Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/YK-VCeWS2ml_bnKNxhhyGpAUHfM.roa
File:                     YK-VCeWS2ml_bnKNxhhyGpAUHfM.roa (raw, json)
Hash identifier:          SuqNbIORTqINR6FN2cX0QZyxO5ya0SpoASDkCAPPyAc=
Subject key identifier:   60:AF:95:09:E5:92:DA:69:7F:6E:72:8D:C6:18:72:1A:90:14:1D:F3
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       018F297CE74776E843BBB45EC068EAFFAF28
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/YK-VCeWS2ml_bnKNxhhyGpAUHfM.roa
Signing time:             Mon 29 Apr 2024 10:53:22 +0000
ROA not before:           Mon 29 Apr 2024 10:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.157.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:7c:e7:47:76:e8:43:bb:b4:5e:c0:68:ea:ff:af:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Apr 29 10:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60af9509e592da697f6e728dc618721a90141df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d3:27:ab:69:2a:0a:84:11:0b:4a:6e:a2:70:
                    64:2c:77:79:69:af:2a:e0:52:2f:83:c4:d2:a2:43:
                    bf:6b:3b:cd:fb:ab:b8:be:f0:11:d6:4d:6c:41:6d:
                    9c:07:9b:a4:77:90:4f:c9:c0:1f:32:60:0d:99:13:
                    38:0c:b4:56:14:e8:26:d2:bf:7d:8d:07:d4:ae:d6:
                    18:0e:d4:b1:7b:45:a5:84:db:82:63:a6:1c:b2:1f:
                    78:ca:ca:fa:74:2c:4e:d6:eb:cf:4b:5a:6b:c9:e3:
                    74:49:b8:38:a2:dd:52:6b:ab:9b:68:b4:bc:2b:54:
                    7e:db:41:6e:e5:1d:45:f1:01:fd:f3:41:8f:24:4d:
                    ae:be:d5:b3:9b:18:c6:f2:f3:c4:59:ad:7f:13:11:
                    13:f6:31:ed:0e:53:56:ef:98:34:52:de:25:3d:99:
                    1e:43:18:d0:b9:56:ee:36:93:42:80:ee:06:37:e5:
                    86:6d:04:a3:d7:6a:fa:06:a2:df:2e:64:53:9b:fd:
                    d0:af:1c:ae:5e:c4:63:0d:a7:37:b2:0c:49:b1:05:
                    72:4d:70:7f:44:9e:87:08:a0:58:28:1c:c7:7a:b0:
                    9f:e1:61:73:de:ff:70:48:74:02:76:fc:d2:c2:ca:
                    6d:72:9b:ba:d8:7d:3a:8a:e3:0e:15:0a:87:72:96:
                    25:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:AF:95:09:E5:92:DA:69:7F:6E:72:8D:C6:18:72:1A:90:14:1D:F3
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/YK-VCeWS2ml_bnKNxhhyGpAUHfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:35:a5:9e:55:07:c6:9d:2e:d3:a4:0e:ea:0d:fe:b3:26:9f:
         61:bb:46:fa:89:8c:62:c8:82:56:23:b6:ae:dc:59:a4:b4:b9:
         e2:23:fb:eb:af:5e:db:52:b8:fc:b0:ee:5e:dd:31:20:0a:82:
         cb:79:9e:23:ec:76:95:84:38:ad:cb:92:b0:46:fc:dc:ad:cc:
         36:0f:31:14:5b:6c:4d:89:0f:b1:ec:b1:c8:66:93:62:17:5a:
         0e:44:47:26:5a:51:9e:12:9a:8d:b8:d1:7f:0c:fb:f3:80:94:
         78:f3:d7:ac:be:ec:a8:79:b1:bf:15:c8:24:77:46:86:e5:50:
         81:79:f2:24:f7:1d:7a:34:a5:55:76:25:6b:bd:56:8d:14:18:
         d4:31:6f:e2:15:d2:b3:7d:9c:2c:e2:26:b2:cb:a3:ad:85:12:
         44:c6:bb:4f:45:fd:72:2a:f5:2a:b1:3c:f7:c8:16:40:d3:5d:
         a5:ec:6d:33:f2:ac:50:b3:43:84:fa:51:4f:1a:5a:b6:dd:bc:
         6e:88:8c:b7:41:3b:b4:d2:39:53:10:f9:cd:3b:35:46:88:19:
         2f:72:f3:3d:d5:5d:9b:38:f5:43:d0:48:4f:99:26:c3:73:a7:
         f8:bf:ef:af:a9:f5:fd:ea:56:20:39:87:60:a9:32:05:28:e4:
         81:32:9f:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8pfOdHduhDu7RewGjq/68oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNDI5MTA1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFmOTUwOWU1OTJkYTY5N2Y2ZTcyOGRjNjE4NzIxYTkwMTQxZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdMnq2kqCoQRC0puonBkLHd5aa8q
4FIvg8TSokO/azvN+6u4vvAR1k1sQW2cB5ukd5BPycAfMmANmRM4DLRWFOgm0r99
jQfUrtYYDtSxe0WlhNuCY6Ycsh94ysr6dCxO1uvPS1pryeN0Sbg4ot1Sa6ubaLS8
K1R+20Fu5R1F8QH980GPJE2uvtWzmxjG8vPEWa1/ExET9jHtDlNW75g0Ut4lPZke
QxjQuVbuNpNCgO4GN+WGbQSj12r6BqLfLmRTm/3QrxyuXsRjDac3sgxJsQVyTXB/
RJ6HCKBYKBzHerCf4WFz3v9wSHQCdvzSwsptcpu62H06iuMOFQqHcpYlHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCvlQnlktppf25yjcYYchqQFB3zMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvWUstVkNlV1MybWxfYm5LTnhoaHlHcEFVSGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ2JMA0G
CSqGSIb3DQEBCwUAA4IBAQASNaWeVQfGnS7TpA7qDf6zJp9hu0b6iYxiyIJWI7au
3FmktLniI/vrr17bUrj8sO5e3TEgCoLLeZ4j7HaVhDity5KwRvzcrcw2DzEUW2xN
iQ+x7LHIZpNiF1oOREcmWlGeEpqNuNF/DPvzgJR489esvuyoebG/Fcgkd0aG5VCB
efIk9x16NKVVdiVrvVaNFBjUMW/iFdKzfZws4iayy6OthRJExrtPRf1yKvUqsTz3
yBZA012l7G0z8qxQs0OE+lFPGlq23bxuiIy3QTu00jlTEPnNOzVGiBkvcvM91V2b
OPVD0EhPmSbDc6f4v++vqfX96lYgOYdgqTIFKOSBMp8q
-----END CERTIFICATE-----