Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/XXYgMgMWrVvlE0eUqxa9gS7ZlcI.roa
File:                     XXYgMgMWrVvlE0eUqxa9gS7ZlcI.roa (raw, json)
Hash identifier:          skL5HOsExN7PWDzFZQA43mxbLbci9Zpbt20B07QIpAA=
Subject key identifier:   5D:76:20:32:03:16:AD:5B:E5:13:47:94:AB:16:BD:81:2E:D9:95:C2
Certificate issuer:       /CN=75f1a763745c25dad28f4a8116688e82ce12028b
Certificate serial:       018CCA998BF52BD7B23F88BD5D17BFF31811
Authority key identifier: 75:F1:A7:63:74:5C:25:DA:D2:8F:4A:81:16:68:8E:82:CE:12:02:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/XXYgMgMWrVvlE0eUqxa9gS7ZlcI.roa
Signing time:             Tue 02 Jan 2024 14:35:09 +0000
ROA not before:           Tue 02 Jan 2024 14:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47890
IP address blocks:        45.8.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:8b:f5:2b:d7:b2:3f:88:bd:5d:17:bf:f3:18:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75f1a763745c25dad28f4a8116688e82ce12028b
        Validity
            Not Before: Jan  2 14:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d7620320316ad5be5134794ab16bd812ed995c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f9:a3:b4:f5:aa:39:26:0b:ce:fe:71:16:cf:
                    f7:13:89:ec:ef:12:07:f3:af:2f:be:e2:a6:e5:ab:
                    e5:db:c1:c7:8b:80:16:fa:d6:9b:8b:f0:bd:98:d1:
                    bc:33:b0:98:5e:54:a3:7d:e5:48:92:cb:6f:0e:37:
                    ea:c3:91:bf:ec:4b:45:44:4d:ce:35:9e:b3:14:3c:
                    07:b3:ed:55:2c:8a:8a:c7:95:f8:b8:de:9b:dc:2d:
                    5a:47:d1:17:d5:f0:47:12:5a:45:7d:2c:bf:ec:cd:
                    9e:11:bd:d3:6d:b2:0d:fb:a6:90:7d:7e:c6:84:1a:
                    27:3b:9a:9a:8b:ce:86:3c:72:33:cd:40:24:39:25:
                    62:89:20:24:3a:25:2b:bc:e6:b8:5d:c1:02:a6:3d:
                    e9:5c:ed:2c:07:cb:5d:e9:59:6d:53:4e:48:e7:2a:
                    e3:3b:b0:bc:52:79:ba:da:82:cd:22:29:28:d2:1a:
                    dc:49:42:e6:91:d2:23:f9:08:1b:9d:e8:e9:7e:9b:
                    36:14:f1:8b:fc:24:eb:37:d6:72:0e:bc:94:5d:f2:
                    2c:96:32:51:5b:02:4c:dd:fa:4f:98:57:f0:61:52:
                    d4:b4:7c:2c:bf:f0:6f:43:de:b0:e5:81:06:a9:76:
                    e8:ec:a0:c7:b9:7b:8c:c8:7a:2d:09:6d:96:61:af:
                    0f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:76:20:32:03:16:AD:5B:E5:13:47:94:AB:16:BD:81:2E:D9:95:C2
            X509v3 Authority Key Identifier:
                keyid:75:F1:A7:63:74:5C:25:DA:D2:8F:4A:81:16:68:8E:82:CE:12:02:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/XXYgMgMWrVvlE0eUqxa9gS7ZlcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:7e:16:f9:9b:f7:51:fe:92:5c:a6:25:57:53:a0:b1:55:0b:
