Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/YSnxJepqddhT4iz97XOGvbUK_Lo.roa
File:                     YSnxJepqddhT4iz97XOGvbUK_Lo.roa (raw, json)
Hash identifier:          6HVAAVZ1D/gHmhy0WaGOLnjQMLGZgVTfwqyoEIy4bLw=
Subject key identifier:   61:29:F1:25:EA:6A:75:D8:53:E2:2C:FD:ED:73:86:BD:B5:0A:FC:BA
Certificate issuer:       /CN=0e831fd70c6bd37a2a75d7a0eac031c92da8e185
Certificate serial:       018CCA2B69F4495A41E4485319A5F2822365
Authority key identifier: 0E:83:1F:D7:0C:6B:D3:7A:2A:75:D7:A0:EA:C0:31:C9:2D:A8:E1:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/YSnxJepqddhT4iz97XOGvbUK_Lo.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.130.46.0/23 maxlen: 24
                          185.230.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:69:f4:49:5a:41:e4:48:53:19:a5:f2:82:23:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e831fd70c6bd37a2a75d7a0eac031c92da8e185
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6129f125ea6a75d853e22cfded7386bdb50afcba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:40:b2:43:b7:43:4f:13:50:3c:99:73:13:67:
                    7c:4b:f2:72:46:c4:1f:50:68:c5:2f:10:cc:f9:9c:
                    17:4b:1d:73:cd:31:21:45:ec:ff:4e:6d:a2:f8:04:
                    bc:28:af:a5:55:34:42:6b:35:83:06:49:86:ba:66:
                    db:ec:23:25:ad:e5:08:f2:d1:97:ac:81:5f:a7:47:
                    5b:47:c9:b9:c7:b2:df:fd:de:a8:b8:ea:74:2f:28:
                    d3:d7:a6:95:65:e1:3c:2d:5d:36:de:4a:ff:e3:84:
                    99:16:af:2d:58:62:42:a0:e5:30:18:83:b0:0b:bc:
                    dc:53:ca:e6:de:ed:8d:6a:08:6f:3b:61:f4:29:b1:
                    73:43:1a:95:b4:ec:c6:44:37:b9:21:d3:44:e9:72:
                    03:ce:af:ab:47:ed:ce:c4:06:00:b7:e9:a0:01:63:
                    1e:fc:ab:f8:f9:4f:fb:b4:96:05:dc:ad:9a:62:af:
                    bf:d3:8f:00:0b:fa:25:3f:03:62:ba:a9:ba:38:b9:
                    73:4d:3c:aa:67:36:81:f1:ba:a1:d7:67:0c:94:69:
                    67:6f:af:e4:31:6e:e6:62:97:7f:1e:d7:3f:d2:c2:
                    31:11:5a:5f:e4:51:c2:57:89:68:b2:19:3b:0f:09:
                    a4:9f:d5:72:91:77:7f:9a:0b:35:3b:7e:c4:f9:81:
                    a9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:29:F1:25:EA:6A:75:D8:53:E2:2C:FD:ED:73:86:BD:B5:0A:FC:BA
            X509v3 Authority Key Identifier:
                keyid:0E:83:1F:D7:0C:6B:D3:7A:2A:75:D7:A0:EA:C0:31:C9:2D:A8:E1:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/YSnxJepqddhT4iz97XOGvbUK_Lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.46.0/23
