Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/k5H8A-j9KvfDQSHb1MvsO9jCTh0.roa
File:                     k5H8A-j9KvfDQSHb1MvsO9jCTh0.roa (raw, json)
Hash identifier:          hdp59mC/7izi7fEvrFcjJ4ebZaH2NJZPzioOQs4ZVXs=
Subject key identifier:   93:91:FC:03:E8:FD:2A:F7:C3:41:21:DB:D4:CB:EC:3B:D8:C2:4E:1D
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018F62587B48BFBCA6E178BE78B75B73E0E1
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/k5H8A-j9KvfDQSHb1MvsO9jCTh0.roa
Signing time:             Fri 10 May 2024 11:51:56 +0000
ROA not before:           Fri 10 May 2024 11:51:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268624
IP address blocks:        45.85.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:58:7b:48:bf:bc:a6:e1:78:be:78:b7:5b:73:e0:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: May 10 11:51:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9391fc03e8fd2af7c34121dbd4cbec3bd8c24e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:23:7e:b3:4e:6e:dc:ca:29:68:42:e0:e9:9f:
                    dd:1e:f2:9e:9c:60:c8:4e:bc:73:9a:29:66:fd:41:
                    54:17:7b:32:95:aa:40:32:57:49:29:cd:fd:4b:5e:
                    f5:c2:62:b3:82:d4:7f:94:40:08:c3:93:45:90:90:
                    d4:6e:74:74:dd:74:65:e3:dd:2a:a5:0f:aa:a1:0c:
                    92:bf:a5:d5:78:e1:3d:61:22:f3:01:65:41:5d:ef:
                    19:f7:47:d3:2a:66:cb:b4:04:48:bb:29:95:4c:97:
                    98:44:c0:15:b3:04:53:03:ea:49:85:53:44:5b:ac:
                    89:ce:61:a5:40:f0:66:73:ba:7a:d1:4a:12:68:ca:
                    00:f3:23:d1:c3:d9:ae:da:10:87:41:48:80:60:e4:
                    cb:af:5f:39:34:15:04:d2:dc:25:aa:a9:2b:04:46:
                    05:ef:d0:b4:cc:73:9f:0f:50:87:0e:96:8a:3d:f6:
                    5c:8c:69:f9:1b:c5:26:77:e6:81:a3:c4:48:0b:52:
                    1b:5c:2f:96:33:b2:fd:95:ff:96:f7:f1:d6:33:ce:
                    62:17:84:15:bc:09:3a:3b:b5:26:65:cb:cf:f4:f3:
                    52:e3:60:2c:cc:73:60:13:ef:da:53:76:66:0f:a7:
                    10:5c:64:39:06:e5:23:0a:a7:d7:03:73:9e:73:11:
                    1e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:91:FC:03:E8:FD:2A:F7:C3:41:21:DB:D4:CB:EC:3B:D8:C2:4E:1D
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/k5H8A-j9KvfDQSHb1MvsO9jCTh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:63:56:dc:37:bb:f0:14:01:db:fc:46:e3:bf:d8:56:e4:14:
         b9:10:0d:eb:de:ac:67:76:57:f8:15:4f:d1:b4:6e:18:16:a9:
         72:dd:94:78:fd:92:88:39:38:35:2e:5f:ba:d5:6d:95:a3:99:
         74:68:fc:03:52:77:40:e6:ef:ea:13:5e:d3:7a:36:4d:35:47:
         ea:74:9e:98:e9:f1:e3:a0:f0:e5:53:cb:3e:ba:78:f5:39:91:
         60:10:a6:28:1c:d5:74:77:f1:db:80:c5:b5:71:91:8a:08:29:
         09:a3:7a:99:77:43:94:ec:bb:45:f6:d9:60:da:a0:86:39:81:
         1e:eb:90:d9:2f:48:70:a0:fb:59:6e:f1:16:64:2f:82:50:ea:
         1c:e5:33:5c:59:9f:68:3e:0b:78:71:6a:7e:d1:26:f7:0f:c4:
         1d:27:9a:ba:09:30:60:2e:60:b2:12:45:d9:97:2f:7d:4f:03:
         66:22:de:f3:d3:38:2f:4b:26:87:c9:92:64:12:1a:55:27:f0:
         50:4d:60:34:fe:77:7e:6a:dd:8a:03:17:a4:30:4d:73:c7:12:
         84:a4:10:b6:e6:0b:82:97:6e:7f:f5:87:66:cf:09:6f:c1:80:
         03:88:6f:9c:1d:7e:32:f8:32:a8:5b:81:49:4f:6a:2b:59:81:
         ae:80:d6:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9iWHtIv7ym4Xi+eLdbc+DhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwNTEwMTE1MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzkxZmMwM2U4ZmQyYWY3YzM0MTIxZGJkNGNiZWMzYmQ4YzI0ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCN+s05u3MopaELg6Z/dHvKenGDI
Trxzmilm/UFUF3sylapAMldJKc39S171wmKzgtR/lEAIw5NFkJDUbnR03XRl490q
pQ+qoQySv6XVeOE9YSLzAWVBXe8Z90fTKmbLtARIuymVTJeYRMAVswRTA+pJhVNE
W6yJzmGlQPBmc7p60UoSaMoA8yPRw9mu2hCHQUiAYOTLr185NBUE0twlqqkrBEYF
79C0zHOfD1CHDpaKPfZcjGn5G8Umd+aBo8RIC1IbXC+WM7L9lf+W9/HWM85iF4QV
vAk6O7UmZcvP9PNS42AszHNgE+/aU3ZmD6cQXGQ5BuUjCqfXA3OecxEexQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOR/APo/Sr3w0Eh29TL7DvYwk4dMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvazVIOEEtajlLdmZEUVNIYjFNdnNPOWpDVGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVZMA0G
CSqGSIb3DQEBCwUAA4IBAQBkY1bcN7vwFAHb/Ebjv9hW5BS5EA3r3qxndlf4FU/R
tG4YFqly3ZR4/ZKIOTg1Ll+61W2Vo5l0aPwDUndA5u/qE17TejZNNUfqdJ6Y6fHj
oPDlU8s+unj1OZFgEKYoHNV0d/HbgMW1cZGKCCkJo3qZd0OU7LtF9tlg2qCGOYEe
65DZL0hwoPtZbvEWZC+CUOoc5TNcWZ9oPgt4cWp+0Sb3D8QdJ5q6CTBgLmCyEkXZ
ly99TwNmIt7z0zgvSyaHyZJkEhpVJ/BQTWA0/nd+at2KAxekME1zxxKEpBC25guC
l25/9YdmzwlvwYADiG+cHX4y+DKoW4FJT2orWYGugNZ3
-----END CERTIFICATE-----