Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/sRHeKEiGa7qdmD-XzoHZyO69-VA.roa
File:                     sRHeKEiGa7qdmD-XzoHZyO69-VA.roa (raw, json)
Hash identifier:          /sWcEke+wZcSntnkyn62dZEGZWWJaxsQJy9Uf1Cevn8=
Subject key identifier:   B1:11:DE:28:48:86:6B:BA:9D:98:3F:97:CE:81:D9:C8:EE:BD:F9:50
Certificate issuer:       /CN=7672c0fe08371764058c6ab85dfb5dcdc109f77e
Certificate serial:       018CC64B291C5D40A922996D175C77558A25
Authority key identifier: 76:72:C0:FE:08:37:17:64:05:8C:6A:B8:5D:FB:5D:CD:C1:09:F7:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnLA_gg3F2QFjGq4XftdzcEJ934.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/sRHeKEiGa7qdmD-XzoHZyO69-VA.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        185.43.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/dnLA_gg3F2QFjGq4XftdzcEJ934.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/dnLA_gg3F2QFjGq4XftdzcEJ934.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnLA_gg3F2QFjGq4XftdzcEJ934.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 01:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:29:1c:5d:40:a9:22:99:6d:17:5c:77:55:8a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7672c0fe08371764058c6ab85dfb5dcdc109f77e
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b111de2848866bba9d983f97ce81d9c8eebdf950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a5:ea:b0:b9:9d:04:a6:41:cb:ae:4a:e6:7a:
                    06:49:b5:4d:41:a0:93:58:bf:2d:31:d4:bd:35:f3:
                    cb:5f:79:cd:5a:60:a7:47:08:f6:e0:94:11:ff:4e:
                    69:03:f7:45:d1:24:ce:f5:c5:ca:21:68:62:28:bc:
                    e1:b5:2e:4c:c7:cf:0d:c0:17:eb:a8:e2:8e:fd:c9:
                    a0:aa:e2:75:44:f5:2f:ae:5d:d0:1e:d9:bd:a2:04:
                    7e:90:18:6a:17:97:80:e2:41:4c:af:e5:24:10:5a:
                    59:29:fd:9c:24:41:c3:37:61:8f:22:f8:73:89:76:
                    3e:44:04:35:9c:bb:57:69:ed:5b:a3:78:e7:c4:ee:
                    68:0a:93:61:42:97:9e:07:cb:b9:5c:83:d1:25:76:
                    f8:3a:35:0e:0b:3a:50:6c:05:36:b2:41:86:5e:d3:
                    7d:7b:c2:5e:7f:0a:ee:be:50:9f:32:24:51:71:93:
                    85:fc:a0:a5:d8:b4:d0:f3:c5:2a:88:2d:8f:b8:44:
                    a2:fd:23:c3:a7:8b:44:72:09:be:8c:4c:ac:f8:c0:
                    02:b6:3b:77:ec:cf:b1:c6:68:82:d3:cd:78:6d:00:
                    22:20:87:24:72:0f:08:15:81:f0:b4:36:10:c6:40:
                    33:82:ed:35:49:b8:06:53:6d:68:55:3a:28:ef:d2:
                    b0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:11:DE:28:48:86:6B:BA:9D:98:3F:97:CE:81:D9:C8:EE:BD:F9:50
            X509v3 Authority Key Identifier:
