Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/yCurq0ZUIoxIShLP1KKDF9hPUYQ.roa
File:                     yCurq0ZUIoxIShLP1KKDF9hPUYQ.roa (raw, json)
Hash identifier:          T+89pLRXwrByR5yPoMBU33eKRrCT08RHsCMIu4iYn8c=
Subject key identifier:   C8:2B:AB:AB:46:54:22:8C:48:4A:12:CF:D4:A2:83:17:D8:4F:51:84
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       018CC64B2B39F1129995E09FBED7DAD028F3
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/yCurq0ZUIoxIShLP1KKDF9hPUYQ.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207409
IP address blocks:        45.9.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2b:39:f1:12:99:95:e0:9f:be:d7:da:d0:28:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c82babab4654228c484a12cfd4a28317d84f5184
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6b:97:f7:39:d6:ab:c5:e7:e5:35:66:19:fe:
                    3c:8d:2a:3d:f6:c6:4e:cf:ba:7a:72:5d:91:e5:26:
                    6b:1c:4b:1f:55:4b:aa:08:df:d9:a1:bd:c3:42:33:
                    5e:df:a7:e0:74:a1:3e:bd:7d:41:18:ea:90:3b:a0:
                    9a:d8:9c:e7:25:b1:1b:1e:82:17:30:ed:33:86:e0:
                    17:a2:52:08:ee:9f:ec:3b:55:26:f9:aa:94:ca:a4:
                    01:3b:ac:df:9b:62:4d:a8:8b:5d:1b:52:8c:ef:ae:
                    94:ea:71:91:ec:95:43:f2:67:2f:18:dc:5f:36:7e:
                    f7:e0:f0:84:88:83:9e:28:4b:17:fe:45:cb:50:13:
                    1b:c5:0d:d1:dc:28:b8:04:64:e2:ee:58:d8:86:15:
                    36:c8:0a:47:f0:91:ca:07:c7:9e:58:01:67:37:3c:
                    1a:c3:3c:c9:65:f9:e3:e9:b1:49:d8:07:ab:f1:34:
                    8f:73:24:8b:33:1b:4c:e4:ac:4b:72:c1:ee:ff:83:
                    e6:ee:19:4b:fd:33:c8:c7:b0:6f:de:1d:9b:11:d3:
                    80:12:12:11:ca:47:51:8d:37:31:06:7b:b9:58:f1:
                    22:3a:92:d7:6a:fd:4f:67:46:fe:82:f6:34:eb:af:
                    66:9a:d7:5c:76:53:87:46:5c:c0:8a:8a:63:84:f0:
                    17:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:2B:AB:AB:46:54:22:8C:48:4A:12:CF:D4:A2:83:17:D8:4F:51:84
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/yCurq0ZUIoxIShLP1KKDF9hPUYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:27:26:90:ad:16:73:e0:19:80:27:74:2d:80:a4:e1:cb:65:
         a4:ec:68:48:00:f6:9b:b6:ed:fa:15:21:34:56:47:f7:8b:02:
         9e:e4:58:f6:d8:8a:20:f9:5d:2e:ff:c0:95:1e:bc:13:a2:18:
         f4:42:88:30:4a:bd:06:f0:11:70:ae:27:5c:5b:1a:33:1e:ac:
         3f:5a:e4:99:d7:7a:b6:64:15:e0:7d:fa:b9:2d:8e:41:47:65:
         88:ec:a8:63:26:2b:aa:7f:69:8e:87:64:a0:2f:db:d3:3e:d0:
         0d:db:b5:65:e1:16:a2:11:a5:31:26:bb:53:69:a2:2f:51:1e:
         c6:8b:95:1c:b5:95:93:f7:20:19:28:92:ab:ea:f5:a6:46:f7:
         a1:8d:ec:77:08:0c:63:0e:55:1e:03:e6:40:c7:0e:89:a2:bf:
         25:92:cb:9c:bf:4d:17:52:16:0d:60:2a:ba:03:22:e4:1c:69:
         73:a5:94:4b:43:4d:b8:2e:da:64:37:3c:e8:ac:34:80:72:13:
         2f:f8:52:bd:89:5b:7e:91:c0:ee:c4:3b:d7:ba:cd:93:6c:dd:
         85:66:b0:5d:24:1c:36:f4:2c:df:d5:71:ae:5f:62:ea:21:d9:
         8b:59:ae:bf:a3:dc:ab:ea:b9:7f:72:2c:04:15:27:5f:a1:83:
         ae:2c:40:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSys58RKZleCfvtfa0CjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODJiYWJhYjQ2NTQyMjhjNDg0YTEyY2ZkNGEyODMxN2Q4NGY1MTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWuX9znWq8Xn5TVmGf48jSo99sZO
z7p6cl2R5SZrHEsfVUuqCN/Zob3DQjNe36fgdKE+vX1BGOqQO6Ca2JznJbEbHoIX
MO0zhuAXolII7p/sO1Um+aqUyqQBO6zfm2JNqItdG1KM766U6nGR7JVD8mcvGNxf
Nn734PCEiIOeKEsX/kXLUBMbxQ3R3Ci4BGTi7ljYhhU2yApH8JHKB8eeWAFnNzwa
wzzJZfnj6bFJ2Aer8TSPcySLMxtM5KxLcsHu/4Pm7hlL/TPIx7Bv3h2bEdOAEhIR
ykdRjTcxBnu5WPEiOpLXav1PZ0b+gvY0669mmtdcdlOHRlzAiopjhPAXhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgrq6tGVCKMSEoSz9SigxfYT1GEMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEveUN1cnEwWlVJb3hJU2hMUDFLS0RGOWhQVVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQn/MA0G
CSqGSIb3DQEBCwUAA4IBAQCAJyaQrRZz4BmAJ3QtgKThy2Wk7GhIAPabtu36FSE0
Vkf3iwKe5Fj22Iog+V0u/8CVHrwTohj0QogwSr0G8BFwridcWxozHqw/WuSZ13q2
ZBXgffq5LY5BR2WI7KhjJiuqf2mOh2SgL9vTPtAN27Vl4RaiEaUxJrtTaaIvUR7G
i5UctZWT9yAZKJKr6vWmRvehjex3CAxjDlUeA+ZAxw6Jor8lksucv00XUhYNYCq6
AyLkHGlzpZRLQ024LtpkNzzorDSAchMv+FK9iVt+kcDuxDvXus2TbN2FZrBdJBw2
9Czf1XGuX2LqIdmLWa6/o9yr6rl/ciwEFSdfoYOuLEDt
-----END CERTIFICATE-----