Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/iJJUWVjUjJVI8xnZ-pCGh-9SbWg.roa
File:                     iJJUWVjUjJVI8xnZ-pCGh-9SbWg.roa (raw, json)
Hash identifier:          eeD3rewWeXG5k7dCOFKmcgGIqQSNculb7pLcjfNVO7A=
Subject key identifier:   88:92:54:59:58:D4:8C:95:48:F3:19:D9:FA:90:86:87:EF:52:6D:68
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA1C04821072620703A646C55C79B
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/iJJUWVjUjJVI8xnZ-pCGh-9SbWg.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199599
IP address blocks:        45.8.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 04:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a1:c0:48:21:07:26:20:70:3a:64:6c:55:c7:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8892545958d48c9548f319d9fa908687ef526d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7c:e2:2b:89:31:1c:cf:cc:9d:a9:68:92:ee:
                    fb:c9:e0:c9:db:a7:6d:65:5c:24:b1:24:16:d0:11:
                    b0:1e:54:55:7d:7a:16:7a:b3:1f:3e:2c:11:11:2d:
                    06:76:ee:3e:73:44:16:83:b7:f1:71:c4:1d:6d:a2:
                    41:73:a1:35:ef:05:ba:8b:fb:c4:1d:9c:13:26:53:
                    f5:46:6f:3b:69:ff:28:87:db:dc:09:2b:d0:7c:f6:
                    46:0b:3c:af:0d:a3:b0:bd:93:21:50:81:09:cb:4d:
                    81:87:0d:9f:a7:d0:f5:eb:e5:59:e9:da:60:0f:09:
                    bb:fc:e9:c6:5d:43:7a:37:cf:69:87:a2:e5:17:c5:
                    65:69:9a:10:8e:33:83:d2:c8:ec:e2:8e:f8:ee:ed:
                    b7:02:0a:da:47:a8:e1:3a:c7:8b:1e:7c:00:8b:37:
                    dc:c8:a8:86:a8:fd:18:bd:0d:bb:17:a7:5d:3e:a2:
                    9f:51:fa:e0:f1:58:b4:3b:fa:45:dc:4c:3d:14:80:
                    2e:5d:d6:79:50:fe:9e:97:a1:22:22:dd:d4:c8:fe:
                    d7:0d:91:98:28:03:6d:da:64:e5:28:93:fb:98:84:
                    b5:f6:f1:19:79:90:9c:57:ce:ac:4b:e4:74:64:74:
                    cb:c9:28:79:a8:89:a2:5d:18:12:b4:f3:12:a7:8e:
                    8a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:92:54:59:58:D4:8C:95:48:F3:19:D9:FA:90:86:87:EF:52:6D:68
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/iJJUWVjUjJVI8xnZ-pCGh-9SbWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:cb:bd:49:37:3f:00:63:8d:82:6d:62:b6:42:3a:28:08:7a:
         ed:e5:d5:4d:4c:be:d5:ed:27:9b:5a:83:91:d1:9c:5a:ee:d0:
         ca:00:99:83:0d:b3:da:7a:e8:db:cb:88:ee:cd:05:27:18:f3:
         67:69:fd:37:fe:d1:9f:b7:38:58:9e:bc:6a:80:e8:70:76:db:
         e4:a2:4f:12:ae:fc:db:fd:b2:a3:29:e5:ab:65:00:ce:ab:35:
         b7:9f:87:50:6b:f2:3e:61:a0:45:b9:fd:59:8c:85:15:93:b7:
         aa:56:71:c7:15:0e:23:67:1b:59:0f:61:e2:33:c7:6f:87:12:
         61:80:b7:83:fb:fb:70:a9:a8:f6:3c:66:fb:6a:cb:af:84:cd:
         5e:2b:6a:02:5a:ff:fa:99:d8:57:3c:ce:2d:3c:f4:ff:f3:26:
         38:0b:32:f7:b9:02:96:ce:12:ce:49:22:41:bd:8d:68:7d:e6:
         e7:35:9b:eb:a6:7d:3d:d0:29:98:1d:7a:41:c4:19:e7:82:1e:
         d0:eb:4a:5a:85:00:38:07:cf:48:5c:b0:cb:e0:ad:f8:b9:a2:
         be:3e:26:47:c0:70:d3:8c:86:71:2e:0d:d4:03:27:37:92:db:
         89:54:f2:cd:f0:3a:8d:d6:b4:d6:07:27:06:79:27:26:aa:44:
         48:ab:9d:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36HASCEHJiBwOmRsVcebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODkyNTQ1OTU4ZDQ4Yzk1NDhmMzE5ZDlmYTkwODY4N2VmNTI2ZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXziK4kxHM/Mnaloku77yeDJ26dt
ZVwksSQW0BGwHlRVfXoWerMfPiwRES0Gdu4+c0QWg7fxccQdbaJBc6E17wW6i/vE
HZwTJlP1Rm87af8oh9vcCSvQfPZGCzyvDaOwvZMhUIEJy02Bhw2fp9D16+VZ6dpg
Dwm7/OnGXUN6N89ph6LlF8VlaZoQjjOD0sjs4o747u23AgraR6jhOseLHnwAizfc
yKiGqP0YvQ27F6ddPqKfUfrg8Vi0O/pF3Ew9FIAuXdZ5UP6el6EiIt3UyP7XDZGY
KANt2mTlKJP7mIS19vEZeZCcV86sS+R0ZHTLySh5qImiXRgStPMSp46KYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiSVFlY1IyVSPMZ2fqQhofvUm1oMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvaUpKVVdWalVqSlZJOHhuWi1wQ0doLTlTYldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjSMA0G
CSqGSIb3DQEBCwUAA4IBAQAZy71JNz8AY42CbWK2QjooCHrt5dVNTL7V7SebWoOR
0Zxa7tDKAJmDDbPaeujby4juzQUnGPNnaf03/tGftzhYnrxqgOhwdtvkok8Srvzb
/bKjKeWrZQDOqzW3n4dQa/I+YaBFuf1ZjIUVk7eqVnHHFQ4jZxtZD2HiM8dvhxJh
gLeD+/twqaj2PGb7asuvhM1eK2oCWv/6mdhXPM4tPPT/8yY4CzL3uQKWzhLOSSJB
vY1ofebnNZvrpn090CmYHXpBxBnngh7Q60pahQA4B89IXLDL4K34uaK+PiZHwHDT
jIZxLg3UAyc3ktuJVPLN8DqN1rTWBycGeScmqkRIq537
-----END CERTIFICATE-----