Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/wqeaFYGcht4Rdqiv6WanHaJ9V18.roa
File:                     wqeaFYGcht4Rdqiv6WanHaJ9V18.roa (raw, json)
Hash identifier:          Jonp1e7X2Xu4Xye1s+Rbb895uhQ3xGGxW8tqs3ffzwM=
Subject key identifier:   C2:A7:9A:15:81:9C:86:DE:11:76:A8:AF:E9:66:A7:1D:A2:7D:57:5F
Certificate issuer:       /CN=11e9171ff8313da641be13d490ad698dc16c366a
Certificate serial:       018D9D1E4227F59E6EB35F320AD875A4D9F1
Authority key identifier: 11:E9:17:1F:F8:31:3D:A6:41:BE:13:D4:90:AD:69:8D:C1:6C:36:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EekXH_gxPaZBvhPUkK1pjcFsNmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/wqeaFYGcht4Rdqiv6WanHaJ9V18.roa
Signing time:             Mon 12 Feb 2024 11:40:22 +0000
ROA not before:           Mon 12 Feb 2024 11:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        45.93.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/EekXH_gxPaZBvhPUkK1pjcFsNmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/EekXH_gxPaZBvhPUkK1pjcFsNmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EekXH_gxPaZBvhPUkK1pjcFsNmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:1e:42:27:f5:9e:6e:b3:5f:32:0a:d8:75:a4:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e9171ff8313da641be13d490ad698dc16c366a
        Validity
            Not Before: Feb 12 11:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2a79a15819c86de1176a8afe966a71da27d575f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:02:52:47:de:ca:5b:89:72:63:06:20:ec:bd:
                    f5:2a:76:2b:5a:5e:40:e6:02:c2:f6:ec:06:b8:15:
                    9f:58:63:ab:65:ff:0d:6c:d7:3c:e5:99:4a:0c:bf:
                    08:94:26:29:a5:23:c1:7c:6a:8e:64:58:28:e9:0d:
                    bd:bd:51:d9:2c:d7:de:cb:45:9f:60:e1:d1:43:35:
                    1b:8b:3d:aa:7f:99:bb:e7:bc:e4:59:e6:e3:61:66:
                    25:3a:97:00:dc:8d:6e:30:7b:67:9d:3c:4b:15:bb:
                    e4:5c:4d:24:3f:6d:55:18:bc:f2:f6:1d:2d:20:29:
                    28:6d:e3:4d:c4:a2:cc:c2:3b:e1:48:c4:2f:ed:3f:
                    2e:c5:c9:46:0e:89:23:b5:5e:c0:51:f3:35:c9:c7:
                    a9:17:a0:49:43:9c:dd:e3:07:7f:80:ed:0a:47:3b:
                    76:21:3e:a1:92:fa:0d:ae:60:ba:54:5e:bf:f9:c5:
                    15:62:78:04:c1:a5:a3:e3:16:34:e7:78:bf:fd:17:
                    f7:3b:22:5e:f8:d4:85:57:34:20:7d:09:53:b2:3f:
                    50:7f:ed:0d:dd:66:bf:64:6a:07:4e:d7:73:f1:4a:
                    2a:07:e9:60:44:1c:c0:56:17:8f:c8:70:41:da:04:
                    5b:04:fb:11:58:9f:d0:d4:c9:81:1f:2b:21:69:15:
                    ae:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A7:9A:15:81:9C:86:DE:11:76:A8:AF:E9:66:A7:1D:A2:7D:57:5F
            X509v3 Authority Key Identifier:
