Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/9HI402KCmcoUhYMBTSZv35YN26M.roa
File:                     9HI402KCmcoUhYMBTSZv35YN26M.roa (raw, json)
Hash identifier:          fhe2+airoJav3gTCRKuXRfk+Fbth9ebzHleNvrQ+1kA=
Subject key identifier:   F4:72:38:D3:62:82:99:CA:14:85:83:01:4D:26:6F:DF:96:0D:DB:A3
Certificate issuer:       /CN=49f39d6c8b23fcdc20e53174e92fb3f56caa8b61
Certificate serial:       018CC5DBE1CC77577BE1CE9551CB139301BF
Authority key identifier: 49:F3:9D:6C:8B:23:FC:DC:20:E5:31:74:E9:2F:B3:F5:6C:AA:8B:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/9HI402KCmcoUhYMBTSZv35YN26M.roa
Signing time:             Mon 01 Jan 2024 16:29:30 +0000
ROA not before:           Mon 01 Jan 2024 16:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34177
IP address blocks:        45.85.55.0/24 maxlen: 24
                          2a0e:b886::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e1:cc:77:57:7b:e1:ce:95:51:cb:13:93:01:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f39d6c8b23fcdc20e53174e92fb3f56caa8b61
        Validity
            Not Before: Jan  1 16:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f47238d3628299ca148583014d266fdf960ddba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:8c:e1:58:d9:4c:e0:e8:b9:02:5d:2b:21:81:
                    be:17:57:51:d8:07:5f:47:85:36:95:9d:f6:12:58:
                    99:bf:ef:6f:a1:7d:75:18:d5:86:1f:19:9c:52:ef:
                    d7:46:33:e8:58:f2:97:f9:84:7f:31:76:7d:0d:93:
                    a8:79:a7:4a:53:a0:8d:74:2f:ec:40:11:c8:72:e6:
                    d7:26:a2:e3:26:42:e2:0d:c1:60:bc:ff:b3:07:91:
                    72:23:f2:70:60:45:fd:6f:ae:ef:2c:30:19:5f:d3:
                    b2:ad:a9:88:ba:aa:06:8d:16:44:2b:f0:63:4f:fd:
                    b8:0b:c9:f6:21:7e:ca:81:12:b7:55:f2:5c:bc:47:
                    8f:61:d1:09:81:6b:4d:e3:41:0f:a8:16:66:c3:28:
                    7b:8d:51:81:73:df:c4:39:4e:0a:c6:47:72:b0:e8:
                    8f:48:1e:00:fc:25:13:bc:36:50:bb:65:b1:3d:3e:
                    a9:ef:a3:1a:76:ea:22:c7:71:34:e6:b8:03:5b:cb:
                    19:b3:f8:36:13:e7:76:86:6c:1c:27:07:3c:ff:4d:
                    41:a4:a4:a5:70:50:99:17:bf:16:45:a1:03:26:b4:
                    7d:09:2c:a8:f8:5a:10:02:47:95:e9:42:8b:51:b3:
                    7f:77:f6:b0:f3:fa:48:18:fb:dd:e9:e4:82:e6:c0:
                    74:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:72:38:D3:62:82:99:CA:14:85:83:01:4D:26:6F:DF:96:0D:DB:A3
            X509v3 Authority Key Identifier:
                keyid:49:F3:9D:6C:8B:23:FC:DC:20:E5:31:74:E9:2F:B3:F5:6C:AA:8B:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/9HI402KCmcoUhYMBTSZv35YN26M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.55.0/24
