Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/awkGY-peDLfuUTEUOnyEshyx4L0.roa
File:                     awkGY-peDLfuUTEUOnyEshyx4L0.roa (raw, json)
Hash identifier:          tM6Jpz4EVcXtfvIXxSDIs3clgS899SWViH1Qm0knTug=
Subject key identifier:   6B:09:06:63:EA:5E:0C:B7:EE:51:31:14:3A:7C:84:B2:1C:B1:E0:BD
Certificate issuer:       /CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
Certificate serial:       01914553CA0627765EEF41A0AB940A1471C8
Authority key identifier: 88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/awkGY-peDLfuUTEUOnyEshyx4L0.roa
Signing time:             Mon 12 Aug 2024 06:43:24 +0000
ROA not before:           Mon 12 Aug 2024 06:43:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        45.137.128.0/22 maxlen: 22
                          192.144.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:53:ca:06:27:76:5e:ef:41:a0:ab:94:0a:14:71:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
        Validity
            Not Before: Aug 12 06:43:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b090663ea5e0cb7ee5131143a7c84b21cb1e0bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:99:16:33:e9:93:c1:1b:49:81:f0:93:ac:24:
                    08:a2:05:af:08:d1:f5:b1:99:75:b7:80:e6:24:65:
                    58:47:73:21:e1:74:e6:4c:2c:1e:d2:8b:85:a4:d8:
                    ac:a2:99:d8:82:3c:58:52:ad:a1:04:b0:cc:f7:e1:
                    6c:03:c6:5a:5a:fc:35:d9:3e:6e:1d:c4:e1:d4:11:
                    bf:97:2f:eb:9d:d3:6b:e2:d4:eb:bf:6b:f7:38:92:
                    c0:c8:9a:1a:85:3d:6a:73:ad:85:8a:a6:92:4b:c0:
                    fb:6a:0a:16:23:e0:0f:fc:b7:19:06:cd:ca:b4:59:
                    45:e6:2e:d4:ba:3c:b9:58:35:01:38:00:5f:a1:2d:
                    11:d8:bc:df:20:93:7a:80:66:ba:5c:e0:48:03:dc:
                    8b:f9:33:64:08:2c:95:9f:25:52:a8:d8:f7:c1:25:
                    26:5f:ed:74:14:f0:7d:c5:6d:cb:6c:e9:3a:76:4c:
                    41:cc:1c:a7:ca:7d:1b:4b:d3:d7:b9:a9:36:f1:c1:
                    7e:57:24:22:75:65:7e:b5:cf:84:e4:eb:14:ef:ca:
                    61:44:d6:65:75:75:13:d8:a2:10:8a:d7:3d:72:8c:
                    82:f9:df:c5:2b:14:c8:0e:93:78:8c:eb:fb:ec:d8:
                    c2:56:41:0c:33:f8:03:c6:c2:26:3e:6a:df:4b:b2:
                    0d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:09:06:63:EA:5E:0C:B7:EE:51:31:14:3A:7C:84:B2:1C:B1:E0:BD
            X509v3 Authority Key Identifier:
                keyid:88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/awkGY-peDLfuUTEUOnyEshyx4L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.128.0/22
                  192.144.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:6c:81:c4:51:ae:8d:b4:cd:4a:78:ec:4d:1a:5d:70:56:2b:
         7c:3b:7e:ba:72:e2:4e:ea:dd:72:7f:6f:76:7d:9f:0b:c0:c3:
         ab:87:10:d2:5e:8f:90:46:35:07:0a:b3:26:d1:40:d6:46:4c:
         21:51:92:8e:21:c2:25:f2:2a:85:c4:7c:1a:cb:5e:bc:72:50:
         74:08:45:9f:72:59:2e:07:32:a3:24:8f:08:d9:2b:48:9d:3f:
         c9:87:ac:57:18:8a:40:f6:b5:71:3e:b7:a3:04:f5:f3:a5:83:
         e5:8e:c4:52:98:3c:c7:7f:22:7c:24:f9:2d:ec:74:3c:dd:36:
         f4:b9:09:9e:c7:97:f2:03:ad:95:eb:ea:f1:d8:e0:d0:c7:09:
         ec:7c:a9:0f:b3:a1:76:c4:af:e1:b0:1b:bf:03:7a:cc:b5:fd:
         e8:96:2b:5c:99:8f:e3:ce:12:48:87:26:00:b2:fe:e3:38:6e:
         14:18:da:18:1b:74:d9:aa:27:87:64:f7:67:b7:a8:8c:f2:a7:
         6a:41:a9:84:e4:81:ba:f8:ea:c2:ff:2c:3a:0c:e5:b7:2c:4a:
         97:0b:97:02:0f:c4:e5:d3:58:86:9c:ee:b5:0a:42:7e:e6:8c:
         88:66:bd:25:1f:ad:69:dd:84:5a:61:56:d3:20:33:8b:cc:ad:
         68:62:8b:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFFU8oGJ3Ze70Ggq5QKFHHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MjFhMzlhZWQ5ZGE0ZWUzYWI2NjM5ZDI0NDUwOGZhMWU4
ZDIwZjYwHhcNMjQwODEyMDY0MzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjA5MDY2M2VhNWUwY2I3ZWU1MTMxMTQzYTdjODRiMjFjYjFlMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJkWM+mTwRtJgfCTrCQIogWvCNH1
sZl1t4DmJGVYR3Mh4XTmTCwe0ouFpNisopnYgjxYUq2hBLDM9+FsA8ZaWvw12T5u
HcTh1BG/ly/rndNr4tTrv2v3OJLAyJoahT1qc62FiqaSS8D7agoWI+AP/LcZBs3K
tFlF5i7Uujy5WDUBOABfoS0R2LzfIJN6gGa6XOBIA9yL+TNkCCyVnyVSqNj3wSUm
X+10FPB9xW3LbOk6dkxBzBynyn0bS9PXuak28cF+VyQidWV+tc+E5OsU78phRNZl
dXUT2KIQitc9coyC+d/FKxTIDpN4jOv77NjCVkEMM/gDxsImPmrfS7INIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGsJBmPqXgy37lExFDp8hLIcseC9MB8GA1UdIwQY
MBaAFIgho5rtnaTuOrZjnSRFCPoejSD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAt
ZjYwZDZmNzE4MmExLzEvYXdrR1ktcGVETGZ1VVRFVU9ueUVzaHl4NEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAtZjYwZDZmNzE4MmEx
LzEvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYmAAwQC
wJAsMA0GCSqGSIb3DQEBCwUAA4IBAQCqbIHEUa6NtM1KeOxNGl1wVit8O366cuJO
6t1yf292fZ8LwMOrhxDSXo+QRjUHCrMm0UDWRkwhUZKOIcIl8iqFxHway168clB0
CEWfclkuBzKjJI8I2StInT/Jh6xXGIpA9rVxPrejBPXzpYPljsRSmDzHfyJ8JPkt
7HQ83Tb0uQmex5fyA62V6+rx2ODQxwnsfKkPs6F2xK/hsBu/A3rMtf3olitcmY/j
zhJIhyYAsv7jOG4UGNoYG3TZqieHZPdnt6iM8qdqQamE5IG6+OrC/yw6DOW3LEqX
C5cCD8Tl01iGnO61CkJ+5oyIZr0lH61p3YRaYVbTIDOLzK1oYotu
-----END CERTIFICATE-----