Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/hRYV0IPTQbNWD03hYfgdgWeIlTg.roa
File:                     hRYV0IPTQbNWD03hYfgdgWeIlTg.roa (raw, json)
Hash identifier:          cJBTfGQaT4WYtQ4nC184al31pcjRU+v5UJMXU8e0leQ=
Subject key identifier:   85:16:15:D0:83:D3:41:B3:56:0F:4D:E1:61:F8:1D:81:67:88:95:38
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2D6815C020866D911187F4636A0E
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/hRYV0IPTQbNWD03hYfgdgWeIlTg.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        45.8.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2d:68:15:c0:20:86:6d:91:11:87:f4:63:6a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=851615d083d341b3560f4de161f81d8167889538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:16:4c:2a:97:9b:40:e1:9a:18:ba:58:d7:18:
                    d9:f6:45:47:80:9b:44:c0:87:a1:50:ac:0a:3c:49:
                    26:07:65:8a:27:68:63:d8:09:d2:1b:32:a0:9b:f5:
                    42:7e:72:2f:9b:17:5e:7c:61:73:0e:3a:70:3e:b3:
                    23:2f:76:e9:78:1e:bd:7d:45:99:0b:22:51:7d:73:
                    8f:6b:fe:d9:37:db:1d:65:51:a0:11:e3:d4:10:86:
                    78:62:4f:c5:cf:7e:f1:6b:71:fd:0d:bd:5d:87:d3:
                    39:77:78:4c:14:9f:63:3e:82:84:ba:6c:a4:db:43:
                    79:17:00:2e:5b:e1:b2:9b:c4:18:41:f7:97:75:df:
                    62:30:e0:db:33:14:bc:80:41:e6:bf:fe:94:45:f0:
                    b9:38:6f:37:6d:00:e7:ae:91:60:5b:77:50:b7:d5:
                    71:d6:c0:ee:70:b3:3e:5c:c7:e4:8b:a5:5c:d5:6d:
                    da:86:4a:ec:55:ac:41:9f:fd:01:f4:48:bb:fb:bc:
                    34:9a:d7:79:bc:b7:d5:8b:37:0c:a7:a7:5a:6e:25:
                    50:c0:e7:77:23:be:19:00:41:50:d4:45:95:a7:c1:
                    d7:a2:cf:f6:1b:be:34:7c:33:36:d4:12:0f:9a:24:
                    19:e7:68:b3:61:be:bc:2c:86:67:3d:40:d2:e0:7e:
                    76:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:16:15:D0:83:D3:41:B3:56:0F:4D:E1:61:F8:1D:81:67:88:95:38
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/hRYV0IPTQbNWD03hYfgdgWeIlTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f8:db:97:50:9e:3e:77:3d:95:f3:a0:b0:b1:e3:76:52:f4:
         1c:e0:af:77:fd:2a:40:70:b7:88:d5:d4:93:db:90:59:9b:61:
         2a:99:30:1e:86:3b:3a:d8:3a:8e:23:ed:58:a0:09:32:9a:53:
         4a:05:07:79:c0:33:0b:74:1c:b9:8c:09:04:f4:ad:3a:18:b3:
         f9:59:fd:86:0e:72:ce:78:ae:07:0f:d5:3d:4e:57:0b:7a:60:
         82:48:ec:d2:0b:0e:58:c0:44:31:a7:d9:70:2f:6d:a8:5f:27:
         22:b0:e8:b6:3a:3a:b3:cb:4b:1c:2e:6f:c0:dd:44:5c:bd:11:
         1f:cc:b3:b6:e2:b1:d8:3e:10:ff:c5:20:90:5b:48:83:5e:1d:
         ff:4b:e5:6a:26:6e:02:bb:a5:3d:31:d3:bf:6c:7b:5f:02:4a:
         76:91:74:8c:aa:e5:c9:58:53:cf:61:bc:ee:67:29:22:39:2c:
         79:13:7c:77:c9:e6:13:f0:b8:f4:a0:05:93:ec:da:68:ad:10:
         0c:29:90:da:c6:15:15:d9:23:d1:d7:45:3c:c8:92:31:e5:54:
         aa:57:1b:30:74:cf:8d:30:d5:3d:d6:7f:c5:1b:bd:14:cf:ec:
         8e:a4:64:8c:80:ea:1f:97:09:35:5f:15:23:2a:3d:ee:25:e7:
         c0:22:d6:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS1oFcAghm2REYf0Y2oOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTE2MTVkMDgzZDM0MWIzNTYwZjRkZTE2MWY4MWQ4MTY3ODg5NTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hZMKpebQOGaGLpY1xjZ9kVHgJtE
wIehUKwKPEkmB2WKJ2hj2AnSGzKgm/VCfnIvmxdefGFzDjpwPrMjL3bpeB69fUWZ
CyJRfXOPa/7ZN9sdZVGgEePUEIZ4Yk/Fz37xa3H9Db1dh9M5d3hMFJ9jPoKEumyk
20N5FwAuW+Gym8QYQfeXdd9iMODbMxS8gEHmv/6URfC5OG83bQDnrpFgW3dQt9Vx
1sDucLM+XMfki6Vc1W3ahkrsVaxBn/0B9Ei7+7w0mtd5vLfVizcMp6dabiVQwOd3
I74ZAEFQ1EWVp8HXos/2G740fDM21BIPmiQZ52izYb68LIZnPUDS4H52dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUWFdCD00GzVg9N4WH4HYFniJU4MB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvaFJZVjBJUFRRYk5XRDAzaFlmZ2RnV2VJbFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAp+NuXUJ4+dz2V86CwseN2UvQc4K93/SpAcLeI1dST
25BZm2EqmTAehjs62DqOI+1YoAkymlNKBQd5wDMLdBy5jAkE9K06GLP5Wf2GDnLO
eK4HD9U9TlcLemCCSOzSCw5YwEQxp9lwL22oXycisOi2Ojqzy0scLm/A3URcvREf
zLO24rHYPhD/xSCQW0iDXh3/S+VqJm4Cu6U9MdO/bHtfAkp2kXSMquXJWFPPYbzu
ZykiOSx5E3x3yeYT8Lj0oAWT7NporRAMKZDaxhUV2SPR10U8yJIx5VSqVxswdM+N
MNU91n/FG70Uz+yOpGSMgOoflwk1XxUjKj3uJefAItaN
-----END CERTIFICATE-----