                IPv6:
                  2a0e:b886::/31

    Signature Algorithm: sha256WithRSAEncryption
         65:f0:51:64:33:eb:4a:6a:a5:3f:52:50:fd:22:3b:c6:1b:72:
         68:58:a3:0b:d8:b6:59:d9:0b:07:48:64:f1:fd:d0:3f:a5:76:
         be:ed:8a:ab:03:45:e7:40:3c:24:b9:0a:49:8a:7e:3f:8c:c8:
         e3:cd:68:62:f6:71:9b:59:4b:ad:c8:42:a0:a7:a6:6a:3f:71:
         e7:e2:58:60:a1:80:7e:a8:4f:cf:b5:87:d3:68:cf:8e:be:4c:
         54:c2:12:89:00:17:9b:d1:05:98:80:a9:c0:7d:e7:c4:1e:e1:
         15:31:05:5f:1b:b4:25:27:2f:0e:9b:eb:31:31:f5:58:da:e7:
         25:5b:7e:03:3c:4c:ed:4b:91:f9:4f:27:aa:0f:bd:89:26:de:
         7c:69:79:5f:2a:6a:e1:5f:82:47:ec:c3:1b:fb:36:43:6b:14:
         24:08:a9:c1:24:8a:8b:4d:88:19:39:a5:af:a3:91:f5:43:1c:
         67:f6:9b:35:9c:ac:87:96:68:bb:d5:c6:71:de:6a:85:e2:c0:
         4d:92:98:10:b0:5f:53:c3:8a:77:26:31:47:b4:ba:03:81:08:
         dc:23:4f:c4:14:d9:c0:8d:53:61:59:5d:39:1a:3b:d2:82:75:
         b4:8c:3c:5e:2f:97:ce:37:ac:5c:48:38:8c:08:c7:d4:3b:26:
         5e:8b:71:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF2+HMd1d74c6VUcsTkwG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjM5ZDZjOGIyM2ZjZGMyMGU1MzE3NGU5MmZiM2Y1NmNh
YThiNjEwHhcNMjQwMTAxMTYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDcyMzhkMzYyODI5OWNhMTQ4NTgzMDE0ZDI2NmZkZjk2MGRkYmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YzhWNlM4Oi5Al0rIYG+F1dR2Adf
R4U2lZ32EliZv+9voX11GNWGHxmcUu/XRjPoWPKX+YR/MXZ9DZOoeadKU6CNdC/s
QBHIcubXJqLjJkLiDcFgvP+zB5FyI/JwYEX9b67vLDAZX9OyramIuqoGjRZEK/Bj
T/24C8n2IX7KgRK3VfJcvEePYdEJgWtN40EPqBZmwyh7jVGBc9/EOU4KxkdysOiP
SB4A/CUTvDZQu2WxPT6p76Maduoix3E05rgDW8sZs/g2E+d2hmwcJwc8/01BpKSl
cFCZF78WRaEDJrR9CSyo+FoQAkeV6UKLUbN/d/aw8/pIGPvd6eSC5sB0fQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPRyONNigpnKFIWDAU0mb9+WDdujMB8GA1UdIwQY
MBaAFEnznWyLI/zcIOUxdOkvs/VsqothMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZPZGJJc2pfTndnNVRGMDZTLXo5V3lxaTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xNjQ2MGYtZTQ5OC00ZjdiLTliOTAt
N2E1MDQzYzkxOGY5LzEvOUhJNDAyS0NtY29VaFlNQlRTWnYzNVlOMjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xNjQ2MGYtZTQ5OC00ZjdiLTliOTAtN2E1MDQzYzkxOGY5
LzEvU2ZPZGJJc2pfTndnNVRGMDZTLXo5V3lxaTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVU3MA0E
AgACMAcDBQEqDriGMA0GCSqGSIb3DQEBCwUAA4IBAQBl8FFkM+tKaqU/UlD9IjvG
G3JoWKML2LZZ2QsHSGTx/dA/pXa+7YqrA0XnQDwkuQpJin4/jMjjzWhi9nGbWUut
yEKgp6ZqP3Hn4lhgoYB+qE/PtYfTaM+OvkxUwhKJABeb0QWYgKnAfefEHuEVMQVf
G7QlJy8Om+sxMfVY2uclW34DPEztS5H5TyeqD72JJt58aXlfKmrhX4JH7MMb+zZD
axQkCKnBJIqLTYgZOaWvo5H1Qxxn9ps1nKyHlmi71cZx3mqF4sBNkpgQsF9Tw4p3
JjFHtLoDgQjcI0/EFNnAjVNhWV05GjvSgnW0jDxeL5fON6xcSDiMCMfUOyZei3E2
-----END CERTIFICATE-----