Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kCIYCf19_z2WX4yLidz_vLJ_lYw.roa
File:                     kCIYCf19_z2WX4yLidz_vLJ_lYw.roa (raw, json)
Hash identifier:          lB9DviHBI8ra7ZEE3dxlRsufxiqVyHJkCn5oKBt/4Z8=
Subject key identifier:   90:22:18:09:FD:7D:FF:3D:96:5F:8C:8B:89:DC:FF:BC:B2:7F:95:8C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019232F54952CF5C3801E0D391D1D852C42F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kCIYCf19_z2WX4yLidz_vLJ_lYw.roa
Signing time:             Fri 27 Sep 2024 10:09:48 +0000
ROA not before:           Fri 27 Sep 2024 10:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        45.9.117.0/24 maxlen: 24
                          45.131.215.0/24 maxlen: 24
                          185.155.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:32:f5:49:52:cf:5c:38:01:e0:d3:91:d1:d8:52:c4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep 27 10:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90221809fd7dff3d965f8c8b89dcffbcb27f958c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:46:e4:00:f0:30:af:7e:1c:d9:30:48:d9:02:
                    ee:29:9a:8f:ad:6a:a0:29:24:00:18:4b:d3:c5:3d:
                    91:1d:a2:af:5a:1c:3e:f9:fb:be:4f:f6:34:0b:90:
                    28:f2:bd:af:da:6d:16:a8:7d:e5:20:89:74:ed:dd:
                    8e:32:60:ee:1d:f9:24:ff:a5:25:1b:31:89:6e:76:
                    70:c7:0e:1a:7b:2c:4e:98:78:b5:e5:a8:13:bc:18:
                    1f:72:7b:dd:4b:6d:52:30:a0:17:7a:78:15:03:91:
                    28:08:09:15:a7:7b:47:9a:f7:df:62:25:51:08:b4:
                    78:a7:8a:5a:56:13:3c:eb:89:28:97:60:98:30:a0:
                    34:70:3e:3c:71:b3:33:49:38:0b:3a:e4:74:0f:4a:
                    0b:ef:c5:45:7e:80:72:6b:39:29:93:1b:c1:fb:f4:
                    9f:65:7f:93:4a:30:86:ff:94:33:31:e2:39:74:59:
                    fa:02:d3:f2:86:38:66:40:e1:28:83:b7:8f:ff:cb:
                    b8:f8:9d:72:df:b1:11:ff:0a:6f:34:b8:8c:59:73:
                    f9:a5:5f:e8:6d:0a:0d:7e:d9:d7:6f:62:ac:71:40:
                    85:23:02:ef:86:0a:dc:b5:04:96:0d:d2:2e:44:b4:
                    08:74:a5:fd:ba:2f:fe:e2:ea:7b:c8:0e:7b:0a:a0:
                    59:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:22:18:09:FD:7D:FF:3D:96:5F:8C:8B:89:DC:FF:BC:B2:7F:95:8C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kCIYCf19_z2WX4yLidz_vLJ_lYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.117.0/24
                  45.131.215.0/24
                  185.155.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:6e:95:41:4f:0b:7e:fe:2a:08:ff:c5:6a:70:d0:8b:25:8b:
         09:97:13:16:c1:89:ba:02:03:38:45:f4:ed:96:47:64:74:b4:
         7e:3c:b8:ed:b7:8e:22:14:36:96:38:e7:c8:a5:a0:e3:68:2d:
         0f:fa:fe:19:bf:e9:cf:88:5e:35:25:db:42:e9:f0:72:60:ba:
         7f:02:fb:ae:d8:73:71:9f:98:cd:4e:5e:01:96:e0:8b:47:70:
         78:b1:b8:3e:0c:9b:43:91:0f:1d:d7:f7:64:07:1b:fb:ce:cd:
         77:80:ab:16:cb:da:58:eb:59:7b:61:57:db:b6:16:2f:90:bd:
         95:5d:3b:78:8d:c4:ac:8a:fb:e6:fc:a2:43:7b:65:05:64:40:
         bf:c9:5a:69:6b:6d:ff:15:e5:4b:dc:27:0b:03:c1:c3:f1:7e:
         72:b8:c4:2b:69:0e:24:65:63:9d:eb:9d:d5:bf:80:9d:ed:20:
         0f:4b:80:cb:47:19:a2:5f:99:cb:c2:61:20:04:84:d0:e7:3b:
         97:91:cf:a4:3b:f2:42:4b:c6:09:e9:9d:4f:63:57:ef:4a:c4:
         d6:aa:95:e7:88:ca:06:9e:18:1c:72:91:fb:3a:dc:ff:83:98:
         f5:15:15:94:00:b6:89:b4:2e:a8:a1:ee:ab:da:20:5f:a9:aa:
         ce:aa:a5:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZIy9UlSz1w4AeDTkdHYUsQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwOTI3MTAwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDIyMTgwOWZkN2RmZjNkOTY1ZjhjOGI4OWRjZmZiY2IyN2Y5NThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEbkAPAwr34c2TBI2QLuKZqPrWqg
KSQAGEvTxT2RHaKvWhw++fu+T/Y0C5Ao8r2v2m0WqH3lIIl07d2OMmDuHfkk/6Ul
GzGJbnZwxw4aeyxOmHi15agTvBgfcnvdS21SMKAXengVA5EoCAkVp3tHmvffYiVR
CLR4p4paVhM864kol2CYMKA0cD48cbMzSTgLOuR0D0oL78VFfoByazkpkxvB+/Sf
ZX+TSjCG/5QzMeI5dFn6AtPyhjhmQOEog7eP/8u4+J1y37ER/wpvNLiMWXP5pV/o
bQoNftnXb2KscUCFIwLvhgrctQSWDdIuRLQIdKX9ui/+4up7yA57CqBZAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJAiGAn9ff89ll+Mi4nc/7yyf5WMMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEva0NJWUNmMTlfejJXWDR5TGlkel92TEpfbFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQl1AwQA
LYPXAwQAuZvIMA0GCSqGSIb3DQEBCwUAA4IBAQBEbpVBTwt+/ioI/8VqcNCLJYsJ
lxMWwYm6AgM4RfTtlkdkdLR+PLjtt44iFDaWOOfIpaDjaC0P+v4Zv+nPiF41JdtC
6fByYLp/Avuu2HNxn5jNTl4BluCLR3B4sbg+DJtDkQ8d1/dkBxv7zs13gKsWy9pY
61l7YVfbthYvkL2VXTt4jcSsivvm/KJDe2UFZEC/yVppa23/FeVL3CcLA8HD8X5y
uMQraQ4kZWOd653Vv4Cd7SAPS4DLRxmiX5nLwmEgBITQ5zuXkc+kO/JCS8YJ6Z1P
Y1fvSsTWqpXniMoGnhgccpH7Otz/g5j1FRWUALaJtC6ooe6r2iBfqarOqqX/
-----END CERTIFICATE-----