Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/H9J9BFuR0k2z_Fj8bM1l8e4dzoc.roa
File:                     H9J9BFuR0k2z_Fj8bM1l8e4dzoc.roa (raw, json)
Hash identifier:          spwhPdT1BvYOkTXf3NIO4YpPXFd3C7ugY1LRQhktiWI=
Subject key identifier:   1F:D2:7D:04:5B:91:D2:4D:B3:FC:58:FC:6C:CD:65:F1:EE:1D:CE:87
Certificate issuer:       /CN=f10101fbfa863fe45eae2bf6b97e0efe7ec83125
Certificate serial:       018D5A6587C31618FA71C437D0C43E00BCE0
Authority key identifier: F1:01:01:FB:FA:86:3F:E4:5E:AE:2B:F6:B9:7E:0E:FE:7E:C8:31:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8QEB-_qGP-Reriv2uX4O_n7IMSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/H9J9BFuR0k2z_Fj8bM1l8e4dzoc.roa
Signing time:             Tue 30 Jan 2024 12:43:39 +0000
ROA not before:           Tue 30 Jan 2024 12:43:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        45.67.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/8QEB-_qGP-Reriv2uX4O_n7IMSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/8QEB-_qGP-Reriv2uX4O_n7IMSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8QEB-_qGP-Reriv2uX4O_n7IMSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:65:87:c3:16:18:fa:71:c4:37:d0:c4:3e:00:bc:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f10101fbfa863fe45eae2bf6b97e0efe7ec83125
        Validity
            Not Before: Jan 30 12:43:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd27d045b91d24db3fc58fc6ccd65f1ee1dce87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ad:d5:04:a9:31:7f:1b:ce:f6:44:ce:cb:2b:
                    86:4c:ce:bd:01:0d:63:4c:53:78:74:f2:8d:58:77:
                    7b:a4:41:9d:59:c6:48:e6:66:cd:90:2a:17:6b:0e:
                    83:bb:6c:b6:7f:d9:25:47:51:bc:c7:68:4d:48:b6:
                    48:a4:81:3d:6d:ca:e7:36:c6:da:66:9e:05:c1:8b:
                    89:42:58:5b:f7:5a:e3:18:45:60:98:b0:a9:4a:a6:
                    00:7b:f5:c1:75:d1:59:42:51:3e:c1:dc:21:3f:41:
                    02:b3:b4:3f:39:40:56:d2:da:5c:8d:8c:16:e4:a1:
                    82:43:3d:67:f9:4c:b6:2f:17:ad:61:86:70:c0:b3:
                    36:e3:7e:af:e8:3f:bf:94:0c:e8:f2:81:79:03:18:
                    75:d9:c2:45:e2:7b:99:b2:88:fc:b1:f7:f6:08:a4:
                    08:e1:35:33:c8:b5:17:47:11:f7:31:6d:df:39:21:
                    a4:f6:2a:18:e0:60:3e:c2:8e:d5:14:ca:99:55:10:
                    65:5a:98:f8:84:38:88:06:b4:c7:30:10:73:48:15:
                    78:ed:7b:b3:f7:37:16:a2:c2:66:52:10:77:e6:aa:
                    57:6a:de:23:a0:67:c2:82:f0:55:a3:ee:18:03:10:
                    33:a3:0d:a9:e4:f1:09:45:12:19:c8:fa:04:fd:b8:
                    72:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D2:7D:04:5B:91:D2:4D:B3:FC:58:FC:6C:CD:65:F1:EE:1D:CE:87
            X509v3 Authority Key Identifier:
