Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/SKnjxG3YWnkOyKsKshfi-v9mg-Q.roa
File:                     SKnjxG3YWnkOyKsKshfi-v9mg-Q.roa (raw, json)
Hash identifier:          X7hRNvCJqULF7qNH1va6G+yrrE41zvg2MJAYQByjz44=
Subject key identifier:   48:A9:E3:C4:6D:D8:5A:79:0E:C8:AB:0A:B2:17:E2:FA:FF:66:83:E4
Certificate issuer:       /CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
Certificate serial:       018CC26D324BA91E90695A314B3502CF4FAB
Authority key identifier: BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/SKnjxG3YWnkOyKsKshfi-v9mg-Q.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        45.81.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:32:4b:a9:1e:90:69:5a:31:4b:35:02:cf:4f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48a9e3c46dd85a790ec8ab0ab217e2faff6683e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:75:58:69:fe:6a:5f:91:33:2a:d9:eb:93:4f:
                    9a:9e:b3:bf:b0:21:ad:3e:13:03:4a:dd:08:e6:af:
                    49:49:7c:06:ff:25:bc:63:a0:13:ab:d4:bc:b2:f8:
                    7c:78:8d:30:0d:a3:81:48:4b:81:66:6a:27:00:9f:
                    fa:f5:10:6d:42:be:33:c8:17:39:32:96:cc:c7:ad:
                    fa:d5:2b:82:56:8e:1e:06:17:9d:21:75:e7:b3:7d:
                    85:c2:05:9f:c8:7e:64:e8:e1:06:5b:c7:9e:85:81:
                    b2:46:6d:41:61:8d:28:f1:7c:66:ce:20:21:f5:93:
                    7c:b6:39:8d:ab:89:b9:93:26:e2:32:8b:f4:93:cd:
                    3b:a5:4f:eb:bb:70:e4:c6:71:09:a0:3f:43:1c:31:
                    6d:3b:9e:c8:3b:84:46:64:e5:ba:6e:32:d9:10:e9:
                    9f:69:f4:20:f4:0e:b7:c7:80:6f:35:98:90:21:f5:
                    5d:8a:62:21:26:98:d1:0c:47:f5:31:2b:c9:58:6e:
                    e4:21:04:19:10:57:f4:57:d4:01:fe:a4:ea:3d:d3:
                    a2:91:51:b0:12:09:41:38:1d:93:8a:e6:c9:ef:2f:
                    89:c8:82:c2:42:7d:cd:38:ca:b6:15:48:2a:ea:5f:
                    da:bd:ec:26:12:7b:07:4a:16:b3:d6:79:b4:f7:bc:
                    00:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A9:E3:C4:6D:D8:5A:79:0E:C8:AB:0A:B2:17:E2:FA:FF:66:83:E4
            X509v3 Authority Key Identifier:
                keyid:BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/SKnjxG3YWnkOyKsKshfi-v9mg-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:55:b2:e8:f1:c1:0d:32:36:a0:00:dc:26:9e:3c:79:5e:d0:
         7d:1a:b0:ee:2c:67:e3:e3:7a:eb:0a:d4:98:7f:ef:f7:33:a7:
         78:d8:c5:c9:c4:3e:6b:51:94:c5:2d:41:c7:a9:c5:68:68:8f:
         19:59:79:da:c1:69:09:b7:c4:3a:0d:cf:da:4d:03:0a:e2:b4:
         33:cb:e8:62:a5:55:ad:0e:e5:91:20:44:57:b4:8c:82:a5:05:
         a1:8e:a7:fa:18:af:22:a7:44:09:8b:a5:db:82:9d:fd:b3:14:
         52:86:08:23:66:fa:50:f2:4e:c9:e3:ee:8f:6b:d0:f3:62:06:
         ec:98:99:79:d6:be:b0:57:7b:30:6e:80:f1:14:2d:7b:db:bd:
         ca:40:9b:cd:0a:14:ae:d7:f6:96:fd:e5:52:5e:c6:f1:dd:13:
         e4:4b:a4:69:58:23:c1:45:e4:d4:5b:01:3b:24:11:cf:58:66:
         fc:75:0f:4d:67:74:4f:68:d1:6d:09:ce:ff:65:c3:bc:e5:9b:
         60:2f:1e:f5:db:cd:0a:27:53:aa:06:64:c1:15:6a:df:2a:2f:
         8d:c5:e7:66:73:47:00:b9:f1:54:8f:e9:5d:58:9b:39:05:be:
         45:30:9f:4f:dc:79:e6:f3:14:22:0d:eb:5d:4e:3e:c0:9a:36:
         9c:e5:52:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTJLqR6QaVoxSzUCz0+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjgzZTk5YmY3MjU0Zjk0ODA1N2E1ZTk4MWJlNmZhNWMy
MDU0ZGQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE5ZTNjNDZkZDg1YTc5MGVjOGFiMGFiMjE3ZTJmYWZmNjY4M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3VYaf5qX5EzKtnrk0+anrO/sCGt
PhMDSt0I5q9JSXwG/yW8Y6ATq9S8svh8eI0wDaOBSEuBZmonAJ/69RBtQr4zyBc5
MpbMx6361SuCVo4eBhedIXXns32FwgWfyH5k6OEGW8eehYGyRm1BYY0o8XxmziAh
9ZN8tjmNq4m5kybiMov0k807pU/ru3DkxnEJoD9DHDFtO57IO4RGZOW6bjLZEOmf
afQg9A63x4BvNZiQIfVdimIhJpjRDEf1MSvJWG7kIQQZEFf0V9QB/qTqPdOikVGw
EglBOB2TiubJ7y+JyILCQn3NOMq2FUgq6l/avewmEnsHShaz1nm097wAnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEip48Rt2Fp5DsirCrIX4vr/ZoPkMB8GA1UdIwQY
MBaAFL24Ppm/clT5SAV6Xpgb5vpcIFTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEt
ZTQ5NWFhYTBjYWMwLzEvU0tuanhHM1lXbmtPeUtzS3NoZmktdjltZy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEtZTQ5NWFhYTBjYWMw
LzEvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVF0MA0G
CSqGSIb3DQEBCwUAA4IBAQA4VbLo8cENMjagANwmnjx5XtB9GrDuLGfj43rrCtSY
f+/3M6d42MXJxD5rUZTFLUHHqcVoaI8ZWXnawWkJt8Q6Dc/aTQMK4rQzy+hipVWt
DuWRIERXtIyCpQWhjqf6GK8ip0QJi6Xbgp39sxRShggjZvpQ8k7J4+6Pa9DzYgbs
mJl51r6wV3swboDxFC17273KQJvNChSu1/aW/eVSXsbx3RPkS6RpWCPBReTUWwE7
JBHPWGb8dQ9NZ3RPaNFtCc7/ZcO85ZtgLx71280KJ1OqBmTBFWrfKi+Nxedmc0cA
ufFUj+ldWJs5Bb5FMJ9P3Hnm8xQiDetdTj7Amjac5VKf
-----END CERTIFICATE-----