Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/e7722b-e54d-424d-b6c7-e32d05d19235/1/J_cHU9qrPSnRfxcPRvb7po_ySgE.roa
File:                     J_cHU9qrPSnRfxcPRvb7po_ySgE.roa (raw, json)
Hash identifier:          gIrgooTHyv0XpBpdt22y41IdwfNMF71byS/XSWzFJB0=
Subject key identifier:   27:F7:07:53:DA:AB:3D:29:D1:7F:17:0F:46:F6:FB:A6:8F:F2:4A:01
Certificate issuer:       /CN=732adfeeda50be0369a52be4951a093968744f67
Certificate serial:       018CC7257302DFFFC08B280DF34E76B343C9
Authority key identifier: 73:2A:DF:EE:DA:50:BE:03:69:A5:2B:E4:95:1A:09:39:68:74:4F:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cyrf7tpQvgNppSvklRoJOWh0T2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/e7722b-e54d-424d-b6c7-e32d05d19235/1/J_cHU9qrPSnRfxcPRvb7po_ySgE.roa
Signing time:             Mon 01 Jan 2024 22:29:29 +0000
ROA not before:           Mon 01 Jan 2024 22:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208891
IP address blocks:        45.80.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/e7722b-e54d-424d-b6c7-e32d05d19235/1/cyrf7tpQvgNppSvklRoJOWh0T2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/e7722b-e54d-424d-b6c7-e32d05d19235/1/cyrf7tpQvgNppSvklRoJOWh0T2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cyrf7tpQvgNppSvklRoJOWh0T2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:73:02:df:ff:c0:8b:28:0d:f3:4e:76:b3:43:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=732adfeeda50be0369a52be4951a093968744f67
        Validity
            Not Before: Jan  1 22:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27f70753daab3d29d17f170f46f6fba68ff24a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:46:27:ab:c3:39:0a:26:5a:35:0a:43:ab:e0:
                    41:7b:35:42:84:ed:95:cd:51:46:1c:23:b7:69:0a:
                    ef:9a:56:9a:2a:05:70:67:af:a3:03:b6:4b:f9:7b:
                    0c:f3:03:8f:5a:2e:d1:f5:86:3f:d7:31:a6:7e:46:
                    2c:97:47:af:ba:83:d7:6a:64:9f:f5:61:a1:14:5f:
                    43:8a:d5:37:35:94:db:32:19:52:59:62:39:bf:be:
                    83:ef:6e:67:e1:9d:3b:39:7a:9d:18:fa:a9:11:2d:
                    a8:e0:41:e4:e4:f7:b6:50:7a:3e:e8:75:da:15:89:
                    3c:48:ca:2d:79:da:6f:36:33:8b:5e:d9:13:e1:ec:
                    94:17:5f:2d:74:ae:56:80:82:17:e6:51:b4:e5:97:
                    77:56:ce:20:fc:e7:13:48:d3:fc:54:9c:c2:41:ec:
                    38:02:a3:fd:92:a3:55:68:eb:2f:90:22:41:66:6a:
                    d8:25:ce:fd:4e:42:37:3e:31:d1:a8:e5:92:91:81:
                    74:ac:c8:0f:02:19:14:6e:11:ff:51:6a:89:0f:15:
                    2a:8a:89:79:f9:6d:a6:3e:1c:b0:3a:9c:94:f7:d5:
                    48:12:8b:86:0d:e8:4e:f5:f5:53:d1:6b:7b:35:9b:
                    03:db:0d:63:54:6e:eb:76:69:36:79:46:4f:33:53:
                    2b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F7:07:53:DA:AB:3D:29:D1:7F:17:0F:46:F6:FB:A6:8F:F2:4A:01
            X509v3 Authority Key Identifier:
                keyid:73:2A:DF:EE:DA:50:BE:03:69:A5:2B:E4:95:1A:09:39:68:74:4F:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cyrf7tpQvgNppSvklRoJOWh0T2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e7722b-e54d-424d-b6c7-e32d05d19235/1/J_cHU9qrPSnRfxcPRvb7po_ySgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e7722b-e54d-424d-b6c7-e32d05d19235/1/cyrf7tpQvgNppSvklRoJOWh0T2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:37:c1:78:6d:89:95:1c:98:a3:8d:8e:44:4b:cb:50:01:b2:
         17:a9:19:97:dd:0e:c5:4a:78:e9:35:7e:24:16:7d:da:7a:e9:
         c6:77:1e:a9:56:48:ad:f0:30:d2:02:2a:f5:e7:ae:a3:6d:39:
         74:ec:7c:dc:20:50:d4:31:48:3d:5d:fd:d6:c7:70:1b:f7:00:
         ff:93:4e:fc:fa:69:37:23:3c:49:25:55:a0:f1:c0:27:9d:35:
         15:3d:5e:6f:cb:3f:e3:c6:d0:75:29:b7:34:d5:ad:df:25:e8:
         3e:c0:27:27:21:e3:81:5d:6c:b8:d4:8f:e4:37:2a:7e:50:cc:
         bf:36:c6:40:86:26:4b:dd:91:93:b3:96:9f:30:7a:24:22:3c:
         59:06:27:52:4c:cf:1f:ab:c7:31:e7:7f:2d:03:19:63:cc:e6:
         62:ea:44:c0:89:b4:a4:e9:9c:1c:55:8d:83:05:d3:93:45:f0:
         ee:71:75:63:ee:fe:80:f3:18:63:eb:dd:9e:a7:1a:03:30:17:
         f0:3b:27:f0:98:8e:da:b8:c6:e5:53:ca:b8:6e:75:74:a9:99:
         9d:f7:2f:b6:12:6d:31:b3:7a:0b:16:8f:75:15:e1:bd:48:c1:
         62:d1:4c:28:4f:e7:89:c5:80:7c:82:dd:ef:4d:3c:e7:77:eb:
         a9:66:37:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXMC3//AiygN8052s0PJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMmFkZmVlZGE1MGJlMDM2OWE1MmJlNDk1MWEwOTM5Njg3
NDRmNjcwHhcNMjQwMTAxMjIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y3MDc1M2RhYWIzZDI5ZDE3ZjE3MGY0NmY2ZmJhNjhmZjI0YTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkYnq8M5CiZaNQpDq+BBezVChO2V
zVFGHCO3aQrvmlaaKgVwZ6+jA7ZL+XsM8wOPWi7R9YY/1zGmfkYsl0evuoPXamSf
9WGhFF9DitU3NZTbMhlSWWI5v76D725n4Z07OXqdGPqpES2o4EHk5Pe2UHo+6HXa
FYk8SMotedpvNjOLXtkT4eyUF18tdK5WgIIX5lG05Zd3Vs4g/OcTSNP8VJzCQew4
AqP9kqNVaOsvkCJBZmrYJc79TkI3PjHRqOWSkYF0rMgPAhkUbhH/UWqJDxUqiol5
+W2mPhywOpyU99VIEouGDehO9fVT0Wt7NZsD2w1jVG7rdmk2eUZPM1MrWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf3B1Paqz0p0X8XD0b2+6aP8koBMB8GA1UdIwQY
MBaAFHMq3+7aUL4DaaUr5JUaCTlodE9nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3lyZjd0cFF2Z05wcFN2a2xSb0pPV2gwVDJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9lNzcyMmItZTU0ZC00MjRkLWI2Yzct
ZTMyZDA1ZDE5MjM1LzEvSl9jSFU5cXJQU25SZnhjUFJ2Yjdwb195U2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9lNzcyMmItZTU0ZC00MjRkLWI2YzctZTMyZDA1ZDE5MjM1
LzEvY3lyZjd0cFF2Z05wcFN2a2xSb0pPV2gwVDJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVDsMA0G
CSqGSIb3DQEBCwUAA4IBAQArN8F4bYmVHJijjY5ES8tQAbIXqRmX3Q7FSnjpNX4k
Fn3aeunGdx6pVkit8DDSAir1566jbTl07HzcIFDUMUg9Xf3Wx3Ab9wD/k078+mk3
IzxJJVWg8cAnnTUVPV5vyz/jxtB1Kbc01a3fJeg+wCcnIeOBXWy41I/kNyp+UMy/
NsZAhiZL3ZGTs5afMHokIjxZBidSTM8fq8cx538tAxljzOZi6kTAibSk6ZwcVY2D
BdOTRfDucXVj7v6A8xhj692epxoDMBfwOyfwmI7auMblU8q4bnV0qZmd9y+2Em0x
s3oLFo91FeG9SMFi0UwoT+eJxYB8gt3vTTznd+upZjfQ
-----END CERTIFICATE-----