Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/EHpvnjfQiDyfGdckEYfptrkMFI0.roa
File:                     EHpvnjfQiDyfGdckEYfptrkMFI0.roa (raw, json)
Hash identifier:          +XiX9fcGBfceIjYznREQjmRJNJd+uzvLdskDOj5FYP0=
Subject key identifier:   10:7A:6F:9E:37:D0:88:3C:9F:19:D7:24:11:87:E9:B6:B9:0C:14:8D
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD1477F6A38043E5D3F1A0B33B603E
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/EHpvnjfQiDyfGdckEYfptrkMFI0.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51102
IP address blocks:        45.86.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:14:77:f6:a3:80:43:e5:d3:f1:a0:b3:3b:60:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=107a6f9e37d0883c9f19d7241187e9b6b90c148d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e7:b7:dc:8d:62:31:b3:ea:5a:69:72:e2:6b:
                    80:2d:da:7d:6b:97:fa:8d:78:9b:d1:b5:0a:48:08:
                    8a:0f:54:3c:11:74:2a:fb:5f:93:a2:fb:b2:cc:93:
                    88:d6:8b:2e:5d:49:c2:17:89:8c:e8:4d:6a:1e:ac:
                    94:5e:3c:c9:bf:32:91:19:d6:8e:18:7f:0e:94:c2:
                    e4:1e:c2:5a:56:e6:c7:97:9b:ef:e8:65:5d:e1:63:
                    52:29:e7:c7:78:8e:88:c1:54:17:15:42:3a:c6:d2:
                    8d:9f:17:d1:11:b9:12:2a:1a:65:db:3b:32:7c:a9:
                    ad:99:8b:4f:77:c4:3c:5a:d8:6f:25:7c:ab:f6:34:
                    9a:22:fd:e4:99:c6:28:a8:f2:c5:0a:5d:f9:c6:8e:
                    84:f4:d8:bc:b6:39:80:a2:a9:a2:b8:75:68:77:bc:
                    de:84:65:c9:a6:32:bc:92:c3:0f:1b:96:5a:c2:62:
                    08:04:97:82:2b:d6:61:5d:1d:60:5d:8b:f0:15:b6:
                    f1:04:2f:18:fe:34:ef:7b:d4:50:5c:96:f5:69:2e:
                    ad:1f:c0:8a:f9:b7:a7:dc:77:14:35:c2:64:27:fc:
                    96:46:1d:04:2b:44:a7:61:b5:5c:7b:8f:bc:67:cb:
                    b2:cc:20:56:2d:30:3f:c6:07:40:c2:c6:31:8e:72:
                    c0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7A:6F:9E:37:D0:88:3C:9F:19:D7:24:11:87:E9:B6:B9:0C:14:8D
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/EHpvnjfQiDyfGdckEYfptrkMFI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:a8:1b:77:df:06:cf:97:62:3f:6a:59:85:54:35:de:ff:06:
         83:29:c7:bd:47:a6:b6:17:e9:84:b6:30:12:d3:cb:8b:94:a9:
         84:22:50:bb:2e:f2:dc:2c:42:9d:5f:fe:3f:ea:f8:aa:07:8c:
         53:60:d2:d1:32:0d:e8:8d:09:0a:57:44:49:fe:ae:97:7d:1b:
         91:c0:a7:87:d8:86:01:83:a1:de:bf:aa:69:5a:3a:e3:7c:be:
         b2:ad:31:63:05:55:09:c3:0f:64:fe:e8:9b:ff:42:2e:ce:30:
         2e:63:bc:1c:c3:cd:8f:08:50:b0:5a:1a:e6:ad:02:b2:29:e8:
         6a:eb:8d:8b:69:67:0c:3a:ea:39:28:b7:75:84:bf:13:93:d5:
         fd:56:8c:f4:76:89:52:65:a6:7b:58:bc:d0:a0:66:9c:e1:81:
         f4:2b:08:bb:50:66:a1:d4:4d:e7:92:b9:39:c5:cd:9e:df:35:
         a5:be:20:5b:fa:7f:29:cd:a3:9e:0c:63:04:e3:ae:45:f0:de:
         bb:93:f2:4f:11:32:b3:be:36:2d:b1:d3:01:49:05:01:ee:d1:
         fd:03:a5:03:44:0b:e1:88:41:e2:06:fa:40:c1:f8:3c:e4:8e:
         d4:df:43:a8:33:cc:61:67:be:97:56:26:0b:5b:b2:f7:5c:e3:
         91:6b:5d:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RR39qOAQ+XT8aCzO2A+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdhNmY5ZTM3ZDA4ODNjOWYxOWQ3MjQxMTg3ZTliNmI5MGMxNDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOe33I1iMbPqWmly4muALdp9a5f6
jXib0bUKSAiKD1Q8EXQq+1+TovuyzJOI1osuXUnCF4mM6E1qHqyUXjzJvzKRGdaO
GH8OlMLkHsJaVubHl5vv6GVd4WNSKefHeI6IwVQXFUI6xtKNnxfREbkSKhpl2zsy
fKmtmYtPd8Q8WthvJXyr9jSaIv3kmcYoqPLFCl35xo6E9Ni8tjmAoqmiuHVod7ze
hGXJpjK8ksMPG5ZawmIIBJeCK9ZhXR1gXYvwFbbxBC8Y/jTve9RQXJb1aS6tH8CK
+ben3HcUNcJkJ/yWRh0EK0SnYbVce4+8Z8uyzCBWLTA/xgdAwsYxjnLAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB6b5430Ig8nxnXJBGH6ba5DBSNMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvRUhwdm5qZlFpRHlmR2Rja0VZZnB0cmtNRkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVbyMA0G
CSqGSIb3DQEBCwUAA4IBAQCuqBt33wbPl2I/almFVDXe/waDKce9R6a2F+mEtjAS
08uLlKmEIlC7LvLcLEKdX/4/6viqB4xTYNLRMg3ojQkKV0RJ/q6XfRuRwKeH2IYB
g6Hev6ppWjrjfL6yrTFjBVUJww9k/uib/0IuzjAuY7wcw82PCFCwWhrmrQKyKehq
642LaWcMOuo5KLd1hL8Tk9X9Voz0dolSZaZ7WLzQoGac4YH0Kwi7UGah1E3nkrk5
xc2e3zWlviBb+n8pzaOeDGME465F8N67k/JPETKzvjYtsdMBSQUB7tH9A6UDRAvh
iEHiBvpAwfg85I7U30OoM8xhZ76XViYLW7L3XOORa133
-----END CERTIFICATE-----