Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/fSCcVufyOhoxd5R5yqq2Ry2RLz8.roa
File:                     fSCcVufyOhoxd5R5yqq2Ry2RLz8.roa (raw, json)
Hash identifier:          VnjguIwRNIApcKwVf1xDtCirmTjmJhgTFL/tvjIewc8=
Subject key identifier:   7D:20:9C:56:E7:F2:3A:1A:31:77:94:79:CA:AA:B6:47:2D:91:2F:3F
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       018CC72750C2DB5B592B9307B28CFA3FFC5A
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/fSCcVufyOhoxd5R5yqq2Ry2RLz8.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51167
IP address blocks:        45.92.31.0/24 maxlen: 24
                          45.92.30.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:50:c2:db:5b:59:2b:93:07:b2:8c:fa:3f:fc:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d209c56e7f23a1a31779479caaab6472d912f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e2:25:48:5b:42:3b:99:4d:23:d1:a2:d2:d1:
                    8e:38:e3:1f:db:d9:85:eb:fa:f1:57:46:cc:77:7a:
                    e1:c4:be:b3:ed:e1:d0:6f:c8:05:8e:2b:bc:e3:7c:
                    ac:47:8b:4f:17:26:79:b3:5e:0c:cf:eb:fc:c4:ac:
                    40:41:14:cd:3d:1d:e8:74:e5:8c:36:f3:f6:0d:e8:
                    9a:fd:79:cd:fd:5f:41:1d:e3:68:23:cb:e2:83:2b:
                    02:34:5f:cb:25:d9:08:84:30:eb:3d:d2:b5:0b:72:
                    28:e4:42:fe:11:cb:c8:72:79:56:9a:51:a8:fe:e5:
                    7e:ab:ea:79:05:2c:66:ee:73:07:1e:59:ab:cd:25:
                    bc:87:13:a4:f1:29:52:a1:76:e8:b3:a2:ca:0b:b3:
                    80:4b:4a:24:55:94:f7:41:dd:6f:ec:dd:69:e3:24:
                    9f:e2:25:05:e1:f7:c7:08:48:c9:7b:ec:5d:5a:1c:
                    fe:0b:26:c2:04:6d:08:db:72:a7:8e:3f:fb:7b:0c:
                    8d:00:78:15:90:a3:41:15:78:52:fe:f3:2c:47:9e:
                    f0:16:2b:f6:09:57:3d:28:f1:80:4e:86:6c:94:b4:
                    52:69:d1:c9:b9:90:e3:f7:cd:69:3d:5b:45:52:99:
                    5e:f4:5e:0d:c6:3b:82:6e:d8:31:18:78:fb:0e:3d:
                    52:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:20:9C:56:E7:F2:3A:1A:31:77:94:79:CA:AA:B6:47:2D:91:2F:3F
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/fSCcVufyOhoxd5R5yqq2Ry2RLz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:43:56:2c:de:8c:c9:8c:d3:97:39:80:2e:8b:6c:cf:4e:68:
         9f:e5:c6:5f:08:ab:db:ee:bd:4f:2e:39:50:e7:f5:64:c8:bf:
         06:36:ff:8e:01:0c:14:5a:d3:72:03:a6:9d:fb:31:91:8c:f5:
         91:4d:99:bf:ed:7d:c3:8c:de:0e:5f:f2:a7:e1:df:7e:35:5b:
         64:b9:34:30:d3:be:75:30:f1:82:13:44:83:2f:e8:fb:ef:d5:
         30:28:cb:82:a8:1d:d8:d1:92:e3:b0:13:52:1b:ce:14:c7:b4:
         44:e6:94:9a:a7:ab:5e:02:ba:34:7e:9f:ca:8b:6f:34:50:49:
         d4:e4:fd:db:b4:ac:de:8b:75:77:9e:a4:c7:b4:af:ae:c2:80:
         82:af:65:50:01:87:a5:33:f8:c3:b6:8f:ce:68:47:2f:a5:79:
         aa:d7:f3:b6:df:a6:6b:82:fc:94:23:a2:63:8c:fc:dd:9c:db:
         fd:a6:2d:7d:7f:47:6f:f1:25:fa:f0:9e:2d:cb:5c:1d:f3:d2:
         85:bc:76:98:b1:ab:53:a5:7b:e3:57:98:ef:08:0d:20:21:95:
         c2:f7:6f:da:94:17:29:39:05:f0:37:24:34:28:65:7b:68:e4:
         96:de:95:bf:9b:aa:02:59:67:aa:55:41:bc:de:7d:52:44:92:
         74:d3:15:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1DC21tZK5MHsoz6P/xaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDIwOWM1NmU3ZjIzYTFhMzE3Nzk0NzljYWFhYjY0NzJkOTEyZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluIlSFtCO5lNI9Gi0tGOOOMf29mF
6/rxV0bMd3rhxL6z7eHQb8gFjiu843ysR4tPFyZ5s14Mz+v8xKxAQRTNPR3odOWM
NvP2Deia/XnN/V9BHeNoI8vigysCNF/LJdkIhDDrPdK1C3Io5EL+EcvIcnlWmlGo
/uV+q+p5BSxm7nMHHlmrzSW8hxOk8SlSoXbos6LKC7OAS0okVZT3Qd1v7N1p4ySf
4iUF4ffHCEjJe+xdWhz+CybCBG0I23Knjj/7ewyNAHgVkKNBFXhS/vMsR57wFiv2
CVc9KPGAToZslLRSadHJuZDj981pPVtFUple9F4NxjuCbtgxGHj7Dj1SvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0gnFbn8joaMXeUecqqtkctkS8/MB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvZlNDY1Z1ZnlPaG94ZDVSNXlxcTJSeTJSTHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVweMA0G
CSqGSIb3DQEBCwUAA4IBAQCDQ1Ys3ozJjNOXOYAui2zPTmif5cZfCKvb7r1PLjlQ
5/VkyL8GNv+OAQwUWtNyA6ad+zGRjPWRTZm/7X3DjN4OX/Kn4d9+NVtkuTQw0751
MPGCE0SDL+j779UwKMuCqB3Y0ZLjsBNSG84Ux7RE5pSap6teAro0fp/Ki280UEnU
5P3btKzei3V3nqTHtK+uwoCCr2VQAYelM/jDto/OaEcvpXmq1/O236ZrgvyUI6Jj
jPzdnNv9pi19f0dv8SX68J4ty1wd89KFvHaYsatTpXvjV5jvCA0gIZXC92/alBcp
OQXwNyQ0KGV7aOSW3pW/m6oCWWeqVUG83n1SRJJ00xUn
-----END CERTIFICATE-----