                  185.230.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a8:11:bb:5a:ba:e3:01:8a:4c:dd:78:fe:1f:ab:e8:59:24:
         c9:20:63:fb:36:c3:09:fd:76:77:91:59:5b:75:ce:a5:6c:c6:
         2b:b4:ee:ab:1f:db:13:5b:92:0b:37:25:05:66:39:1e:29:3b:
         28:cb:bd:60:7f:d1:c9:0d:7b:5b:6b:f4:58:28:94:af:d2:40:
         96:cb:cc:14:4b:7b:88:d7:7b:f9:8b:49:e4:5e:62:ea:9a:99:
         0e:8e:2d:b6:d9:cc:c6:10:dd:8c:c0:57:9e:26:4c:32:77:e9:
         58:54:35:38:e7:10:cb:a5:dd:a4:f5:16:77:81:0f:a3:ec:d3:
         d7:68:6f:df:6d:81:17:ed:22:a6:2c:9f:e2:3b:ea:e3:1d:da:
         8f:b6:2b:44:09:5c:63:dc:03:b3:e0:f2:d9:39:40:6b:50:ef:
         79:68:03:23:a9:c9:b6:32:ec:96:87:74:e8:06:a5:68:af:45:
         5d:50:a4:89:ca:1c:e9:ab:24:f5:4e:60:17:8c:97:ab:53:f5:
         30:9e:10:f7:82:93:62:f5:7e:7c:0d:4e:e8:80:6c:6f:d3:83:
         5f:ed:12:41:0b:2f:9b:97:7f:a8:71:4f:de:f9:33:d7:a5:19:
         08:68:77:6f:f8:8e:b9:38:22:17:fb:f4:d9:49:f6:5b:05:f8:
         74:cd:88:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK2n0SVpB5EhTGaXygiNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlODMxZmQ3MGM2YmQzN2EyYTc1ZDdhMGVhYzAzMWM5MmRh
OGUxODUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTI5ZjEyNWVhNmE3NWQ4NTNlMjJjZmRlZDczODZiZGI1MGFmY2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10CyQ7dDTxNQPJlzE2d8S/JyRsQf
UGjFLxDM+ZwXSx1zzTEhRez/Tm2i+AS8KK+lVTRCazWDBkmGumbb7CMlreUI8tGX
rIFfp0dbR8m5x7Lf/d6ouOp0LyjT16aVZeE8LV023kr/44SZFq8tWGJCoOUwGIOw
C7zcU8rm3u2NaghvO2H0KbFzQxqVtOzGRDe5IdNE6XIDzq+rR+3OxAYAt+mgAWMe
/Kv4+U/7tJYF3K2aYq+/048AC/olPwNiuqm6OLlzTTyqZzaB8bqh12cMlGlnb6/k
MW7mYpd/Htc/0sIxEVpf5FHCV4loshk7Dwmkn9VykXd/mgs1O37E+YGpDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGEp8SXqanXYU+Is/e1zhr21Cvy6MB8GA1UdIwQY
MBaAFA6DH9cMa9N6KnXXoOrAMcktqOGFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG9NZjF3eHIwM29xZGRlZzZzQXh5UzJvNFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85OGE2NjEtNDRmNS00YTA1LWFjYWEt
ZTY3NTgyZjIzMDk3LzEvWVNueEplcHFkZGhUNGl6OTdYT0d2YlVLX0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85OGE2NjEtNDRmNS00YTA1LWFjYWEtZTY3NTgyZjIzMDk3
LzEvRG9NZjF3eHIwM29xZGRlZzZzQXh5UzJvNFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYIuAwQA
ueZnMA0GCSqGSIb3DQEBCwUAA4IBAQBaqBG7WrrjAYpM3Xj+H6voWSTJIGP7NsMJ
/XZ3kVlbdc6lbMYrtO6rH9sTW5ILNyUFZjkeKTsoy71gf9HJDXtba/RYKJSv0kCW
y8wUS3uI13v5i0nkXmLqmpkOji222czGEN2MwFeeJkwyd+lYVDU45xDLpd2k9RZ3
gQ+j7NPXaG/fbYEX7SKmLJ/iO+rjHdqPtitECVxj3AOz4PLZOUBrUO95aAMjqcm2
MuyWh3ToBqVor0VdUKSJyhzpqyT1TmAXjJerU/UwnhD3gpNi9X58DU7ogGxv04Nf
7RJBCy+bl3+ocU/e+TPXpRkIaHdv+I65OCIX+/TZSfZbBfh0zYj/
-----END CERTIFICATE-----