Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/yUrAg6xhvDRhKhGqOZWE3Urt7UQ.roa
File:                     yUrAg6xhvDRhKhGqOZWE3Urt7UQ.roa (raw, json)
Hash identifier:          IO4wEOvCL6S5RXGmZn06n1dU7te+7wDYEvDGRBxP44k=
Subject key identifier:   C9:4A:C0:83:AC:61:BC:34:61:2A:11:AA:39:95:84:DD:4A:ED:ED:44
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD1505E0D33B64287C388FAB2CBD0C
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/yUrAg6xhvDRhKhGqOZWE3Urt7UQ.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56729
IP address blocks:        45.91.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:15:05:e0:d3:3b:64:28:7c:38:8f:ab:2c:bd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c94ac083ac61bc34612a11aa399584dd4aeded44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:10:89:d1:da:31:21:e0:d4:73:6e:2a:ad:3f:
                    da:56:26:11:c0:fb:92:85:fb:15:10:b8:72:30:0d:
                    fe:d0:a5:9c:37:74:64:4f:02:45:e3:83:af:0e:03:
                    a3:74:a1:33:eb:b6:87:ab:bd:39:fe:8a:40:55:57:
                    de:be:64:7b:a1:08:6e:98:af:02:ae:d6:cb:2d:ab:
                    e4:e9:0f:06:1e:15:d1:9e:f6:0d:10:e1:7c:65:91:
                    55:05:fe:4d:61:0f:7a:03:39:c4:1f:50:52:81:5c:
                    e6:39:b3:6b:af:07:11:d1:cc:96:10:4d:22:c6:94:
                    dc:b9:8f:b5:38:46:7c:55:bc:33:ed:7e:0c:aa:44:
                    4e:83:9b:5d:a5:93:bd:6d:eb:c1:cb:9e:29:8b:48:
                    eb:49:cc:10:94:20:a3:81:b8:eb:f3:47:d6:11:cc:
                    f3:07:37:fc:71:93:1d:c0:7d:4a:ca:c5:d3:0d:55:
                    79:b3:53:3e:80:2e:16:52:26:74:e3:46:7d:aa:d9:
                    b7:66:d5:3d:50:17:99:86:e1:a2:54:56:57:88:c4:
                    88:b1:25:d6:03:30:15:e4:0d:d1:18:26:46:cd:25:
                    56:f4:86:f7:a5:df:bf:c9:c9:cb:11:e8:46:f3:04:
                    a7:41:79:6f:af:3d:15:37:9c:71:b5:d1:ad:bd:4b:
                    30:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4A:C0:83:AC:61:BC:34:61:2A:11:AA:39:95:84:DD:4A:ED:ED:44
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/yUrAg6xhvDRhKhGqOZWE3Urt7UQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:29:2c:ef:4a:74:74:62:8e:fb:f7:04:ef:ae:40:32:bd:c3:
         81:dd:5c:bc:7e:df:69:d1:51:b4:fc:3f:22:4a:96:de:58:a0:
         71:bd:64:f9:3d:56:41:23:15:a5:ac:00:64:78:66:7e:5f:b8:
         76:aa:60:5e:2d:80:2e:d0:7c:24:48:3a:2a:cb:9f:59:41:1b:
         ef:9c:45:21:ba:0d:cc:90:d9:11:ec:39:6d:42:42:df:e1:78:
         ea:85:18:78:00:6a:41:36:d8:2c:cf:66:85:d7:e5:0e:ee:ef:
         43:ac:d1:6e:d0:30:10:dc:6b:a1:3d:89:60:8a:65:54:e4:6c:
         df:f0:aa:63:1d:53:0f:71:1e:f2:90:42:22:cf:b5:70:eb:02:
         90:78:cd:99:c3:48:24:e4:04:fa:c9:27:64:70:a9:7d:eb:7d:
         c6:91:bf:1b:c9:e2:a4:d1:42:4b:f2:fa:f1:e6:a4:fd:a1:10:
         40:ba:5d:f6:66:8c:18:69:05:0d:cf:1a:8c:e7:31:09:4e:b1:
         47:b1:18:23:0f:b4:55:33:ea:e4:b9:4b:04:6f:c9:34:d7:c9:
         ba:38:c9:da:e0:2b:9c:40:e7:41:48:24:8d:96:7b:79:68:15:
         59:86:1d:59:1c:22:6f:a6:0f:b3:15:cd:75:5c:8d:ed:ca:3d:
         14:d0:4a:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RUF4NM7ZCh8OI+rLL0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRhYzA4M2FjNjFiYzM0NjEyYTExYWEzOTk1ODRkZDRhZWRlZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRCJ0doxIeDUc24qrT/aViYRwPuS
hfsVELhyMA3+0KWcN3RkTwJF44OvDgOjdKEz67aHq705/opAVVfevmR7oQhumK8C
rtbLLavk6Q8GHhXRnvYNEOF8ZZFVBf5NYQ96AznEH1BSgVzmObNrrwcR0cyWEE0i
xpTcuY+1OEZ8Vbwz7X4MqkROg5tdpZO9bevBy54pi0jrScwQlCCjgbjr80fWEczz
Bzf8cZMdwH1KysXTDVV5s1M+gC4WUiZ040Z9qtm3ZtU9UBeZhuGiVFZXiMSIsSXW
AzAV5A3RGCZGzSVW9Ib3pd+/ycnLEehG8wSnQXlvrz0VN5xxtdGtvUswdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlKwIOsYbw0YSoRqjmVhN1K7e1EMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEveVVyQWc2eGh2RFJoS2hHcU9aV0UzVXJ0N1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVsFMA0G
CSqGSIb3DQEBCwUAA4IBAQBSKSzvSnR0Yo779wTvrkAyvcOB3Vy8ft9p0VG0/D8i
SpbeWKBxvWT5PVZBIxWlrABkeGZ+X7h2qmBeLYAu0HwkSDoqy59ZQRvvnEUhug3M
kNkR7DltQkLf4XjqhRh4AGpBNtgsz2aF1+UO7u9DrNFu0DAQ3GuhPYlgimVU5Gzf
8KpjHVMPcR7ykEIiz7Vw6wKQeM2Zw0gk5AT6ySdkcKl9633Gkb8byeKk0UJL8vrx
5qT9oRBAul32ZowYaQUNzxqM5zEJTrFHsRgjD7RVM+rkuUsEb8k018m6OMna4Cuc
QOdBSCSNlnt5aBVZhh1ZHCJvpg+zFc11XI3tyj0U0EqK
-----END CERTIFICATE-----