Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/u07v9GMDs0CG-iOGiBTleE6O6lU.roa
File:                     u07v9GMDs0CG-iOGiBTleE6O6lU.roa (raw, json)
Hash identifier:          CU6QwiXvddT1wmqVjOFE6KSo83KesS03xmXq97PNHEI=
Subject key identifier:   BB:4E:EF:F4:63:03:B3:40:86:FA:23:86:88:14:E5:78:4E:8E:EA:55
Certificate issuer:       /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial:       018CC9BC3B97A2A8696DA631C9DB7425A6EE
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/u07v9GMDs0CG-iOGiBTleE6O6lU.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206455
IP address blocks:        45.85.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3b:97:a2:a8:69:6d:a6:31:c9:db:74:25:a6:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb4eeff46303b34086fa23868814e5784e8eea55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:40:7f:71:a6:65:06:4e:2b:8f:84:f4:1a:69:
                    56:24:ef:e7:a1:b5:1e:6e:a3:51:e7:5e:ef:18:87:
                    86:ec:5c:e8:1b:54:87:65:9d:fb:b7:2c:44:2c:02:
                    5a:a2:71:53:70:8f:5a:fb:08:44:14:3f:30:1b:bf:
                    e1:50:7c:78:94:de:3e:8f:52:5b:d5:4d:bb:4a:54:
                    1e:e1:1e:1f:50:17:e0:46:b7:3f:eb:c4:55:5c:86:
                    64:63:42:d2:fc:39:98:32:59:b6:01:59:b4:62:6a:
                    04:02:8f:4c:84:4e:00:7e:60:29:41:c4:4e:76:2b:
                    e8:94:55:87:d7:9f:48:8a:a7:2d:f3:47:3b:d6:ae:
                    ae:f7:dc:57:8f:fd:30:93:87:43:65:4f:ab:98:c9:
                    e1:55:65:03:90:f5:18:9b:f4:fb:ba:7b:fd:bc:ec:
                    57:b6:d1:66:76:c2:03:2b:62:bc:2a:74:a4:cf:38:
                    4a:f8:bf:be:9b:f7:9f:5f:bf:64:af:0d:04:ae:c3:
                    21:70:ea:ef:9c:82:7e:e1:3e:ae:d9:c9:0a:b9:65:
                    1b:a2:ba:ae:ea:39:fe:06:c7:8f:77:62:91:ff:b3:
                    d2:1b:d8:21:43:2f:13:31:d8:30:2b:93:03:c6:06:
                    08:fe:c8:67:86:a4:00:40:bf:8f:8e:94:40:69:b5:
                    ac:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:4E:EF:F4:63:03:B3:40:86:FA:23:86:88:14:E5:78:4E:8E:EA:55
            X509v3 Authority Key Identifier:
                keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/u07v9GMDs0CG-iOGiBTleE6O6lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:a8:5b:38:ec:ab:c1:cd:55:72:81:99:6f:15:50:ef:17:67:
         4e:80:3d:39:ca:bd:56:55:17:2c:30:25:8d:ac:d6:1e:1c:63:
         1c:d4:18:e0:c0:46:c3:d9:64:10:a5:e5:0f:d2:3d:14:1a:1f:
         9f:88:db:c3:63:5d:1d:4c:07:da:f2:8b:ea:31:14:e9:d2:1b:
         77:e0:34:f1:ee:31:c9:45:6e:97:cc:4e:48:67:cd:27:9a:c3:
         3a:97:d5:37:49:df:be:36:c5:91:bd:8a:76:1e:83:31:bb:07:
         43:5f:3f:ea:e1:d3:bb:49:26:77:ec:17:55:8c:55:ca:af:cd:
         7e:cb:05:50:9c:13:10:f5:ae:19:d6:58:72:b6:62:11:1d:86:
         a9:27:5f:92:72:d6:39:50:7b:3f:07:39:67:45:1a:d9:bc:82:
         d4:bb:08:19:db:11:9c:07:73:ae:c0:18:b4:9a:d5:8d:e8:61:
         15:28:d0:7e:61:b6:b7:63:a4:03:c5:a5:c1:8d:f0:74:27:73:
         27:ff:34:92:f1:28:78:f3:59:88:6b:d0:e9:09:5d:e4:29:58:
         cf:e2:4a:a7:f5:3a:8b:9e:f0:e3:64:bc:b5:f1:74:7b:61:3a:
         6d:11:e1:4f:e0:6c:18:3a:97:48:0b:74:28:77:94:18:11:15:
         ac:35:72:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDuXoqhpbaYxydt0JabuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTFhMmM5ZmM4ZGU5Njc5YmIxNTg1ODFiMTBjZWFlZTkx
ZmY3OTEwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjRlZWZmNDYzMDNiMzQwODZmYTIzODY4ODE0ZTU3ODRlOGVlYTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EB/caZlBk4rj4T0GmlWJO/nobUe
bqNR517vGIeG7FzoG1SHZZ37tyxELAJaonFTcI9a+whEFD8wG7/hUHx4lN4+j1Jb
1U27SlQe4R4fUBfgRrc/68RVXIZkY0LS/DmYMlm2AVm0YmoEAo9MhE4AfmApQcRO
divolFWH159Iiqct80c71q6u99xXj/0wk4dDZU+rmMnhVWUDkPUYm/T7unv9vOxX
ttFmdsIDK2K8KnSkzzhK+L++m/efX79krw0ErsMhcOrvnIJ+4T6u2ckKuWUborqu
6jn+BsePd2KR/7PSG9ghQy8TMdgwK5MDxgYI/shnhqQAQL+PjpRAabWsXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtO7/RjA7NAhvojhogU5XhOjupVMB8GA1UdIwQY
MBaAFKgRosn8jelnm7FYWBsQzq7pH/eRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYt
MGNjNGMwMDAwODU4LzEvdTA3djlHTURzMENHLWlPR2lCVGxlRTZPNmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYtMGNjNGMwMDAwODU4
LzEvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVW5MA0G
CSqGSIb3DQEBCwUAA4IBAQBIqFs47KvBzVVygZlvFVDvF2dOgD05yr1WVRcsMCWN
rNYeHGMc1BjgwEbD2WQQpeUP0j0UGh+fiNvDY10dTAfa8ovqMRTp0ht34DTx7jHJ
RW6XzE5IZ80nmsM6l9U3Sd++NsWRvYp2HoMxuwdDXz/q4dO7SSZ37BdVjFXKr81+
ywVQnBMQ9a4Z1lhytmIRHYapJ1+SctY5UHs/BzlnRRrZvILUuwgZ2xGcB3OuwBi0
mtWN6GEVKNB+Yba3Y6QDxaXBjfB0J3Mn/zSS8Sh481mIa9DpCV3kKVjP4kqn9TqL
nvDjZLy18XR7YTptEeFP4GwYOpdIC3Qod5QYERWsNXKw
-----END CERTIFICATE-----