Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/jhrWShEwRw7K99l2b7X_7nCylR4.roa
File:                     jhrWShEwRw7K99l2b7X_7nCylR4.roa (raw, json)
Hash identifier:          Q6f2DqP7444vvYjcbYSSMxWaXsTRgnSTGVJCrPy+b9E=
Subject key identifier:   8E:1A:D6:4A:11:30:47:0E:CA:F7:D9:76:6F:B5:FF:EE:70:B2:95:1E
Certificate issuer:       /CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
Certificate serial:       018E752D46024D016AED52A9C2D97EB0DF0B
Authority key identifier: 72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/jhrWShEwRw7K99l2b7X_7nCylR4.roa
Signing time:             Mon 25 Mar 2024 10:34:45 +0000
ROA not before:           Mon 25 Mar 2024 10:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8434
IP address blocks:        45.8.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:2d:46:02:4d:01:6a:ed:52:a9:c2:d9:7e:b0:df:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
        Validity
            Not Before: Mar 25 10:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e1ad64a1130470ecaf7d9766fb5ffee70b2951e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3c:3d:52:59:3f:be:58:45:79:0c:b9:c9:48:
                    d0:cc:59:84:b1:3f:26:eb:dc:2c:05:d6:0e:a9:28:
                    be:d6:fd:78:35:6c:2c:ef:9d:24:f1:5b:83:e1:56:
                    1c:d7:5d:d8:35:bc:75:d2:e6:05:58:ca:c9:5e:59:
                    19:68:ec:fc:6b:d0:b6:08:aa:2c:0d:b2:0c:e3:10:
                    8c:87:97:e5:7a:eb:03:a7:96:0c:67:67:10:48:9e:
                    82:f2:4c:8b:79:35:a8:08:3c:7e:d3:48:83:60:f2:
                    d5:22:f3:b5:79:e1:67:6a:c0:d9:b6:fa:91:6c:fb:
                    78:de:9c:1e:33:4f:b9:ea:d4:a8:83:56:58:a3:11:
                    69:56:a9:ac:b1:c1:4d:ce:dd:1a:42:c8:54:2d:98:
                    a8:db:70:1a:52:fc:d2:71:9c:2a:60:58:61:8e:d1:
                    43:d0:a2:82:38:06:31:32:54:b4:f3:8e:94:a7:c2:
                    90:15:21:d1:f7:7f:ac:1a:e1:e4:8e:bf:c5:49:8c:
                    72:e9:21:00:02:a9:92:aa:67:8b:e1:76:6c:87:6e:
                    2b:e3:44:ac:6d:2c:4a:e4:2a:dd:14:ee:5d:41:e4:
                    5d:7a:c4:8e:27:e6:ff:cf:7e:97:6c:32:2e:6b:0a:
                    3c:8b:9c:f7:55:69:0b:7e:41:fe:65:6a:25:ba:a9:
                    8a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1A:D6:4A:11:30:47:0E:CA:F7:D9:76:6F:B5:FF:EE:70:B2:95:1E
            X509v3 Authority Key Identifier:
                keyid:72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/jhrWShEwRw7K99l2b7X_7nCylR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:97:52:17:12:68:71:e6:27:0b:08:a2:1a:1b:fa:07:b7:ac:
         4a:75:72:78:63:a9:f3:d5:e0:37:ad:81:4f:31:f8:f8:d0:82:
         11:93:37:33:f0:db:ae:e4:5a:37:c1:66:ba:db:05:87:20:7b:
         81:77:ca:f4:ee:d1:37:e2:d3:f3:c2:e2:4e:43:8a:d0:e3:2d:
         48:0e:e3:bf:c1:c1:2e:8f:97:15:65:89:83:6e:22:5c:70:10:
         c4:b1:cd:e3:2e:94:28:92:f0:2f:4f:27:50:d2:da:14:bd:29:
         55:07:7e:1b:82:73:b1:03:16:86:2d:b0:41:4a:4e:c0:ec:78:
         56:ea:c2:60:dc:82:f2:84:73:d4:8f:9f:a6:9f:ae:e0:f9:2e:
         61:95:43:9f:d5:4f:d3:23:71:7b:32:62:62:9e:77:00:71:3c:
         2a:1e:a3:5b:4f:84:1f:d3:63:d9:aa:b9:2f:51:f5:65:0c:0b:
         96:b4:ab:f1:93:00:8a:e0:fb:ac:d6:7e:32:1a:eb:1a:5b:ad:
         9b:75:b3:f1:75:79:54:ee:63:d6:9b:50:c4:55:a1:69:3d:6c:
         5f:97:54:c7:f6:b6:ee:f9:7d:37:d0:79:86:83:87:f3:da:96:
         3d:2a:1f:5a:30:b6:91:b5:f5:bb:8d:2c:5d:c9:36:0e:e0:2d:
         5f:67:23:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY51LUYCTQFq7VKpwtl+sN8LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2ExYTVjZmY1MmViZTJmMjJiNjY5ZGNjMmM5MDI3Y2Vh
MGI4MWMwHhcNMjQwMzI1MTAzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTFhZDY0YTExMzA0NzBlY2FmN2Q5NzY2ZmI1ZmZlZTcwYjI5NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjw9Ulk/vlhFeQy5yUjQzFmEsT8m
69wsBdYOqSi+1v14NWws750k8VuD4VYc113YNbx10uYFWMrJXlkZaOz8a9C2CKos
DbIM4xCMh5fleusDp5YMZ2cQSJ6C8kyLeTWoCDx+00iDYPLVIvO1eeFnasDZtvqR
bPt43pweM0+56tSog1ZYoxFpVqmsscFNzt0aQshULZio23AaUvzScZwqYFhhjtFD
0KKCOAYxMlS0846Up8KQFSHR93+sGuHkjr/FSYxy6SEAAqmSqmeL4XZsh24r40Ss
bSxK5CrdFO5dQeRdesSOJ+b/z36XbDIuawo8i5z3VWkLfkH+ZWoluqmKHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4a1koRMEcOyvfZdm+1/+5wspUeMB8GA1UdIwQY
MBaAFHLKGlz/Uuvi8itmncwskCfOoLgcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYt
NmE0MTRmMTg0NzA2LzEvamhyV1NoRXdSdzdLOTlsMmI3WF83bkN5bFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYtNmE0MTRmMTg0NzA2
LzEvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgJMA0G
CSqGSIb3DQEBCwUAA4IBAQBml1IXEmhx5icLCKIaG/oHt6xKdXJ4Y6nz1eA3rYFP
Mfj40IIRkzcz8Nuu5Fo3wWa62wWHIHuBd8r07tE34tPzwuJOQ4rQ4y1IDuO/wcEu
j5cVZYmDbiJccBDEsc3jLpQokvAvTydQ0toUvSlVB34bgnOxAxaGLbBBSk7A7HhW
6sJg3ILyhHPUj5+mn67g+S5hlUOf1U/TI3F7MmJinncAcTwqHqNbT4Qf02PZqrkv
UfVlDAuWtKvxkwCK4Pus1n4yGusaW62bdbPxdXlU7mPWm1DEVaFpPWxfl1TH9rbu
+X030HmGg4fz2pY9Kh9aMLaRtfW7jSxdyTYO4C1fZyN1
-----END CERTIFICATE-----