Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/IAGeSI8t1VyYjiQd-pa8hGLurNE.roa
File:                     IAGeSI8t1VyYjiQd-pa8hGLurNE.roa (raw, json)
Hash identifier:          XPoOxENnvl66DMkUTyaVSZDrqzYLzYQp+PJYmYsR0PQ=
Subject key identifier:   20:01:9E:48:8F:2D:D5:5C:98:8E:24:1D:FA:96:BC:84:62:EE:AC:D1
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B692C42786804F52FCD5B1DFD9696
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/IAGeSI8t1VyYjiQd-pa8hGLurNE.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212123
IP address blocks:        45.129.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:2c:42:78:68:04:f5:2f:cd:5b:1d:fd:96:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20019e488f2dd55c988e241dfa96bc8462eeacd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9b:f4:08:08:fd:d1:73:c1:2c:1a:cb:54:9f:
                    64:c3:d2:31:da:bd:72:69:12:83:e1:a8:44:f5:e8:
                    76:01:9f:ce:2c:2b:e5:77:75:64:a1:fe:9c:0d:b1:
                    42:af:ce:08:cc:94:bc:05:d6:d7:75:c4:b6:c0:84:
                    d1:26:d8:87:74:ac:fd:ce:cf:da:b9:d9:83:9e:1f:
                    00:83:e0:0a:62:87:b2:55:b8:d9:5e:dd:51:37:1e:
                    43:0c:c7:eb:4b:61:bf:17:94:9f:7b:9e:f9:eb:46:
                    b9:10:a3:03:12:06:cd:82:14:bb:34:2b:b7:31:a2:
                    2d:9d:42:66:cf:59:fc:94:37:6a:df:14:64:d0:fe:
                    42:cc:ff:81:11:90:62:d3:5c:1e:d7:fd:ed:8d:a4:
                    c0:c5:1c:50:19:00:f9:da:f4:4f:85:ac:2d:71:33:
                    7d:3f:18:b6:cc:7e:b6:0a:2c:e3:a0:09:b9:e5:76:
                    58:fe:25:03:66:09:05:7d:55:e9:0a:26:b4:5a:28:
                    df:7d:a8:cb:44:9e:b5:bd:ad:cf:5b:e1:69:a4:97:
                    ee:e8:70:cc:43:8a:52:ae:02:79:2f:fb:91:b0:24:
                    b7:0f:cf:0b:b4:f0:b3:4e:d2:83:26:5a:07:c4:c3:
                    be:93:5c:e8:5a:62:44:3c:74:6a:2d:a6:fc:01:a9:
                    58:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:01:9E:48:8F:2D:D5:5C:98:8E:24:1D:FA:96:BC:84:62:EE:AC:D1
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/IAGeSI8t1VyYjiQd-pa8hGLurNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:78:96:7c:d3:93:52:6d:73:c9:f9:18:27:08:35:e6:1e:0c:
         5c:cb:36:3c:81:c7:21:0c:51:b0:01:25:77:93:c5:95:ba:1e:
         59:00:2e:74:73:7b:c9:38:c9:1a:0e:6b:41:ae:47:ed:76:89:
         b9:5e:ac:38:d8:4f:33:de:53:c3:00:86:bc:c2:62:59:17:2d:
         43:33:1a:20:db:8c:c1:64:98:f1:bb:32:52:28:b2:9a:e3:3e:
         35:9a:c5:d1:c9:02:36:cb:e4:73:47:f6:16:6f:f7:7f:f4:5f:
         77:87:5a:65:06:f1:02:dc:5a:bd:28:08:da:5d:d7:75:4a:1d:
         97:4d:c3:a4:97:70:b6:d0:f5:e9:b8:d9:aa:ea:51:50:1b:9a:
         7a:e5:2a:82:65:29:5d:e9:b4:23:5b:be:f6:b4:30:c1:af:d9:
         ff:0c:2f:49:e8:c6:5a:d5:93:14:57:f4:5d:28:b0:03:26:a0:
         a8:d2:08:cd:29:55:6b:85:b4:b5:ed:20:ef:65:bb:b4:ab:82:
         8b:c0:94:d5:d9:96:82:4d:00:78:ce:35:ca:36:dc:ba:6f:ec:
         ff:89:cb:00:fb:79:f3:ad:fd:2e:f2:fe:41:2c:1d:9f:25:66:
         d0:7a:c0:75:b6:88:e1:4c:9d:72:81:61:78:bd:6e:48:0e:81:
         41:fc:cc:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2ksQnhoBPUvzVsd/ZaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDAxOWU0ODhmMmRkNTVjOTg4ZTI0MWRmYTk2YmM4NDYyZWVhY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJv0CAj90XPBLBrLVJ9kw9Ix2r1y
aRKD4ahE9eh2AZ/OLCvld3Vkof6cDbFCr84IzJS8BdbXdcS2wITRJtiHdKz9zs/a
udmDnh8Ag+AKYoeyVbjZXt1RNx5DDMfrS2G/F5Sfe57560a5EKMDEgbNghS7NCu3
MaItnUJmz1n8lDdq3xRk0P5CzP+BEZBi01we1/3tjaTAxRxQGQD52vRPhawtcTN9
Pxi2zH62CizjoAm55XZY/iUDZgkFfVXpCia0WijffajLRJ61va3PW+FppJfu6HDM
Q4pSrgJ5L/uRsCS3D88LtPCzTtKDJloHxMO+k1zoWmJEPHRqLab8AalYmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCABnkiPLdVcmI4kHfqWvIRi7qzRMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvSUFHZVNJOHQxVnlZamlRZC1wYThoR0x1ck5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFeMA0G
CSqGSIb3DQEBCwUAA4IBAQAheJZ805NSbXPJ+RgnCDXmHgxcyzY8gcchDFGwASV3
k8WVuh5ZAC50c3vJOMkaDmtBrkftdom5Xqw42E8z3lPDAIa8wmJZFy1DMxog24zB
ZJjxuzJSKLKa4z41msXRyQI2y+RzR/YWb/d/9F93h1plBvEC3Fq9KAjaXdd1Sh2X
TcOkl3C20PXpuNmq6lFQG5p65SqCZSld6bQjW772tDDBr9n/DC9J6MZa1ZMUV/Rd
KLADJqCo0gjNKVVrhbS17SDvZbu0q4KLwJTV2ZaCTQB4zjXKNty6b+z/icsA+3nz
rf0u8v5BLB2fJWbQesB1tojhTJ1ygWF4vW5IDoFB/Mwm
-----END CERTIFICATE-----