Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8qAm96LzWSoWGTTGhkZs1w_x7PA.roa
File:                     8qAm96LzWSoWGTTGhkZs1w_x7PA.roa (raw, json)
Hash identifier:          vfXAXcYwj/JDnf3I3fzFDjueDOm3KpG2wIWs2WY4780=
Subject key identifier:   F2:A0:26:F7:A2:F3:59:2A:16:19:34:C6:86:46:6C:D7:0F:F1:EC:F0
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01900DB57759D6BF9016B4629211465CCA14
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8qAm96LzWSoWGTTGhkZs1w_x7PA.roa
Signing time:             Wed 12 Jun 2024 18:28:34 +0000
ROA not before:           Wed 12 Jun 2024 18:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        45.9.30.0/24 maxlen: 24
                          45.94.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0d:b5:77:59:d6:bf:90:16:b4:62:92:11:46:5c:ca:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 12 18:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a026f7a2f3592a161934c686466cd70ff1ecf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6e:7f:b1:57:57:0e:b5:f4:5c:07:cd:60:20:
                    f2:23:4d:3b:ac:e2:90:a0:06:0a:93:de:20:fe:30:
                    33:d1:bf:be:90:e1:bd:36:30:f3:41:53:39:5a:6d:
                    00:08:7a:2c:e3:6a:c1:1a:8e:8d:a7:ce:ed:b6:19:
                    a1:89:6d:2b:a2:bf:04:7b:b0:7a:36:97:d5:ae:f0:
                    c3:78:08:0d:d9:07:fd:69:bf:78:74:1b:20:d8:d6:
                    10:2a:86:d9:63:e6:4c:50:5d:4e:bf:77:96:b5:27:
                    db:70:91:96:69:a2:c4:fb:bc:67:05:c0:4a:7b:08:
                    a6:1e:51:1b:c2:80:eb:85:da:a9:29:07:bb:bc:95:
                    dc:bf:61:ef:30:7c:3d:78:47:ec:d0:fc:00:6a:ad:
                    3c:ab:41:58:d3:83:ff:08:1e:7f:86:5c:2c:91:e5:
                    29:5e:df:8a:e6:aa:9a:6a:a7:ec:23:fe:92:29:81:
                    c3:41:34:67:93:9f:2e:1a:92:1d:fa:20:4e:ca:fb:
                    c5:da:cf:79:e6:ab:f4:f3:4a:e2:73:29:20:43:5b:
                    31:83:ec:95:b8:d7:78:bc:2f:52:a6:8e:8e:33:6b:
                    f5:4d:de:44:f1:35:d1:4c:b6:bc:b7:86:f6:0b:3b:
                    fb:36:4b:a7:1d:4e:ce:b2:30:a2:d9:89:bc:34:da:
                    9a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A0:26:F7:A2:F3:59:2A:16:19:34:C6:86:46:6C:D7:0F:F1:EC:F0
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8qAm96LzWSoWGTTGhkZs1w_x7PA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24
                  45.94.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:37:ca:fa:46:0e:61:8f:d2:f1:72:bd:2b:bb:03:22:80:02:
         37:fc:40:dc:ac:31:31:b9:49:ab:34:0a:2c:17:0d:32:06:5b:
         bd:d9:c8:d7:f2:2e:22:bd:c7:50:c3:04:21:9b:30:67:66:88:
         b4:9c:94:10:0a:57:a7:91:70:13:d0:f0:56:f0:f9:c8:5b:ab:
         4c:8b:06:75:af:06:5a:54:d1:cf:f6:1d:c9:e8:e5:79:c4:ae:
         ea:73:44:1c:54:ea:05:4a:2f:6d:bb:8e:a3:6f:4f:ed:bd:e3:
         ac:ac:a0:53:36:cc:e7:5c:a1:36:7e:6a:a9:b9:74:aa:a2:81:
         45:f3:3a:0a:c4:df:79:ab:bb:c2:aa:da:63:89:0c:df:33:b1:
         99:ea:d2:bc:f0:ff:30:80:88:e4:ef:e3:92:b5:97:c3:f7:96:
         5b:16:e1:0e:d6:5c:a8:79:0f:59:6e:28:c4:6b:a4:0a:5e:76:
         ce:2f:fc:0f:69:b5:4d:b2:fd:ea:ce:c3:06:a2:5a:40:f0:92:
         09:40:f2:c5:d8:f7:3f:51:9f:e1:7b:64:b0:a1:9e:43:3f:7e:
         88:f0:fa:01:25:f0:a1:21:96:a2:0c:22:f6:27:79:e9:f9:e7:
         fe:4b:fc:62:ad:78:23:be:ce:86:64:2b:c6:6c:de:00:b3:d3:
         8d:00:e8:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZANtXdZ1r+QFrRikhFGXMoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNjEyMTgyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmEwMjZmN2EyZjM1OTJhMTYxOTM0YzY4NjQ2NmNkNzBmZjFlY2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG5/sVdXDrX0XAfNYCDyI007rOKQ
oAYKk94g/jAz0b++kOG9NjDzQVM5Wm0ACHos42rBGo6Np87tthmhiW0ror8Ee7B6
NpfVrvDDeAgN2Qf9ab94dBsg2NYQKobZY+ZMUF1Ov3eWtSfbcJGWaaLE+7xnBcBK
ewimHlEbwoDrhdqpKQe7vJXcv2HvMHw9eEfs0PwAaq08q0FY04P/CB5/hlwskeUp
Xt+K5qqaaqfsI/6SKYHDQTRnk58uGpId+iBOyvvF2s955qv080ricykgQ1sxg+yV
uNd4vC9Spo6OM2v1Td5E8TXRTLa8t4b2Czv7NkunHU7OsjCi2Ym8NNqasQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPKgJvei81kqFhk0xoZGbNcP8ezwMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOHFBbTk2THpXU29XR1RUR2hrWnMxd194N1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQkeAwQA
LV6rMA0GCSqGSIb3DQEBCwUAA4IBAQCcN8r6Rg5hj9Lxcr0ruwMigAI3/EDcrDEx
uUmrNAosFw0yBlu92cjX8i4ivcdQwwQhmzBnZoi0nJQQClenkXAT0PBW8PnIW6tM
iwZ1rwZaVNHP9h3J6OV5xK7qc0QcVOoFSi9tu46jb0/tveOsrKBTNsznXKE2fmqp
uXSqooFF8zoKxN95q7vCqtpjiQzfM7GZ6tK88P8wgIjk7+OStZfD95ZbFuEO1lyo
eQ9ZbijEa6QKXnbOL/wPabVNsv3qzsMGolpA8JIJQPLF2Pc/UZ/he2SwoZ5DP36I
8PoBJfChIZaiDCL2J3np+ef+S/xirXgjvs6GZCvGbN4As9ONAOiW
-----END CERTIFICATE-----