Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/T9HaJUk6_lO-W8AdEVA7V9BlSp4.roa
File:                     T9HaJUk6_lO-W8AdEVA7V9BlSp4.roa (raw, json)
Hash identifier:          1fgnZ8DV+LI1wmU/qkREdjS2LyqJO5ZbLqXzNYwxdYU=
Subject key identifier:   4F:D1:DA:25:49:3A:FE:53:BE:5B:C0:1D:11:50:3B:57:D0:65:4A:9E
Certificate issuer:       /CN=75ea894ee05775e0ef061d086ca252147f5c91de
Certificate serial:       018CC86F7C005475C0AD3A8833782508901B
Authority key identifier: 75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/T9HaJUk6_lO-W8AdEVA7V9BlSp4.roa
Signing time:             Tue 02 Jan 2024 04:29:58 +0000
ROA not before:           Tue 02 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207045
IP address blocks:        45.154.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7c:00:54:75:c0:ad:3a:88:33:78:25:08:90:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75ea894ee05775e0ef061d086ca252147f5c91de
        Validity
            Not Before: Jan  2 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd1da25493afe53be5bc01d11503b57d0654a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:34:b5:3e:33:76:fa:1d:21:05:2e:4d:2a:c7:
                    9e:21:6d:cd:cf:d3:e0:d3:e8:68:45:3a:bc:1d:c6:
                    24:f3:49:ce:71:59:b5:8b:7c:aa:9f:5a:2a:ea:07:
                    bb:f2:18:c8:c1:38:56:bc:fd:b5:86:a1:bf:ac:aa:
                    2b:cf:e6:e9:70:7b:81:98:3a:19:b9:5a:4a:6e:95:
                    ef:51:a4:2f:52:4e:67:df:c2:b1:71:20:16:18:66:
                    c9:45:c7:c5:5f:32:55:de:79:73:92:a4:2a:74:19:
                    35:f4:f2:91:29:a2:01:1d:85:80:ce:0a:47:d1:f0:
                    9a:8a:02:e8:96:d2:dd:3e:d6:e7:75:80:ec:5e:70:
                    2f:8f:56:b4:1f:16:90:6a:da:58:b7:8f:0a:c7:94:
                    ba:3f:ca:d1:58:9d:cf:89:6e:f6:bd:29:6d:c8:e6:
                    0b:96:70:c8:ae:7e:fb:87:ac:b2:6e:cf:05:16:c2:
                    aa:0f:94:bf:58:63:23:52:0b:e8:e3:38:33:cd:d3:
                    d3:c4:b6:d7:00:2c:f2:78:8d:6a:cc:b3:a1:b1:77:
                    0f:e3:70:a5:a6:45:6f:b2:0f:7d:af:df:14:6e:aa:
                    b7:22:ca:c9:a3:f6:f4:fe:eb:b0:c1:17:a8:af:23:
                    f3:fa:9a:5c:00:80:41:2d:2b:e3:67:b7:0a:ce:c7:
                    0d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D1:DA:25:49:3A:FE:53:BE:5B:C0:1D:11:50:3B:57:D0:65:4A:9E
            X509v3 Authority Key Identifier:
                keyid:75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/T9HaJUk6_lO-W8AdEVA7V9BlSp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:89:b1:d3:1b:c6:b5:9a:a5:59:a5:a2:7d:3c:1e:72:ed:b2:
         2c:53:62:20:a6:2b:9d:ff:d3:25:a2:1a:2c:b0:8e:1b:8b:1f:
         25:39:bd:cd:8d:1e:3b:83:b9:97:76:6b:12:44:80:9c:00:c9:
         f6:71:87:74:21:79:c7:d7:63:3a:9c:74:65:45:d1:16:68:66:
         79:0d:9b:f6:59:1c:cf:4b:b1:62:30:f6:35:82:6d:66:b2:a1:
         a7:89:1c:c1:95:cc:36:79:1b:b3:1e:28:a1:af:4f:a9:c3:2f:
         6b:d9:e0:f4:a3:e4:c3:47:c3:c3:ea:b7:da:56:7c:99:f2:4a:
         77:7f:06:c9:1f:d7:d9:0b:f5:7b:34:e7:39:1e:cc:35:3f:7d:
         8e:eb:e1:93:32:bd:75:58:9c:72:96:ab:2b:40:2d:92:56:3c:
         6d:1c:0c:68:89:b5:34:3f:ad:db:e0:6d:57:54:e0:d5:15:15:
         b8:23:1d:ca:38:b0:9d:a1:af:fd:75:93:83:d4:b1:5f:54:2f:
         a7:03:af:a0:f3:01:53:42:92:62:30:0d:34:82:41:bd:64:e1:
         d5:37:08:f8:45:a2:23:fe:fb:b3:b9:42:ee:b2:0f:95:79:e8:
         44:cb:37:f6:d5:40:04:6b:4d:da:a1:ed:ec:60:fa:32:22:19:
         7f:da:81:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3wAVHXArTqIM3glCJAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZWE4OTRlZTA1Nzc1ZTBlZjA2MWQwODZjYTI1MjE0N2Y1
YzkxZGUwHhcNMjQwMTAyMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQxZGEyNTQ5M2FmZTUzYmU1YmMwMWQxMTUwM2I1N2QwNjU0YTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDS1PjN2+h0hBS5NKseeIW3Nz9Pg
0+hoRTq8HcYk80nOcVm1i3yqn1oq6ge78hjIwThWvP21hqG/rKorz+bpcHuBmDoZ
uVpKbpXvUaQvUk5n38KxcSAWGGbJRcfFXzJV3nlzkqQqdBk19PKRKaIBHYWAzgpH
0fCaigLoltLdPtbndYDsXnAvj1a0HxaQatpYt48Kx5S6P8rRWJ3PiW72vSltyOYL
lnDIrn77h6yybs8FFsKqD5S/WGMjUgvo4zgzzdPTxLbXACzyeI1qzLOhsXcP43Cl
pkVvsg99r98Ubqq3IsrJo/b0/uuwwReoryPz+ppcAIBBLSvjZ7cKzscN2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/R2iVJOv5TvlvAHRFQO1fQZUqeMB8GA1UdIwQY
MBaAFHXqiU7gV3Xg7wYdCGyiUhR/XJHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEt
YjdmMjk4NGViNjUzLzEvVDlIYUpVazZfbE8tVzhBZEVWQTdWOUJsU3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEtYjdmMjk4NGViNjUz
LzEvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZovMA0G
CSqGSIb3DQEBCwUAA4IBAQBuibHTG8a1mqVZpaJ9PB5y7bIsU2Igpiud/9Mlohos
sI4bix8lOb3NjR47g7mXdmsSRICcAMn2cYd0IXnH12M6nHRlRdEWaGZ5DZv2WRzP
S7FiMPY1gm1msqGniRzBlcw2eRuzHiihr0+pwy9r2eD0o+TDR8PD6rfaVnyZ8kp3
fwbJH9fZC/V7NOc5Hsw1P32O6+GTMr11WJxylqsrQC2SVjxtHAxoibU0P63b4G1X
VODVFRW4Ix3KOLCdoa/9dZOD1LFfVC+nA6+g8wFTQpJiMA00gkG9ZOHVNwj4RaIj
/vuzuULusg+VeehEyzf21UAEa03aoe3sYPoyIhl/2oGU
-----END CERTIFICATE-----