Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/65f954-3f88-4357-9642-9a16d9c0caf7/1/9G5_vAvVVb2oivzsRt_Hjuv2mQE.roa
File:                     9G5_vAvVVb2oivzsRt_Hjuv2mQE.roa (raw, json)
Hash identifier:          1ayxXcBbYCNa31LxzB6y4ysDFrYBbzC2GxU/fCpaPdU=
Subject key identifier:   F4:6E:7F:BC:0B:D5:55:BD:A8:8A:FC:EC:46:DF:C7:8E:EB:F6:99:01
Certificate issuer:       /CN=c510ad4689896fb850ce790fdfe344d4c027a5ae
Certificate serial:       018CC80171D7918982BAE362F8D90B64D5F5
Authority key identifier: C5:10:AD:46:89:89:6F:B8:50:CE:79:0F:DF:E3:44:D4:C0:27:A5:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xRCtRomJb7hQznkP3-NE1MAnpa4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/65f954-3f88-4357-9642-9a16d9c0caf7/1/9G5_vAvVVb2oivzsRt_Hjuv2mQE.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208557
IP address blocks:        45.129.72.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/65f954-3f88-4357-9642-9a16d9c0caf7/1/xRCtRomJb7hQznkP3-NE1MAnpa4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/65f954-3f88-4357-9642-9a16d9c0caf7/1/xRCtRomJb7hQznkP3-NE1MAnpa4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xRCtRomJb7hQznkP3-NE1MAnpa4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:d7:91:89:82:ba:e3:62:f8:d9:0b:64:d5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c510ad4689896fb850ce790fdfe344d4c027a5ae
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f46e7fbc0bd555bda88afcec46dfc78eebf69901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d9:e3:99:f0:67:70:38:6a:85:87:1c:ea:d4:
                    e3:a2:5c:97:9b:2c:6e:17:dc:2c:94:4b:b3:e7:b3:
                    cf:b6:34:b8:af:fd:eb:ae:40:ec:be:d7:6f:ea:64:
                    73:09:03:26:a8:ce:ab:7e:60:52:d0:26:07:ff:de:
                    9a:5a:4f:f6:dc:db:ae:ec:4d:d3:bb:98:65:d9:d8:
                    c9:97:10:9d:32:27:ef:d9:3b:54:82:1b:75:a8:a3:
                    1f:20:84:04:04:e3:f2:7e:24:14:16:c5:36:85:e4:
                    d7:af:9a:25:c6:c1:24:e2:e8:d7:dc:13:5a:90:0b:
                    b2:62:39:bc:6f:d1:2d:2c:fb:f3:97:89:83:c2:68:
                    d9:da:66:c1:90:ae:ef:8b:8e:e1:d3:73:8d:04:fe:
                    26:15:3d:ba:76:f4:84:ba:5d:49:57:57:a7:63:e6:
                    b7:de:83:c4:3b:72:c6:73:16:d2:ee:b1:ae:6e:65:
                    d4:74:2c:87:60:27:ba:d2:2f:a1:9c:da:be:68:44:
                    93:61:45:56:38:0b:09:23:fd:93:18:6b:18:95:70:
                    bb:bb:93:d5:56:70:be:21:23:7c:79:a7:bf:80:ed:
                    35:0a:a3:ed:78:77:05:99:ea:23:8a:c2:84:ba:e7:
                    60:8c:1e:69:86:2b:38:b3:8f:0a:72:1b:ff:9b:84:
                    98:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:6E:7F:BC:0B:D5:55:BD:A8:8A:FC:EC:46:DF:C7:8E:EB:F6:99:01
            X509v3 Authority Key Identifier:
