Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/rRgT9tTxhR-bZVBbPUmVqxPs9gc.roa
File:                     rRgT9tTxhR-bZVBbPUmVqxPs9gc.roa (raw, json)
Hash identifier:          5E0NWQW5/HzTmYkUc/Tu+3buu+lE+RqG6cikbPHbuzw=
Subject key identifier:   AD:18:13:F6:D4:F1:85:1F:9B:65:50:5B:3D:49:95:AB:13:EC:F6:07
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018DE9B4ABAB1AB012F69662A51848E1C9CE
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/rRgT9tTxhR-bZVBbPUmVqxPs9gc.roa
Signing time:             Tue 27 Feb 2024 08:35:48 +0000
ROA not before:           Tue 27 Feb 2024 08:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        45.139.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e9:b4:ab:ab:1a:b0:12:f6:96:62:a5:18:48:e1:c9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Feb 27 08:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad1813f6d4f1851f9b65505b3d4995ab13ecf607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4f:78:e2:5a:0a:68:a9:e4:9f:e0:0b:b7:df:
                    8c:bd:fc:93:40:d9:5b:cc:35:05:06:c2:a6:90:b7:
                    86:d4:8c:fb:0f:9f:39:0e:8f:ac:e3:1c:29:e5:9d:
                    f8:a6:1e:9b:c2:20:85:61:b6:7a:13:12:ce:3a:a5:
                    47:dd:17:12:74:aa:3f:1c:94:de:9e:72:64:9a:21:
                    dc:67:b6:8d:f3:e9:fe:57:af:20:75:c4:b4:35:e4:
                    42:4d:fb:db:45:82:55:17:69:da:31:f2:5e:21:27:
                    a7:e6:1d:fc:82:52:8b:58:05:54:99:fa:9a:db:96:
                    b4:63:10:9b:aa:15:cb:40:ce:4a:c1:4d:72:79:e4:
                    41:16:90:fd:0c:30:75:67:b0:de:4a:69:06:0c:ad:
                    dc:78:a5:cb:56:70:51:27:65:22:85:83:07:1b:b2:
                    cb:1a:e8:29:62:d8:59:0a:0e:9b:45:30:77:37:67:
                    1d:3b:0d:37:fd:43:d1:6e:ad:ce:e0:5c:8b:2f:8e:
                    49:fe:1f:21:2d:7c:a3:39:80:22:6a:12:ea:6a:1c:
                    04:48:73:dc:ae:7b:ed:5e:05:c4:fd:d4:96:c4:a6:
                    44:bc:18:a7:e8:89:aa:c5:2f:4f:90:89:44:4b:d4:
                    b6:22:e9:74:65:58:b3:b1:64:6d:cd:5a:eb:21:08:
                    08:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:18:13:F6:D4:F1:85:1F:9B:65:50:5B:3D:49:95:AB:13:EC:F6:07
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/rRgT9tTxhR-bZVBbPUmVqxPs9gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:70:06:01:6e:db:93:a0:4d:3b:70:b1:36:81:70:f4:a1:90:
         54:d7:d6:c1:ee:7e:be:49:9d:39:cd:44:aa:1e:9b:fd:63:22:
         4b:76:13:87:ba:ec:0c:b5:20:22:f7:bf:ac:07:25:eb:4c:aa:
         6c:0b:01:59:e2:80:7d:6e:68:80:1c:51:2a:f6:b4:9b:34:ef:
         54:1e:27:c7:82:f6:67:4f:f6:7d:d2:f0:b5:93:ca:3f:3f:1c:
         b7:60:31:06:03:16:7a:9a:5e:c7:17:fb:18:e3:37:62:50:78:
         d5:13:f2:68:f9:61:b9:13:83:90:f7:55:01:dc:25:30:9b:4d:
         71:fc:73:fa:a1:05:3d:aa:eb:63:c9:44:8c:17:d6:6f:b9:63:
         35:ac:b1:5a:7b:c9:df:9d:76:c4:8a:da:e5:99:ab:7f:69:e0:
         2e:30:31:25:18:93:ab:9b:1b:45:2f:f4:5c:98:9d:5a:9c:bf:
         09:be:68:03:17:30:6a:8a:d4:13:56:f9:16:5e:92:35:27:53:
         3e:83:37:30:2d:63:8c:5d:b3:54:37:f1:12:09:43:c1:fc:26:
         a7:a3:53:32:17:47:23:7a:93:06:5a:ca:c2:c3:74:07:cd:53:
         30:f0:ae:39:6a:64:e1:4e:d4:b9:09:08:0c:23:5e:a2:09:9c:
         e0:fd:9f:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3ptKurGrAS9pZipRhI4cnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMjI3MDgzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE4MTNmNmQ0ZjE4NTFmOWI2NTUwNWIzZDQ5OTVhYjEzZWNmNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU944loKaKnkn+ALt9+MvfyTQNlb
zDUFBsKmkLeG1Iz7D585Do+s4xwp5Z34ph6bwiCFYbZ6ExLOOqVH3RcSdKo/HJTe
nnJkmiHcZ7aN8+n+V68gdcS0NeRCTfvbRYJVF2naMfJeISen5h38glKLWAVUmfqa
25a0YxCbqhXLQM5KwU1yeeRBFpD9DDB1Z7DeSmkGDK3ceKXLVnBRJ2UihYMHG7LL
GugpYthZCg6bRTB3N2cdOw03/UPRbq3O4FyLL45J/h8hLXyjOYAiahLqahwESHPc
rnvtXgXE/dSWxKZEvBin6ImqxS9PkIlES9S2Iul0ZVizsWRtzVrrIQgIUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0YE/bU8YUfm2VQWz1JlasT7PYHMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvclJnVDl0VHhoUi1iWlZCYlBVbVZxeFBzOWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYtGMA0G
CSqGSIb3DQEBCwUAA4IBAQDCcAYBbtuToE07cLE2gXD0oZBU19bB7n6+SZ05zUSq
Hpv9YyJLdhOHuuwMtSAi97+sByXrTKpsCwFZ4oB9bmiAHFEq9rSbNO9UHifHgvZn
T/Z90vC1k8o/Pxy3YDEGAxZ6ml7HF/sY4zdiUHjVE/Jo+WG5E4OQ91UB3CUwm01x
/HP6oQU9qutjyUSMF9ZvuWM1rLFae8nfnXbEitrlmat/aeAuMDElGJOrmxtFL/Rc
mJ1anL8JvmgDFzBqitQTVvkWXpI1J1M+gzcwLWOMXbNUN/ESCUPB/Cano1MyF0cj
epMGWsrCw3QHzVMw8K45amThTtS5CQgMI16iCZzg/Z9r
-----END CERTIFICATE-----