                keyid:11:E9:17:1F:F8:31:3D:A6:41:BE:13:D4:90:AD:69:8D:C1:6C:36:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EekXH_gxPaZBvhPUkK1pjcFsNmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/wqeaFYGcht4Rdqiv6WanHaJ9V18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/EekXH_gxPaZBvhPUkK1pjcFsNmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:1a:81:12:ab:d0:5c:92:58:8c:a0:55:a6:80:9f:8f:7c:25:
         d3:0c:60:88:96:9b:09:a2:31:08:86:09:70:a9:e6:78:42:a2:
         07:17:1f:60:7d:db:ad:f8:21:84:4a:a2:fc:59:5d:f1:99:09:
         9f:74:d6:47:d1:33:b7:4c:ce:fb:55:f1:17:d3:33:57:20:c7:
         19:e8:fc:27:e1:24:e5:26:8a:15:c1:37:b4:aa:e9:8e:1e:29:
         27:2f:f6:0d:4d:b2:c5:43:59:d0:ab:b0:7d:cb:7b:fa:59:18:
         d0:df:f0:2d:d4:03:f6:f4:b9:30:68:4d:15:67:31:f0:98:d9:
         65:80:19:f3:2e:da:c7:1b:44:cd:ad:82:ca:60:e0:1e:ef:43:
         75:33:df:f9:3e:05:53:f4:53:f3:84:f6:e8:75:85:fb:c1:e6:
         93:2a:2f:19:6e:67:80:47:b1:f0:79:11:b1:1b:9c:bb:41:73:
         43:02:80:7e:7a:bc:7c:eb:54:8a:86:92:b2:f9:4e:a5:de:ba:
         9e:a0:e5:bc:4e:e2:f5:04:5f:0f:84:bf:de:c1:df:6a:8d:37:
         c2:07:be:d1:82:30:95:50:6b:8c:ce:c5:ff:60:1e:9c:ff:96:
         66:4d:04:33:1b:f3:f7:e4:7a:f7:71:bd:04:3a:45:ce:7f:c2:
         97:1c:8b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2dHkIn9Z5us18yCth1pNnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTkxNzFmZjgzMTNkYTY0MWJlMTNkNDkwYWQ2OThkYzE2
YzM2NmEwHhcNMjQwMjEyMTE0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE3OWExNTgxOWM4NmRlMTE3NmE4YWZlOTY2YTcxZGEyN2Q1NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQJSR97KW4lyYwYg7L31KnYrWl5A
5gLC9uwGuBWfWGOrZf8NbNc85ZlKDL8IlCYppSPBfGqOZFgo6Q29vVHZLNfey0Wf
YOHRQzUbiz2qf5m757zkWebjYWYlOpcA3I1uMHtnnTxLFbvkXE0kP21VGLzy9h0t
ICkobeNNxKLMwjvhSMQv7T8uxclGDokjtV7AUfM1ycepF6BJQ5zd4wd/gO0KRzt2
IT6hkvoNrmC6VF6/+cUVYngEwaWj4xY053i//Rf3OyJe+NSFVzQgfQlTsj9Qf+0N
3Wa/ZGoHTtdz8UoqB+lgRBzAVhePyHBB2gRbBPsRWJ/Q1MmBHyshaRWuHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKnmhWBnIbeEXaor+lmpx2ifVdfMB8GA1UdIwQY
MBaAFBHpFx/4MT2mQb4T1JCtaY3BbDZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVrWEhfZ3hQYVpCdmhQVWtLMXBqY0ZzTm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9hNWIxMmUtZDkwZS00NGQ0LWI2M2Et
OTVkMTA1YTcwYzk0LzEvd3FlYUZZR2NodDRSZHFpdjZXYW5IYUo5VjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9hNWIxMmUtZDkwZS00NGQ0LWI2M2EtOTVkMTA1YTcwYzk0
LzEvRWVrWEhfZ3hQYVpCdmhQVWtLMXBqY0ZzTm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV0XMA0G
CSqGSIb3DQEBCwUAA4IBAQB2GoESq9BckliMoFWmgJ+PfCXTDGCIlpsJojEIhglw
qeZ4QqIHFx9gfdut+CGESqL8WV3xmQmfdNZH0TO3TM77VfEX0zNXIMcZ6Pwn4STl
JooVwTe0qumOHiknL/YNTbLFQ1nQq7B9y3v6WRjQ3/At1AP29LkwaE0VZzHwmNll
gBnzLtrHG0TNrYLKYOAe70N1M9/5PgVT9FPzhPbodYX7weaTKi8ZbmeAR7HweRGx
G5y7QXNDAoB+erx861SKhpKy+U6l3rqeoOW8TuL1BF8PhL/ewd9qjTfCB77RgjCV
UGuMzsX/YB6c/5ZmTQQzG/P35Hr3cb0EOkXOf8KXHItA
-----END CERTIFICATE-----