Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/yttueKFa7PozFAK2TOsfxdwOlh8.roa
File:                     yttueKFa7PozFAK2TOsfxdwOlh8.roa (raw, json)
Hash identifier:          LAjeALKY5kE/+/hJOJARNkLL5Vqdp4ezB9xD1KYPZyE=
Subject key identifier:   CA:DB:6E:78:A1:5A:EC:FA:33:14:02:B6:4C:EB:1F:C5:DC:0E:96:1F
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018DCA41B4E7906A24F40BC03BC88133BD02
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/yttueKFa7PozFAK2TOsfxdwOlh8.roa
Signing time:             Wed 21 Feb 2024 06:02:00 +0000
ROA not before:           Wed 21 Feb 2024 06:02:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215449
IP address blocks:        45.85.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ca:41:b4:e7:90:6a:24:f4:0b:c0:3b:c8:81:33:bd:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Feb 21 06:02:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cadb6e78a15aecfa331402b64ceb1fc5dc0e961f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:96:6e:ac:d1:30:b5:16:7e:e3:cb:07:32:a9:
                    31:8b:1d:0e:2a:41:33:f0:4d:82:f7:9e:cd:c9:89:
                    df:b3:02:6e:bf:e2:7e:b5:f6:d8:9c:c7:f1:58:32:
                    80:90:56:41:dd:0b:bd:d0:5e:bb:7a:a9:58:4c:a0:
                    fb:2c:a4:c5:10:b8:b5:ec:4b:53:4a:4d:11:af:5a:
                    c8:71:99:a3:9f:2e:aa:a2:ad:56:9f:39:b6:70:10:
                    d3:43:84:ca:21:aa:43:2c:c5:d7:b1:7a:d9:de:05:
                    76:c4:a0:7e:ca:ed:d6:5d:e4:45:2c:33:7b:b0:1a:
                    14:eb:58:5d:b4:bd:eb:f7:7f:dd:7b:18:33:b6:5e:
                    8b:38:4c:83:9b:ad:cb:b8:05:18:27:7f:da:e4:4e:
                    2e:46:91:35:b4:8d:26:59:ea:a4:56:6f:35:69:4b:
                    e6:bc:4f:3a:d2:60:51:ce:b3:0b:d3:5e:87:1e:2f:
                    11:29:a5:bb:dc:10:8c:c5:29:4d:b9:e9:26:60:4e:
                    b5:63:48:2b:12:81:5c:c8:bc:a3:fc:7d:d8:d1:11:
                    f8:88:8d:6d:39:4f:0c:d7:4a:fb:af:15:97:29:2a:
                    02:11:27:1a:90:2b:05:41:c9:16:32:15:19:e5:e4:
                    6c:e7:ba:50:2b:d2:96:bc:b9:fe:8f:43:b9:f4:76:
                    3a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:DB:6E:78:A1:5A:EC:FA:33:14:02:B6:4C:EB:1F:C5:DC:0E:96:1F
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/yttueKFa7PozFAK2TOsfxdwOlh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f0:d1:4a:b2:c7:f1:db:a3:ab:3f:df:20:ed:c4:d9:f1:45:
         c9:77:e1:e1:24:8b:3a:86:1d:8d:2c:d2:24:53:45:eb:90:66:
         54:61:5d:1e:3e:1b:bf:94:40:a9:f1:52:78:b8:0a:35:99:85:
         fa:9a:0b:86:cc:21:e2:87:05:c6:9d:05:96:5d:af:cc:37:34:
         ec:38:33:4e:e8:43:c3:0e:01:d5:c9:66:4b:76:1c:5a:0d:54:
         ae:01:7a:3e:18:25:22:89:e4:0c:c4:30:d6:61:b8:bf:e5:90:
         1d:a3:25:85:eb:ab:30:c4:40:a7:27:60:3d:0e:cd:31:49:69:
         66:7e:b4:15:e0:5b:22:65:7f:da:a0:66:0b:3c:bf:71:c9:e9:
         08:08:6f:a3:d3:08:48:06:1d:b2:46:ab:4f:1f:d1:fe:8f:7e:
         ac:2d:e8:27:9c:51:63:f9:b1:6b:a0:aa:12:63:99:f4:7b:b2:
         f4:3a:a9:ac:3c:b5:86:d5:ae:74:55:f9:fe:53:fb:97:0f:17:
         37:96:a5:75:4e:cc:d5:34:d9:a7:ff:51:4a:74:93:da:a5:5f:
         0b:a7:e5:d2:49:59:8b:0d:90:1d:6d:2a:b3:2b:78:13:83:d8:
         5c:b9:43:4c:2f:76:fd:9c:4d:16:ab:a1:2d:27:71:c0:54:eb:
         0d:6f:54:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3KQbTnkGok9AvAO8iBM70CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMjIxMDYwMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWRiNmU3OGExNWFlY2ZhMzMxNDAyYjY0Y2ViMWZjNWRjMGU5NjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZZurNEwtRZ+48sHMqkxix0OKkEz
8E2C957NyYnfswJuv+J+tfbYnMfxWDKAkFZB3Qu90F67eqlYTKD7LKTFELi17EtT
Sk0Rr1rIcZmjny6qoq1Wnzm2cBDTQ4TKIapDLMXXsXrZ3gV2xKB+yu3WXeRFLDN7
sBoU61hdtL3r93/dexgztl6LOEyDm63LuAUYJ3/a5E4uRpE1tI0mWeqkVm81aUvm
vE860mBRzrML016HHi8RKaW73BCMxSlNuekmYE61Y0grEoFcyLyj/H3Y0RH4iI1t
OU8M10r7rxWXKSoCEScakCsFQckWMhUZ5eRs57pQK9KWvLn+j0O59HY6UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrbbnihWuz6MxQCtkzrH8XcDpYfMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEveXR0dWVLRmE3UG96RkFLMlRPc2Z4ZHdPbGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVV0MA0G
CSqGSIb3DQEBCwUAA4IBAQA08NFKssfx26OrP98g7cTZ8UXJd+HhJIs6hh2NLNIk
U0XrkGZUYV0ePhu/lECp8VJ4uAo1mYX6mguGzCHihwXGnQWWXa/MNzTsODNO6EPD
DgHVyWZLdhxaDVSuAXo+GCUiieQMxDDWYbi/5ZAdoyWF66swxECnJ2A9Ds0xSWlm
frQV4FsiZX/aoGYLPL9xyekICG+j0whIBh2yRqtPH9H+j36sLegnnFFj+bFroKoS
Y5n0e7L0OqmsPLWG1a50Vfn+U/uXDxc3lqV1TszVNNmn/1FKdJPapV8Lp+XSSVmL
DZAdbSqzK3gTg9hcuUNML3b9nE0Wq6EtJ3HAVOsNb1R8
-----END CERTIFICATE-----