Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/8xlKfMmJYRONSLuaMNvuJW-j2r4.roa
File:                     8xlKfMmJYRONSLuaMNvuJW-j2r4.roa (raw, json)
Hash identifier:          /Vmg0O9sAZzoICi6C0Z6NjXnF3A939Fkh96CTNH1cNw=
Subject key identifier:   F3:19:4A:7C:C9:89:61:13:8D:48:BB:9A:30:DB:EE:25:6F:A3:DA:BE
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B6745A882A36FB751BAAF0BAA70B4
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/8xlKfMmJYRONSLuaMNvuJW-j2r4.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207960
IP address blocks:        45.129.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:67:45:a8:82:a3:6f:b7:51:ba:af:0b:aa:70:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3194a7cc98961138d48bb9a30dbee256fa3dabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4e:79:0f:32:95:fe:f0:df:d1:ae:ee:02:d5:
                    fd:8b:73:9a:a8:d3:fb:c8:ee:5b:b9:eb:a9:96:b9:
                    08:ae:c4:d9:e9:c9:2a:66:75:78:30:4d:8d:67:d2:
                    6f:72:56:d5:54:d1:c3:fd:2e:14:53:24:47:66:c9:
                    d9:2f:d7:8a:75:22:a7:15:98:fc:31:d9:e9:32:4a:
                    2c:e6:45:10:b1:f4:ca:00:7b:f7:55:a8:ab:32:87:
                    de:f9:9e:f2:96:4d:6e:56:46:84:17:02:36:2a:8d:
                    34:fc:ce:d4:ab:a3:e7:92:41:bd:aa:86:fd:c2:89:
                    a1:18:c2:96:4c:5f:a3:8f:d9:f1:b2:d5:ee:c0:6a:
                    69:e6:1c:6a:12:2c:d2:aa:d9:10:36:bf:a5:f2:1b:
                    cd:c6:2e:6f:e1:67:fd:ac:4e:17:89:90:13:9f:1e:
                    6d:9e:22:70:ed:61:f5:86:08:d6:d6:e7:b3:10:0c:
                    39:25:b3:a6:73:98:31:6a:18:30:9f:1f:3f:29:61:
                    17:96:5c:01:2d:f3:95:a0:e9:4b:0d:aa:a8:ef:d9:
                    79:26:ce:fd:be:ca:c8:22:5a:d1:b6:e3:48:7e:7f:
                    52:42:54:c0:f1:1e:29:b6:61:10:f9:d8:a4:af:e1:
                    21:59:4a:68:98:79:7f:3f:3d:a1:12:d5:27:ed:7e:
                    b9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:19:4A:7C:C9:89:61:13:8D:48:BB:9A:30:DB:EE:25:6F:A3:DA:BE
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/8xlKfMmJYRONSLuaMNvuJW-j2r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:52:eb:e1:41:64:8b:1e:3e:7f:7c:dc:61:fa:7f:33:4f:01:
         02:1b:d1:d5:0c:78:0c:d6:1d:8e:a3:c1:84:5e:51:14:7d:63:
         99:65:77:3e:6a:a0:da:65:12:4f:14:b8:46:d3:8f:c7:ca:b5:
         4a:3f:2d:5a:9d:ea:7e:31:11:84:a0:db:fa:67:22:79:ca:49:
         26:2c:b8:7d:0a:cb:44:54:57:d3:ce:03:5a:2c:ed:21:42:5d:
         be:4c:c5:9d:41:18:50:8e:82:2d:4d:c7:f0:8c:25:87:ce:b7:
         0d:f6:fb:3a:ab:88:37:bc:a7:6b:05:f6:87:7a:30:38:a1:2e:
         1c:53:61:d7:24:62:29:af:d5:6b:ff:e5:b6:65:56:0e:a2:31:
         84:07:ad:1b:55:77:93:4d:0f:47:5e:37:9f:df:b8:06:fd:7c:
         01:d0:0f:f7:0e:e4:ce:7b:0a:4b:92:32:0d:97:0e:2b:37:66:
         26:7f:05:1e:2e:25:2b:73:fe:66:e4:04:0b:d0:b9:36:f5:e6:
         56:56:34:7d:b6:e9:e5:5a:2e:44:a6:3a:15:8c:05:dd:d5:de:
         55:0e:ba:67:89:3a:15:35:82:c2:f8:24:7f:00:41:02:0c:1a:
         ad:a7:9f:fc:4d:87:46:bb:57:71:81:10:7c:38:22:88:6f:34:
         2a:1e:25:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2dFqIKjb7dRuq8LqnC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzE5NGE3Y2M5ODk2MTEzOGQ0OGJiOWEzMGRiZWUyNTZmYTNkYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj055DzKV/vDf0a7uAtX9i3OaqNP7
yO5bueuplrkIrsTZ6ckqZnV4ME2NZ9JvclbVVNHD/S4UUyRHZsnZL9eKdSKnFZj8
MdnpMkos5kUQsfTKAHv3VairMofe+Z7ylk1uVkaEFwI2Ko00/M7Uq6PnkkG9qob9
womhGMKWTF+jj9nxstXuwGpp5hxqEizSqtkQNr+l8hvNxi5v4Wf9rE4XiZATnx5t
niJw7WH1hgjW1uezEAw5JbOmc5gxahgwnx8/KWEXllwBLfOVoOlLDaqo79l5Js79
vsrIIlrRtuNIfn9SQlTA8R4ptmEQ+dikr+EhWUpomHl/Pz2hEtUn7X65YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMZSnzJiWETjUi7mjDb7iVvo9q+MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvOHhsS2ZNbUpZUk9OU0x1YU1OdnVKVy1qMnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFfMA0G
CSqGSIb3DQEBCwUAA4IBAQBtUuvhQWSLHj5/fNxh+n8zTwECG9HVDHgM1h2Oo8GE
XlEUfWOZZXc+aqDaZRJPFLhG04/HyrVKPy1anep+MRGEoNv6ZyJ5ykkmLLh9CstE
VFfTzgNaLO0hQl2+TMWdQRhQjoItTcfwjCWHzrcN9vs6q4g3vKdrBfaHejA4oS4c
U2HXJGIpr9Vr/+W2ZVYOojGEB60bVXeTTQ9HXjef37gG/XwB0A/3DuTOewpLkjIN
lw4rN2YmfwUeLiUrc/5m5AQL0Lk29eZWVjR9tunlWi5EpjoVjAXd1d5VDrpniToV
NYLC+CR/AEECDBqtp5/8TYdGu1dxgRB8OCKIbzQqHiUn
-----END CERTIFICATE-----