Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/iab0ZqVI7NdJEaNRzZIPTh7lXv8.roa
File:                     iab0ZqVI7NdJEaNRzZIPTh7lXv8.roa (raw, json)
Hash identifier:          D7WL3j/kMq06tCBvYyxOE0GN4TBZvm3YorzOr9nX2zE=
Subject key identifier:   89:A6:F4:66:A5:48:EC:D7:49:11:A3:51:CD:92:0F:4E:1E:E5:5E:FF
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01900C3FED5C64C9FEF9766EDB37F6ED4150
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/iab0ZqVI7NdJEaNRzZIPTh7lXv8.roa
Signing time:             Wed 12 Jun 2024 11:40:34 +0000
ROA not before:           Wed 12 Jun 2024 11:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        45.9.30.0/24 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 11:40:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:3f:ed:5c:64:c9:fe:f9:76:6e:db:37:f6:ed:41:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 12 11:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a6f466a548ecd74911a351cd920f4e1ee55eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:46:98:6a:7d:51:d0:e0:32:f4:ee:3a:cc:ee:
                    68:6d:e2:90:d7:e4:ca:7b:91:98:b4:42:2a:a4:79:
                    81:70:a9:ff:e2:96:97:88:93:b0:1e:d7:41:63:f0:
                    43:9b:45:e0:12:4b:a9:a9:67:8e:2c:8e:59:e0:41:
                    29:22:32:84:85:8c:46:ca:79:14:fe:94:4a:36:47:
                    64:36:89:4f:06:b1:5f:2a:93:f3:c1:ff:07:c0:c9:
                    85:78:22:a9:79:1b:c3:28:48:35:24:6b:7c:8a:ac:
                    fa:de:e2:0a:21:96:d3:6d:f2:94:c1:8d:19:7c:1e:
                    03:1d:4e:51:cf:a1:6f:4e:cd:0b:93:53:a0:c6:0d:
                    25:78:bd:1c:10:0b:74:68:90:09:97:11:96:83:b0:
                    0b:88:81:aa:8b:22:25:94:d2:e7:71:51:d2:4f:54:
                    c2:cb:88:f8:b5:bf:c7:56:95:5b:49:91:b8:84:85:
                    f1:4b:bd:b5:b1:48:71:0e:8c:7c:92:fd:66:ff:29:
                    c6:1b:47:b3:cb:9a:f7:74:dc:86:33:f0:e6:55:45:
                    75:e2:2c:86:6e:74:b1:45:9a:df:fd:35:2d:ac:6f:
                    f6:5d:52:27:a0:13:61:98:0c:63:0e:1b:63:1d:65:
                    dc:3a:5e:29:1e:ae:1e:6f:37:b4:1d:6e:93:f3:29:
                    ad:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A6:F4:66:A5:48:EC:D7:49:11:A3:51:CD:92:0F:4E:1E:E5:5E:FF
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/iab0ZqVI7NdJEaNRzZIPTh7lXv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24
                  45.94.171.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:de:a2:c0:76:33:e1:5f:75:de:74:25:06:57:39:bb:e9:8d:
         b6:85:b1:9c:25:67:73:21:0d:21:8e:e2:0b:d3:76:67:41:84:
         b7:74:ba:41:5b:45:c8:df:e5:5e:66:2f:e3:e1:2c:8a:04:36:
         ca:08:a9:61:cf:91:59:78:d0:11:3d:f3:ed:fa:15:22:79:97:
         3f:25:59:43:0d:15:9c:3e:7f:59:e0:61:49:1c:6e:2e:a3:43:
         85:d1:2b:0e:e9:0a:be:90:7a:55:8b:eb:ab:6e:13:b2:13:40:
         75:6b:7b:d9:af:21:10:33:44:7b:28:6d:c0:25:ce:af:86:c4:
         e6:56:78:ac:90:27:52:87:a5:d4:7f:1c:eb:fb:3e:cc:9f:39:
         fb:fa:72:15:5c:93:a3:87:d2:76:f7:77:8d:ff:a7:93:1b:b8:
         b4:9f:2f:3d:7d:d3:d9:1d:54:0a:8a:18:da:f9:eb:ea:8b:a0:
         44:15:b5:77:6b:c3:64:79:7e:02:1d:1e:01:3f:c5:c6:cc:ec:
         b4:1c:78:71:04:37:7a:08:4e:ea:09:bf:75:2b:a3:80:02:23:
         ff:f0:8a:92:87:b5:f5:f3:e4:63:66:0b:f6:e0:b2:36:9f:a7:
         45:36:a8:e9:a2:c2:cc:02:02:a3:eb:2d:74:0b:7c:5c:e3:25:
         8f:5d:02:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAMP+1cZMn++XZu2zf27UFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNjEyMTE0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE2ZjQ2NmE1NDhlY2Q3NDkxMWEzNTFjZDkyMGY0ZTFlZTU1ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kaYan1R0OAy9O46zO5obeKQ1+TK
e5GYtEIqpHmBcKn/4paXiJOwHtdBY/BDm0XgEkupqWeOLI5Z4EEpIjKEhYxGynkU
/pRKNkdkNolPBrFfKpPzwf8HwMmFeCKpeRvDKEg1JGt8iqz63uIKIZbTbfKUwY0Z
fB4DHU5Rz6FvTs0Lk1Ogxg0leL0cEAt0aJAJlxGWg7ALiIGqiyIllNLncVHST1TC
y4j4tb/HVpVbSZG4hIXxS721sUhxDox8kv1m/ynGG0ezy5r3dNyGM/DmVUV14iyG
bnSxRZrf/TUtrG/2XVInoBNhmAxjDhtjHWXcOl4pHq4ebze0HW6T8ymtuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFImm9GalSOzXSRGjUc2SD04e5V7/MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvaWFiMFpxVkk3TmRKRWFOUnpaSVBUaDdsWHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQkeAwQA
LV6rAwQAw7FfMA0GCSqGSIb3DQEBCwUAA4IBAQCA3qLAdjPhX3XedCUGVzm76Y22
hbGcJWdzIQ0hjuIL03ZnQYS3dLpBW0XI3+VeZi/j4SyKBDbKCKlhz5FZeNARPfPt
+hUieZc/JVlDDRWcPn9Z4GFJHG4uo0OF0SsO6Qq+kHpVi+urbhOyE0B1a3vZryEQ
M0R7KG3AJc6vhsTmVniskCdSh6XUfxzr+z7Mnzn7+nIVXJOjh9J293eN/6eTG7i0
ny89fdPZHVQKihja+evqi6BEFbV3a8NkeX4CHR4BP8XGzOy0HHhxBDd6CE7qCb91
K6OAAiP/8IqSh7X18+RjZgv24LI2n6dFNqjposLMAgKj6y10C3xc4yWPXQIu
-----END CERTIFICATE-----