Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/8ea34c-af87-4721-9e69-2af3b76c18c9/1/Cdac24_W7SW1DcyYKZZklO4b4qI.roa
File:                     Cdac24_W7SW1DcyYKZZklO4b4qI.roa (raw, json)
Hash identifier:          Vjm2gBpqcazUG3bEMmh3+B9KwRbwH03D4b7+CPSQ4ic=
Subject key identifier:   09:D6:9C:DB:8F:D6:ED:25:B5:0D:CC:98:29:96:64:94:EE:1B:E2:A2
Certificate issuer:       /CN=9ed8fcff3193ac53bb4b07c48d3dd29ef588eb8d
Certificate serial:       018CC34964D4C0D72CEDD2B420D2405DB71D
Authority key identifier: 9E:D8:FC:FF:31:93:AC:53:BB:4B:07:C4:8D:3D:D2:9E:F5:88:EB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ntj8_zGTrFO7SwfEjT3SnvWI640.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/8ea34c-af87-4721-9e69-2af3b76c18c9/1/Cdac24_W7SW1DcyYKZZklO4b4qI.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50628
IP address blocks:        45.144.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/8ea34c-af87-4721-9e69-2af3b76c18c9/1/ntj8_zGTrFO7SwfEjT3SnvWI640.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/8ea34c-af87-4721-9e69-2af3b76c18c9/1/ntj8_zGTrFO7SwfEjT3SnvWI640.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ntj8_zGTrFO7SwfEjT3SnvWI640.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:64:d4:c0:d7:2c:ed:d2:b4:20:d2:40:5d:b7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed8fcff3193ac53bb4b07c48d3dd29ef588eb8d
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09d69cdb8fd6ed25b50dcc9829966494ee1be2a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:09:09:c9:c3:fc:a4:ef:bc:33:96:75:b1:ef:
                    3f:d2:06:23:1d:f3:52:05:01:d1:ee:ec:17:cf:39:
                    ec:e8:5b:ce:f7:ed:2f:89:3d:20:8c:53:26:c4:ba:
                    1a:13:11:2b:cb:d2:c2:b4:b8:38:ce:27:b7:a6:78:
                    69:57:eb:03:2c:bb:3b:f6:49:bb:99:d2:7a:ee:21:
                    c9:c4:91:45:70:02:1a:1d:f5:65:d9:9d:e4:02:13:
                    a7:d6:82:0b:09:0e:85:fd:90:7d:c7:50:2b:7f:f0:
                    4a:96:53:28:78:89:47:e1:94:b1:3a:20:16:ae:ec:
                    2f:99:df:cc:8f:86:4d:7f:5e:2a:f4:30:77:dc:28:
                    64:55:27:9f:ee:6d:f9:d7:6f:68:5c:d4:38:02:13:
                    37:ed:f2:1b:b0:5a:93:94:13:d6:8a:1f:80:73:1e:
                    1a:d6:98:80:37:97:fa:bc:64:4a:d1:40:e3:7c:d8:
                    c9:e3:b9:93:f2:d2:2f:62:2d:bf:c1:83:5d:be:ba:
                    cf:da:e5:d4:94:33:7f:0d:98:d4:dc:b9:54:b1:f8:
                    5f:e9:4c:c9:88:53:4f:e3:16:4d:62:5e:a7:c1:b8:
                    a9:05:1c:9c:39:5f:3f:63:ec:c5:2d:39:09:f7:5b:
                    bb:70:1c:a6:3f:08:ec:d2:14:a1:20:f5:cc:0e:5f:
                    8c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D6:9C:DB:8F:D6:ED:25:B5:0D:CC:98:29:96:64:94:EE:1B:E2:A2
            X509v3 Authority Key Identifier:
