Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/4c6cd6-37a9-4115-8366-24a8d9bf37bc/1/ygM1ZjDpIa8lerikv6xIYoFqvOw.roa
File:                     ygM1ZjDpIa8lerikv6xIYoFqvOw.roa (raw, json)
Hash identifier:          elWMGUEoPi4d1OKvkJe/ths8/GEiOLa4TzR/FkPOzwo=
Subject key identifier:   CA:03:35:66:30:E9:21:AF:25:7A:B8:A4:BF:AC:48:62:81:6A:BC:EC
Certificate issuer:       /CN=450bc67f549eb049257720a000eb05b54f5d2bc0
Certificate serial:       018CC94CA7DDB461E9DA78E7089BCE1FD6C3
Authority key identifier: 45:0B:C6:7F:54:9E:B0:49:25:77:20:A0:00:EB:05:B5:4F:5D:2B:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQvGf1SesEkldyCgAOsFtU9dK8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/4c6cd6-37a9-4115-8366-24a8d9bf37bc/1/ygM1ZjDpIa8lerikv6xIYoFqvOw.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57614
IP address blocks:        81.162.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/4c6cd6-37a9-4115-8366-24a8d9bf37bc/1/RQvGf1SesEkldyCgAOsFtU9dK8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/4c6cd6-37a9-4115-8366-24a8d9bf37bc/1/RQvGf1SesEkldyCgAOsFtU9dK8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQvGf1SesEkldyCgAOsFtU9dK8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a7:dd:b4:61:e9:da:78:e7:08:9b:ce:1f:d6:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=450bc67f549eb049257720a000eb05b54f5d2bc0
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca03356630e921af257ab8a4bfac4862816abcec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fb:ee:d1:4e:60:4d:02:74:1f:0c:10:e3:f4:
                    53:4d:60:2e:1c:4b:47:88:af:55:2d:fc:dd:a1:fd:
                    52:37:ec:43:88:0b:d6:0b:0f:16:f5:3c:ba:7b:31:
                    26:47:1c:b1:4c:4e:cf:66:21:7e:73:78:cf:89:48:
                    85:43:24:d3:f0:ae:e5:ef:cb:2e:58:4d:a9:09:ed:
                    a0:5a:ce:0a:bf:8e:0d:ec:12:5d:b4:16:57:c6:f6:
                    43:82:5c:b0:6b:28:9c:21:a1:51:84:e6:41:a1:71:
                    46:cb:23:35:2d:3d:d3:06:0e:19:c3:f5:86:0a:8a:
                    98:a9:be:9b:0e:5b:ad:29:97:93:78:01:d0:68:98:
                    d4:13:ae:d3:7c:e4:98:fc:04:0d:eb:e2:c6:34:fe:
                    af:97:96:46:b4:d5:21:e9:4b:97:47:3e:20:9b:aa:
                    b7:ea:a5:e7:13:e4:58:17:be:10:01:6e:80:3a:31:
                    fb:97:eb:c4:30:67:60:91:06:72:17:2c:b9:ab:85:
                    d8:1d:28:d6:48:e1:08:cf:25:64:12:f3:4c:00:af:
                    30:f7:b5:21:71:c6:3a:1d:7a:01:4a:fd:f2:cf:5d:
                    6d:ff:59:26:96:7c:ee:27:c6:0d:7b:58:02:83:e3:
                    06:f4:f7:ee:a2:3a:1d:b6:c7:ec:65:70:5c:7c:0e:
                    10:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:03:35:66:30:E9:21:AF:25:7A:B8:A4:BF:AC:48:62:81:6A:BC:EC
            X509v3 Authority Key Identifier:
                keyid:45:0B:C6:7F:54:9E:B0:49:25:77:20:A0:00:EB:05:B5:4F:5D:2B:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQvGf1SesEkldyCgAOsFtU9dK8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/4c6cd6-37a9-4115-8366-24a8d9bf37bc/1/ygM1ZjDpIa8lerikv6xIYoFqvOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/4c6cd6-37a9-4115-8366-24a8d9bf37bc/1/RQvGf1SesEkldyCgAOsFtU9dK8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.162.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:64:28:48:9e:56:35:9f:08:60:8e:b6:49:58:7b:50:3f:9a:
         5e:76:f1:dd:3b:20:01:64:57:70:12:f4:ec:f6:75:fd:87:08:
         17:ad:6b:0f:b0:95:40:da:be:08:22:7a:d3:bf:75:ed:31:e9:
         e6:17:85:df:ae:5b:c1:ad:07:50:df:6d:6e:c7:34:7d:41:b1:
         a1:0b:d8:be:85:40:f1:c6:4f:5f:d5:f3:8c:39:29:c9:e8:ec:
         9f:4f:59:a2:d2:4a:47:08:bb:64:f1:4e:77:de:a8:da:12:5c:
         ee:c6:e7:ec:2d:ab:67:57:a9:30:ac:53:c3:42:33:1d:60:1e:
         8d:28:6f:25:43:98:ea:0e:dd:23:30:bf:58:6b:c1:7c:d9:a8:
         5d:90:9d:cf:90:66:e5:a2:a3:47:ab:e2:8e:84:d4:6d:da:52:
         50:e5:f3:20:45:ab:0b:02:9e:8b:0c:0f:cb:7e:32:ca:94:dd:
         37:cd:3c:4a:f8:4b:eb:da:64:04:11:d7:e4:87:dc:a0:69:e4:
         17:fd:41:4d:e5:52:35:dd:28:3e:5b:31:b8:00:db:27:2e:8c:
         0d:d0:29:57:11:a0:8a:de:07:bc:e8:e7:ba:c6:86:58:4b:e7:
         83:f9:97:17:68:9c:0e:b9:77:ec:38:e6:1d:a1:70:1a:39:7a:
         77:3a:1d:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKfdtGHp2njnCJvOH9bDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MGJjNjdmNTQ5ZWIwNDkyNTc3MjBhMDAwZWIwNWI1NGY1
ZDJiYzAwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTAzMzU2NjMwZTkyMWFmMjU3YWI4YTRiZmFjNDg2MjgxNmFiY2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPvu0U5gTQJ0HwwQ4/RTTWAuHEtH
iK9VLfzdof1SN+xDiAvWCw8W9Ty6ezEmRxyxTE7PZiF+c3jPiUiFQyTT8K7l78su
WE2pCe2gWs4Kv44N7BJdtBZXxvZDglywayicIaFRhOZBoXFGyyM1LT3TBg4Zw/WG
CoqYqb6bDlutKZeTeAHQaJjUE67TfOSY/AQN6+LGNP6vl5ZGtNUh6UuXRz4gm6q3
6qXnE+RYF74QAW6AOjH7l+vEMGdgkQZyFyy5q4XYHSjWSOEIzyVkEvNMAK8w97Uh
ccY6HXoBSv3yz11t/1kmlnzuJ8YNe1gCg+MG9PfuojodtsfsZXBcfA4QJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoDNWYw6SGvJXq4pL+sSGKBarzsMB8GA1UdIwQY
MBaAFEULxn9UnrBJJXcgoADrBbVPXSvAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlF2R2YxU2VzRWtsZHlDZ0FPc0Z0VTlkSzhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80YzZjZDYtMzdhOS00MTE1LTgzNjYt
MjRhOGQ5YmYzN2JjLzEveWdNMVpqRHBJYThsZXJpa3Y2eElZb0Zxdk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80YzZjZDYtMzdhOS00MTE1LTgzNjYtMjRhOGQ5YmYzN2Jj
LzEvUlF2R2YxU2VzRWtsZHlDZ0FPc0Z0VTlkSzhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUaIwMA0G
CSqGSIb3DQEBCwUAA4IBAQAnZChInlY1nwhgjrZJWHtQP5pedvHdOyABZFdwEvTs
9nX9hwgXrWsPsJVA2r4IInrTv3XtMenmF4XfrlvBrQdQ321uxzR9QbGhC9i+hUDx
xk9f1fOMOSnJ6OyfT1mi0kpHCLtk8U533qjaElzuxufsLatnV6kwrFPDQjMdYB6N
KG8lQ5jqDt0jML9Ya8F82ahdkJ3PkGbloqNHq+KOhNRt2lJQ5fMgRasLAp6LDA/L
fjLKlN03zTxK+Evr2mQEEdfkh9ygaeQX/UFN5VI13Sg+WzG4ANsnLowN0ClXEaCK
3ge86Oe6xoZYS+eD+ZcXaJwOuXfsOOYdoXAaOXp3Oh1H
-----END CERTIFICATE-----