                keyid:C5:10:AD:46:89:89:6F:B8:50:CE:79:0F:DF:E3:44:D4:C0:27:A5:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xRCtRomJb7hQznkP3-NE1MAnpa4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/65f954-3f88-4357-9642-9a16d9c0caf7/1/9G5_vAvVVb2oivzsRt_Hjuv2mQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/65f954-3f88-4357-9642-9a16d9c0caf7/1/xRCtRomJb7hQznkP3-NE1MAnpa4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:56:b3:b8:5a:5a:81:57:65:76:4d:36:6e:d9:98:e2:88:ba:
         1b:93:0c:32:db:de:4a:4c:90:08:3d:1c:73:23:8f:f5:b3:74:
         50:1e:6f:5a:21:1e:0a:c3:f7:a1:31:c1:b2:8a:55:47:2b:5a:
         20:3f:4d:96:11:14:31:8e:c5:24:4b:3e:61:2a:84:c2:34:1f:
         c9:66:fa:40:03:4b:67:ef:ac:13:2a:9f:5c:6b:49:58:b0:32:
         29:a5:d1:6b:92:97:ad:ed:e4:ca:b2:c5:11:90:1b:3e:18:b3:
         01:2a:8b:ce:77:60:ba:be:30:99:4c:7e:a7:f1:a7:50:b8:e1:
         87:8a:38:af:0c:f1:99:35:4b:66:24:ab:ef:b6:04:4a:21:10:
         66:01:1e:a8:58:34:c2:8b:d3:b4:31:05:8c:f5:ab:e6:93:2a:
         74:6a:90:86:8d:88:06:10:b6:84:6c:95:e5:f4:54:da:02:d3:
         07:7a:41:67:d3:4f:11:61:13:a2:fc:f0:e1:76:9d:51:e8:f0:
         c5:c3:e5:5e:ae:48:03:90:19:c6:b4:78:5f:ca:06:f0:da:83:
         a1:ac:71:0e:d2:86:30:07:8c:ef:7a:cb:e2:ed:81:e6:a0:ad:
         cb:fe:e5:0d:59:dd:8e:0e:1a:a1:59:24:da:66:72:53:d1:d9:
         c9:4b:34:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXHXkYmCuuNi+NkLZNX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTBhZDQ2ODk4OTZmYjg1MGNlNzkwZmRmZTM0NGQ0YzAy
N2E1YWUwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDZlN2ZiYzBiZDU1NWJkYTg4YWZjZWM0NmRmYzc4ZWViZjY5OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNnjmfBncDhqhYcc6tTjolyXmyxu
F9wslEuz57PPtjS4r/3rrkDsvtdv6mRzCQMmqM6rfmBS0CYH/96aWk/23Nuu7E3T
u5hl2djJlxCdMifv2TtUght1qKMfIIQEBOPyfiQUFsU2heTXr5olxsEk4ujX3BNa
kAuyYjm8b9EtLPvzl4mDwmjZ2mbBkK7vi47h03ONBP4mFT26dvSEul1JV1enY+a3
3oPEO3LGcxbS7rGubmXUdCyHYCe60i+hnNq+aESTYUVWOAsJI/2TGGsYlXC7u5PV
VnC+ISN8eae/gO01CqPteHcFmeojisKEuudgjB5phis4s48Kchv/m4SYpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRuf7wL1VW9qIr87Ebfx47r9pkBMB8GA1UdIwQY
MBaAFMUQrUaJiW+4UM55D9/jRNTAJ6WuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJDdFJvbUpiN2hRem5rUDMtTkUxTUFucGE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NWY5NTQtM2Y4OC00MzU3LTk2NDIt
OWExNmQ5YzBjYWY3LzEvOUc1X3ZBdlZWYjJvaXZ6c1J0X0hqdXYybVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NWY5NTQtM2Y4OC00MzU3LTk2NDItOWExNmQ5YzBjYWY3
LzEveFJDdFJvbUpiN2hRem5rUDMtTkUxTUFucGE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYFIMA0G
CSqGSIb3DQEBCwUAA4IBAQAMVrO4WlqBV2V2TTZu2ZjiiLobkwwy295KTJAIPRxz
I4/1s3RQHm9aIR4Kw/ehMcGyilVHK1ogP02WERQxjsUkSz5hKoTCNB/JZvpAA0tn
76wTKp9ca0lYsDIppdFrkpet7eTKssURkBs+GLMBKovOd2C6vjCZTH6n8adQuOGH
ijivDPGZNUtmJKvvtgRKIRBmAR6oWDTCi9O0MQWM9avmkyp0apCGjYgGELaEbJXl
9FTaAtMHekFn008RYROi/PDhdp1R6PDFw+VerkgDkBnGtHhfygbw2oOhrHEO0oYw
B4zvesvi7YHmoK3L/uUNWd2ODhqhWSTaZnJT0dnJSzR2
-----END CERTIFICATE-----