                keyid:9E:D8:FC:FF:31:93:AC:53:BB:4B:07:C4:8D:3D:D2:9E:F5:88:EB:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ntj8_zGTrFO7SwfEjT3SnvWI640.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8ea34c-af87-4721-9e69-2af3b76c18c9/1/Cdac24_W7SW1DcyYKZZklO4b4qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8ea34c-af87-4721-9e69-2af3b76c18c9/1/ntj8_zGTrFO7SwfEjT3SnvWI640.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:83:ee:2c:f9:92:29:05:42:26:ce:88:a1:40:98:52:74:61:
         13:26:2d:2d:7f:99:0a:e2:30:4f:3f:a8:47:89:e7:d1:97:0a:
         e8:3f:a2:ff:6b:4f:03:16:e2:d3:81:b4:e1:e9:37:2e:17:02:
         61:c0:ee:81:b3:7a:e3:1b:10:1f:d2:35:2f:b8:ba:56:f7:8d:
         8d:6c:d9:87:b1:c6:8d:b3:60:90:8c:96:29:7f:4c:e7:fb:8f:
         dc:5a:04:25:c1:5f:26:da:b5:64:ed:c1:4d:34:8e:ba:c5:2d:
         03:82:43:41:23:f3:03:34:b5:94:fd:4c:37:1a:a9:f6:d8:5f:
         48:da:1f:6a:0f:a1:fe:83:db:56:52:48:55:41:92:dc:5b:92:
         09:4e:c6:87:82:3a:9d:ec:bd:3d:3f:51:65:95:3c:56:b7:77:
         b4:36:40:03:82:2d:d3:de:d9:99:3c:b9:c2:19:08:cf:f3:54:
         21:bf:6b:eb:e5:78:af:3f:05:08:b0:e1:53:6c:5c:40:b0:be:
         7b:d9:8c:ef:99:a3:2e:ea:78:42:1a:37:11:a4:bf:e5:ad:be:
         9c:08:35:1b:6c:d5:d2:b5:19:e5:bc:9f:38:d5:a3:33:25:5e:
         86:c6:16:1c:ff:89:85:04:bd:42:96:d1:64:dc:29:8b:9f:f4:
         93:d4:d3:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWTUwNcs7dK0INJAXbcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZDhmY2ZmMzE5M2FjNTNiYjRiMDdjNDhkM2RkMjllZjU4
OGViOGQwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQ2OWNkYjhmZDZlZDI1YjUwZGNjOTgyOTk2NjQ5NGVlMWJlMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wkJycP8pO+8M5Z1se8/0gYjHfNS
BQHR7uwXzzns6FvO9+0viT0gjFMmxLoaExEry9LCtLg4zie3pnhpV+sDLLs79km7
mdJ67iHJxJFFcAIaHfVl2Z3kAhOn1oILCQ6F/ZB9x1Arf/BKllMoeIlH4ZSxOiAW
ruwvmd/Mj4ZNf14q9DB33ChkVSef7m35129oXNQ4AhM37fIbsFqTlBPWih+Acx4a
1piAN5f6vGRK0UDjfNjJ47mT8tIvYi2/wYNdvrrP2uXUlDN/DZjU3LlUsfhf6UzJ
iFNP4xZNYl6nwbipBRycOV8/Y+zFLTkJ91u7cBymPwjs0hShIPXMDl+MAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnWnNuP1u0ltQ3MmCmWZJTuG+KiMB8GA1UdIwQY
MBaAFJ7Y/P8xk6xTu0sHxI090p71iOuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnRqOF96R1RyRk83U3dmRWpUM1NudldJNjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny84ZWEzNGMtYWY4Ny00NzIxLTllNjkt
MmFmM2I3NmMxOGM5LzEvQ2RhYzI0X1c3U1cxRGN5WUtaWmtsTzRiNHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny84ZWEzNGMtYWY4Ny00NzIxLTllNjktMmFmM2I3NmMxOGM5
LzEvbnRqOF96R1RyRk83U3dmRWpUM1NudldJNjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZBcMA0G
CSqGSIb3DQEBCwUAA4IBAQAng+4s+ZIpBUImzoihQJhSdGETJi0tf5kK4jBPP6hH
iefRlwroP6L/a08DFuLTgbTh6TcuFwJhwO6Bs3rjGxAf0jUvuLpW942NbNmHscaN
s2CQjJYpf0zn+4/cWgQlwV8m2rVk7cFNNI66xS0DgkNBI/MDNLWU/Uw3Gqn22F9I
2h9qD6H+g9tWUkhVQZLcW5IJTsaHgjqd7L09P1FllTxWt3e0NkADgi3T3tmZPLnC
GQjP81Qhv2vr5XivPwUIsOFTbFxAsL572YzvmaMu6nhCGjcRpL/lrb6cCDUbbNXS
tRnlvJ841aMzJV6GxhYc/4mFBL1CltFk3CmLn/ST1NN3
-----END CERTIFICATE-----