F50R9kEoYM-xg0L_RgS1kERIPC8.roa
File:                     F50R9kEoYM-xg0L_RgS1kERIPC8.roa (raw, json)
Hash identifier:          6Y+iSfNsqXa5/OJNfrO1kF5sjgT7zFYpfiYsxHpO9uY=
Subject key identifier:   17:9D:11:F6:41:28:60:CF:B1:83:42:FF:46:04:B5:90:44:48:3C:2F
Certificate issuer:       /CN=899241a00348315c02c0e2a9150b863087d1c857
Certificate serial:       01907CD911FB9BB2A4CB8734B0073FB965CE
Authority key identifier: 89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/F50R9kEoYM-xg0L_RgS1kERIPC8.roa
Signing time:             Thu 04 Jul 2024 08:25:18 +0000
ROA not before:           Thu 04 Jul 2024 08:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21267
IP address blocks:        5.45.16.0/23 maxlen: 23
                          5.45.18.0/24 maxlen: 24
                          2a01:6c8:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:d9:11:fb:9b:b2:a4:cb:87:34:b0:07:3f:b9:65:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=899241a00348315c02c0e2a9150b863087d1c857
        Validity
            Not Before: Jul  4 08:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179d11f6412860cfb18342ff4604b59044483c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:25:04:04:4d:75:ea:83:df:b2:83:4c:09:60:
                    68:bd:13:df:f2:98:34:b7:20:4e:c3:4a:33:28:0f:
                    36:6a:83:de:21:45:d3:48:e0:ed:44:2e:eb:60:0a:
                    56:a8:04:72:4f:1c:86:7e:1e:7b:9d:b9:85:a2:8a:
                    1f:af:98:2a:3c:8d:9e:5a:b2:a1:19:37:7b:aa:fc:
                    c6:dc:fe:96:a2:34:7f:b5:a7:6e:03:5a:5f:e0:f9:
                    5c:98:93:37:a1:80:79:c5:a5:c9:8f:d4:92:4e:ff:
                    1b:fe:f0:92:78:1d:0a:4f:de:8f:40:06:0b:6e:bf:
                    f7:14:31:bd:60:55:26:33:e2:d4:53:40:03:27:6b:
                    06:e6:39:e1:05:62:61:f1:f6:25:40:17:a0:6f:6d:
                    7a:08:6e:88:99:4a:3b:15:c5:f8:3a:bd:9e:eb:9c:
                    c4:da:f1:c6:fd:25:ea:41:58:51:8b:5e:ea:9a:d8:
                    a6:e9:d7:e6:c6:dd:a5:bb:59:ad:9e:2f:fb:ba:40:
                    20:94:41:29:ad:66:d0:25:3b:52:bb:fe:91:4c:40:
                    95:dc:5b:1a:5c:dd:8d:6d:13:16:ad:c1:81:fa:33:
                    21:d0:10:81:df:17:a3:3e:75:ae:96:7a:28:23:b8:
                    2f:eb:91:58:ac:ef:25:f5:40:2f:35:64:68:8f:ae:
                    75:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:9D:11:F6:41:28:60:CF:B1:83:42:FF:46:04:B5:90:44:48:3C:2F
            X509v3 Authority Key Identifier:
                keyid:89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/F50R9kEoYM-xg0L_RgS1kERIPC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.16.0-5.45.18.255
                IPv6:
                  2a01:6c8:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:ad:4d:f9:e1:f4:f4:af:2a:48:95:79:a0:53:fd:a8:2e:ac:
         8c:ae:ad:8b:e4:2e:ef:c3:b9:1e:1e:b8:bf:d0:65:8b:15:aa:
         33:35:7d:66:03:25:66:b2:cf:b2:0a:8d:63:e8:c3:32:f7:43:
         19:e6:27:e7:fc:4c:76:06:6a:5b:99:19:1f:01:4e:82:e6:2c:
         d3:e2:ff:70:af:f4:23:30:ce:48:3b:7f:55:50:ef:0c:b7:49:
         2f:ea:e0:d2:26:a6:1f:52:d0:1b:d5:17:06:ef:a8:6a:65:e5:
         7a:fd:f8:2e:6c:e8:e6:d5:a5:35:16:36:4d:88:3b:b2:9a:12:
         fc:69:28:63:48:dc:14:6e:16:7d:d7:a5:6a:d9:98:f9:13:d8:
         64:78:98:e1:5c:be:c1:e1:70:81:2c:30:c3:25:4f:41:d9:6a:
         dd:dc:c7:36:39:34:96:7f:af:cd:3d:44:68:e6:5b:7a:f2:e7:
         92:7e:32:ac:7c:1c:37:8a:6f:24:f6:b9:d6:d4:92:9a:81:a4:
         ff:e0:40:3f:c6:6f:94:82:c5:48:c2:3e:9c:b6:0d:28:35:17:
         68:b5:0f:4b:81:8c:7c:9c:d0:07:18:2d:f7:f1:37:9f:f1:69:
         02:ab:29:70:60:23:81:f0:31:11:44:67:ce:02:2c:9f:d2:46:
         1d:07:f5:57
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZB82RH7m7Kky4c0sAc/uWXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5OTI0MWEwMDM0ODMxNWMwMmMwZTJhOTE1MGI4NjMwODdk
MWM4NTcwHhcNMjQwNzA0MDgyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzlkMTFmNjQxMjg2MGNmYjE4MzQyZmY0NjA0YjU5MDQ0NDgzYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyUEBE116oPfsoNMCWBovRPf8pg0
tyBOw0ozKA82aoPeIUXTSODtRC7rYApWqARyTxyGfh57nbmFooofr5gqPI2eWrKh
GTd7qvzG3P6WojR/taduA1pf4PlcmJM3oYB5xaXJj9SSTv8b/vCSeB0KT96PQAYL
br/3FDG9YFUmM+LUU0ADJ2sG5jnhBWJh8fYlQBegb216CG6ImUo7FcX4Or2e65zE
2vHG/SXqQVhRi17qmtim6dfmxt2lu1mtni/7ukAglEEprWbQJTtSu/6RTECV3Fsa
XN2NbRMWrcGB+jMh0BCB3xejPnWulnooI7gv65FYrO8l9UAvNWRoj6515QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBedEfZBKGDPsYNC/0YEtZBESDwvMB8GA1UdIwQY
MBaAFImSQaADSDFcAsDiqRULhjCH0chXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzIt
OTllNzgwYmYzYjk4LzEvRjUwUjlrRW9ZTS14ZzBMX1JnUzFrRVJJUEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzItOTllNzgwYmYzYjk4
LzEvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAQFLRAD
BAAFLRIwDgQCAAIwCAMGBCoBBsggMA0GCSqGSIb3DQEBCwUAA4IBAQAgrU354fT0
rypIlXmgU/2oLqyMrq2L5C7vw7keHri/0GWLFaozNX1mAyVmss+yCo1j6MMy90MZ
5ifn/Ex2BmpbmRkfAU6C5izT4v9wr/QjMM5IO39VUO8Mt0kv6uDSJqYfUtAb1RcG
76hqZeV6/fgubOjm1aU1FjZNiDuymhL8aShjSNwUbhZ916Vq2Zj5E9hkeJjhXL7B
4XCBLDDDJU9B2Wrd3Mc2OTSWf6/NPURo5lt68ueSfjKsfBw3im8k9rnW1JKagaT/
4EA/xm+UgsVIwj6ctg0oNRdotQ9LgYx8nNAHGC338Tef8WkCqylwYCOB8DERRGfO
Aiyf0kYdB/VX
-----END CERTIFICATE-----