                keyid:76:72:C0:FE:08:37:17:64:05:8C:6A:B8:5D:FB:5D:CD:C1:09:F7:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnLA_gg3F2QFjGq4XftdzcEJ934.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/sRHeKEiGa7qdmD-XzoHZyO69-VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/dnLA_gg3F2QFjGq4XftdzcEJ934.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:e7:1e:5b:5c:07:80:42:fb:84:26:77:5b:5e:48:29:e2:d1:
         26:c6:94:38:d8:d4:d5:91:a4:a1:37:4f:96:dd:b0:64:8b:4b:
         15:c3:36:e3:e9:d4:7c:2b:7b:e7:9c:3e:0c:46:59:44:d7:15:
         2f:7f:0a:75:23:57:a0:36:f1:44:e0:1a:63:f3:b9:00:61:07:
         fd:53:81:44:64:91:8e:3b:fb:e6:ea:c1:12:36:2d:9c:dd:8c:
         39:f8:da:24:57:df:eb:06:23:7f:e4:12:32:2a:df:ec:42:b3:
         72:1d:69:f7:ce:90:4d:4f:66:bb:a1:89:97:2e:18:16:f9:e5:
         67:bd:84:38:72:e1:32:f2:87:aa:a3:11:2e:6c:35:1f:29:0c:
         1f:f9:56:aa:b2:80:f5:2f:bd:b9:21:8d:d6:98:fd:67:5c:fd:
         f8:32:26:bd:cd:12:d2:33:b4:2c:80:ae:70:42:e2:ea:6a:2a:
         62:20:bb:69:22:86:ec:5e:f6:a7:4b:06:fd:67:40:25:dc:bf:
         7b:fb:d5:29:60:f0:01:cb:f3:08:d3:0f:4f:4c:a7:ac:fc:2f:
         58:f5:70:c4:e7:c6:9c:26:45:a8:63:ca:dc:ca:f5:d5:cb:f0:
         d1:c9:f5:c4:81:ec:a4:2a:2c:e1:2c:07:1e:b5:72:7f:69:18:
         67:3f:3b:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSykcXUCpIpltF1x3VYolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NzJjMGZlMDgzNzE3NjQwNThjNmFiODVkZmI1ZGNkYzEw
OWY3N2UwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTExZGUyODQ4ODY2YmJhOWQ5ODNmOTdjZTgxZDljOGVlYmRmOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6XqsLmdBKZBy65K5noGSbVNQaCT
WL8tMdS9NfPLX3nNWmCnRwj24JQR/05pA/dF0STO9cXKIWhiKLzhtS5Mx88NwBfr
qOKO/cmgquJ1RPUvrl3QHtm9ogR+kBhqF5eA4kFMr+UkEFpZKf2cJEHDN2GPIvhz
iXY+RAQ1nLtXae1bo3jnxO5oCpNhQpeeB8u5XIPRJXb4OjUOCzpQbAU2skGGXtN9
e8JefwruvlCfMiRRcZOF/KCl2LTQ88UqiC2PuESi/SPDp4tEcgm+jEys+MACtjt3
7M+xxmiC0814bQAiIIckcg8IFYHwtDYQxkAzgu01SbgGU21oVToo79KwewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLER3ihIhmu6nZg/l86B2cjuvflQMB8GA1UdIwQY
MBaAFHZywP4INxdkBYxquF37Xc3BCfd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG5MQV9nZzNGMlFGakdxNFhmdGR6Y0VKOTM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOWYyZjYtMTkxZC00ZjBmLWEzYzQt
YzNjODBlNDcwNGU0LzEvc1JIZUtFaUdhN3FkbUQtWHpvSFp5TzY5LVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOWYyZjYtMTkxZC00ZjBmLWEzYzQtYzNjODBlNDcwNGU0
LzEvZG5MQV9nZzNGMlFGakdxNFhmdGR6Y0VKOTM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSuRMA0G
CSqGSIb3DQEBCwUAA4IBAQBq5x5bXAeAQvuEJndbXkgp4tEmxpQ42NTVkaShN0+W
3bBki0sVwzbj6dR8K3vnnD4MRllE1xUvfwp1I1egNvFE4Bpj87kAYQf9U4FEZJGO
O/vm6sESNi2c3Yw5+NokV9/rBiN/5BIyKt/sQrNyHWn3zpBNT2a7oYmXLhgW+eVn
vYQ4cuEy8oeqoxEubDUfKQwf+VaqsoD1L725IY3WmP1nXP34Mia9zRLSM7QsgK5w
QuLqaipiILtpIobsXvanSwb9Z0Al3L97+9UpYPABy/MI0w9PTKes/C9Y9XDE58ac
JkWoY8rcyvXVy/DRyfXEgeykKizhLAcetXJ/aRhnPzuE
-----END CERTIFICATE-----