         04:12:d7:da:a7:41:57:b2:5a:58:b1:a3:52:d2:a3:6d:c6:a9:
         f6:90:64:30:61:af:86:f1:ac:b1:88:26:db:ab:28:c6:ea:91:
         ec:86:76:6a:ed:c1:74:89:a7:62:18:86:f9:8a:05:ea:cb:97:
         1b:bc:52:29:f6:21:81:f4:17:33:fc:d3:80:ff:1e:bc:5b:a8:
         2f:8b:42:01:1c:33:20:59:8c:8f:48:de:d3:92:57:3c:2d:f0:
         c4:cb:49:44:b4:34:89:46:04:96:e0:05:6a:59:d6:89:8e:bb:
         ef:0e:b5:14:8e:16:d6:04:d3:16:d2:3c:59:f0:7d:bf:0b:ad:
         af:c4:ee:eb:42:b1:88:ac:61:6b:51:02:fe:0a:cb:08:13:b1:
         03:92:23:c7:e5:6d:b9:c3:d8:8d:29:46:87:27:a2:52:d3:2d:
         2d:46:b0:28:0a:6d:48:03:d6:be:cc:5b:4f:72:df:12:75:ca:
         7e:1b:1d:15:16:a5:28:e3:7a:ac:fa:91:56:e8:56:dc:fa:d5:
         0d:84:e6:d3:ed:55:2f:63:6e:a6:0f:4e:ff:ee:6b:29:aa:75:
         44:87:b8:b1:13:ce:bd:38:46:65:f4:9a:6d:aa:ea:fd:7e:8d:
         d5:e1:2f:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmYv1K9eyP4i9XRe/8xgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZjFhNzYzNzQ1YzI1ZGFkMjhmNGE4MTE2Njg4ZTgyY2Ux
MjAyOGIwHhcNMjQwMTAyMTQzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDc2MjAzMjAzMTZhZDViZTUxMzQ3OTRhYjE2YmQ4MTJlZDk5NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPmjtPWqOSYLzv5xFs/3E4ns7xIH
868vvuKm5avl28HHi4AW+tabi/C9mNG8M7CYXlSjfeVIkstvDjfqw5G/7EtFRE3O
NZ6zFDwHs+1VLIqKx5X4uN6b3C1aR9EX1fBHElpFfSy/7M2eEb3TbbIN+6aQfX7G
hBonO5qai86GPHIzzUAkOSViiSAkOiUrvOa4XcECpj3pXO0sB8td6VltU05I5yrj
O7C8Unm62oLNIiko0hrcSULmkdIj+Qgbnejpfps2FPGL/CTrN9ZyDryUXfIsljJR
WwJM3fpPmFfwYVLUtHwsv/BvQ96w5YEGqXbo7KDHuXuMyHotCW2WYa8P9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF12IDIDFq1b5RNHlKsWvYEu2ZXCMB8GA1UdIwQY
MBaAFHXxp2N0XCXa0o9KgRZojoLOEgKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGZHblkzUmNKZHJTajBxQkZtaU9nczRTQW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85ODBlNjYtMzYzMS00ZmRlLThlMmQt
Yzg0OWJjMGYzNTliLzEvWFhZZ01nTVdyVnZsRTBlVXF4YTlnUzdabGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85ODBlNjYtMzYzMS00ZmRlLThlMmQtYzg0OWJjMGYzNTli
LzEvZGZHblkzUmNKZHJTajBxQkZtaU9nczRTQW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgsMA0G
CSqGSIb3DQEBCwUAA4IBAQAZfhb5m/dR/pJcpiVXU6CxVQsEEtfap0FXslpYsaNS
0qNtxqn2kGQwYa+G8ayxiCbbqyjG6pHshnZq7cF0iadiGIb5igXqy5cbvFIp9iGB
9Bcz/NOA/x68W6gvi0IBHDMgWYyPSN7Tklc8LfDEy0lEtDSJRgSW4AVqWdaJjrvv
DrUUjhbWBNMW0jxZ8H2/C62vxO7rQrGIrGFrUQL+CssIE7EDkiPH5W25w9iNKUaH
J6JS0y0tRrAoCm1IA9a+zFtPct8Sdcp+Gx0VFqUo43qs+pFW6Fbc+tUNhObT7VUv
Y26mD07/7mspqnVEh7ixE869OEZl9Jptqur9fo3V4S++
-----END CERTIFICATE-----