                keyid:F1:01:01:FB:FA:86:3F:E4:5E:AE:2B:F6:B9:7E:0E:FE:7E:C8:31:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8QEB-_qGP-Reriv2uX4O_n7IMSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/H9J9BFuR0k2z_Fj8bM1l8e4dzoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/8QEB-_qGP-Reriv2uX4O_n7IMSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:eb:08:e5:83:7b:88:07:43:37:b8:4b:c2:ed:6b:3b:39:01:
         68:53:06:b0:1b:73:91:68:0a:3d:52:19:dd:9f:ab:75:6f:c4:
         5c:ec:d5:18:80:f2:57:19:8b:62:88:89:d7:77:0e:12:0f:35:
         0e:76:1c:cf:9a:53:df:cb:c6:1d:49:57:f9:b7:d1:39:c3:48:
         bc:e1:d3:84:7c:5b:72:b8:80:37:c4:08:23:d8:c1:47:6f:4f:
         ce:44:aa:43:1f:b3:82:43:a4:98:d9:cb:34:24:f0:4f:3c:cc:
         d2:e5:97:1a:c8:8d:e5:e2:22:90:72:d4:89:6f:85:ed:3a:68:
         06:a3:6c:2f:b0:2e:b0:49:ef:e9:d9:fc:3b:16:ee:df:4d:49:
         21:06:6d:f3:68:ab:26:d8:35:2f:7b:33:9e:38:1e:0e:e9:1e:
         56:3e:90:49:ae:82:a6:5f:88:93:ea:b2:4a:f3:6e:22:ce:6c:
         5b:a7:c0:71:97:d3:e2:4c:8f:36:f2:0d:72:d2:38:ca:ec:16:
         2e:e2:0c:62:a7:df:20:09:03:0c:84:00:fe:aa:d0:5b:1a:77:
         60:b7:c8:70:bf:fb:68:50:3a:6d:31:a2:f4:c8:a5:72:ee:36:
         34:67:66:51:52:bb:e0:02:a6:5c:0c:dd:a7:26:bf:9e:61:bf:
         61:30:e9:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1aZYfDFhj6ccQ30MQ+ALzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMDEwMWZiZmE4NjNmZTQ1ZWFlMmJmNmI5N2UwZWZlN2Vj
ODMxMjUwHhcNMjQwMTMwMTI0MzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQyN2QwNDViOTFkMjRkYjNmYzU4ZmM2Y2NkNjVmMWVlMWRjZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua3VBKkxfxvO9kTOyyuGTM69AQ1j
TFN4dPKNWHd7pEGdWcZI5mbNkCoXaw6Du2y2f9klR1G8x2hNSLZIpIE9bcrnNsba
Zp4FwYuJQlhb91rjGEVgmLCpSqYAe/XBddFZQlE+wdwhP0ECs7Q/OUBW0tpcjYwW
5KGCQz1n+Uy2LxetYYZwwLM2436v6D+/lAzo8oF5Axh12cJF4nuZsoj8sff2CKQI
4TUzyLUXRxH3MW3fOSGk9ioY4GA+wo7VFMqZVRBlWpj4hDiIBrTHMBBzSBV47Xuz
9zcWosJmUhB35qpXat4joGfCgvBVo+4YAxAzow2p5PEJRRIZyPoE/bhyaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/SfQRbkdJNs/xY/GzNZfHuHc6HMB8GA1UdIwQY
MBaAFPEBAfv6hj/kXq4r9rl+Dv5+yDElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFFFQi1fcUdQLVJlcml2MnVYNE9fbjdJTVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9lMWY4MGMtZDkyMC00MmQ0LTg5MWYt
ZGUyNjQxZDQ0ZmEwLzEvSDlKOUJGdVIwazJ6X0ZqOGJNMWw4ZTRkem9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9lMWY4MGMtZDkyMC00MmQ0LTg5MWYtZGUyNjQxZDQ0ZmEw
LzEvOFFFQi1fcUdQLVJlcml2MnVYNE9fbjdJTVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUMUMA0G
CSqGSIb3DQEBCwUAA4IBAQA86wjlg3uIB0M3uEvC7Ws7OQFoUwawG3ORaAo9Uhnd
n6t1b8Rc7NUYgPJXGYtiiInXdw4SDzUOdhzPmlPfy8YdSVf5t9E5w0i84dOEfFty
uIA3xAgj2MFHb0/ORKpDH7OCQ6SY2cs0JPBPPMzS5ZcayI3l4iKQctSJb4XtOmgG
o2wvsC6wSe/p2fw7Fu7fTUkhBm3zaKsm2DUvezOeOB4O6R5WPpBJroKmX4iT6rJK
824izmxbp8Bxl9PiTI828g1y0jjK7BYu4gxip98gCQMMhAD+qtBbGndgt8hwv/to
UDptMaL0yKVy7jY0Z2ZRUrvgAqZcDN2nJr+eYb9hMOlj
-----END CERTIFICATE-----