Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/1ttpLwgecpZd_Wwu-AJTJJCU9WU.roa
File:                     1ttpLwgecpZd_Wwu-AJTJJCU9WU.roa (raw, json)
Hash identifier:          nRyQwJ/BLq/rTeivpF11mc4gaX2FjpFv5xjAdBvF/lI=
Subject key identifier:   D6:DB:69:2F:08:1E:72:96:5D:FD:6C:2E:F8:02:53:24:90:94:F5:65
Certificate issuer:       /CN=9bbae6e3ed766de47aba6693bb5af8a648974310
Certificate serial:       018CCA2A3DABAC222449EB7BC95BEA30573A
Authority key identifier: 9B:BA:E6:E3:ED:76:6D:E4:7A:BA:66:93:BB:5A:F8:A6:48:97:43:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/1ttpLwgecpZd_Wwu-AJTJJCU9WU.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35236
IP address blocks:        45.91.28.0/22 maxlen: 24
                          2a0e:25c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3d:ab:ac:22:24:49:eb:7b:c9:5b:ea:30:57:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbae6e3ed766de47aba6693bb5af8a648974310
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6db692f081e72965dfd6c2ef80253249094f565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:fb:3b:59:f4:8c:be:11:6f:ee:58:c7:e1:d7:
                    b3:fc:ba:6b:0d:a5:96:f2:1f:93:10:cf:fe:69:12:
                    ff:9c:72:69:1c:c8:6c:b8:ef:c6:05:3a:d7:7f:1d:
                    73:51:bd:3b:f1:ba:88:2a:da:b9:79:eb:ca:c4:84:
                    93:9d:7f:59:1d:c5:3a:2b:db:3b:0e:42:7a:f5:46:
                    f5:3f:ae:18:4b:2d:25:8b:6a:24:a7:34:44:1a:91:
                    e0:08:89:aa:de:30:36:a4:c4:7a:d8:74:90:bb:5e:
                    fb:49:d9:e1:8b:ce:66:31:87:d0:f0:09:b1:18:3c:
                    a2:68:d1:96:fb:c7:32:36:7a:86:71:71:05:5f:29:
                    e2:45:f2:2e:7e:c4:6d:a1:71:3c:1f:7a:9f:a5:4a:
                    13:f5:fd:87:ef:e8:67:e7:47:96:f2:a3:e6:97:d7:
                    a4:08:d1:ff:d0:21:5d:0d:ee:7d:3f:f5:c6:83:8f:
                    12:11:41:48:34:11:6c:c3:a0:f0:45:22:43:97:eb:
                    c5:2b:4b:c5:d6:70:4a:ac:82:55:cf:a6:1f:f7:34:
                    2b:83:45:40:75:58:97:f6:13:9b:df:dd:c7:85:03:
                    5a:0b:5b:ab:39:bc:63:dc:5c:95:a3:93:f0:65:a7:
                    5e:dc:60:25:c0:5f:1c:2b:b2:b5:c4:76:78:46:53:
                    ff:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:DB:69:2F:08:1E:72:96:5D:FD:6C:2E:F8:02:53:24:90:94:F5:65
            X509v3 Authority Key Identifier:
                keyid:9B:BA:E6:E3:ED:76:6D:E4:7A:BA:66:93:BB:5A:F8:A6:48:97:43:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/1ttpLwgecpZd_Wwu-AJTJJCU9WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.28.0/22
                IPv6:
                  2a0e:25c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:9d:c4:b2:d4:f8:76:d6:d7:1f:48:97:83:90:70:bf:2f:c1:
         5a:bb:9d:50:41:e6:f5:3d:c1:a6:bc:81:3e:a8:11:37:6b:e5:
         64:03:63:7e:3c:1b:25:b4:77:c5:d3:db:6d:c4:29:e5:4e:bb:
         ef:59:da:cd:e0:13:09:10:e4:1f:39:6a:6b:81:5e:2e:51:43:
         61:0b:fe:f3:da:c5:e0:14:55:91:0d:cd:80:fc:6d:66:26:a7:
         e1:42:6a:7b:d0:8b:17:e1:0f:5e:e0:38:b9:14:8f:0e:af:a6:
         e0:62:e4:fd:de:8d:b3:33:b1:55:d1:ce:e1:e5:1d:f4:c9:c0:
         53:d7:c3:00:ca:ed:ba:f2:9a:9c:0c:a4:09:76:e1:05:00:ca:
         10:98:ac:e5:8b:f7:2c:67:6f:8d:17:eb:05:f2:cb:17:42:db:
         f6:25:2c:15:92:fd:c9:10:3c:b7:9c:3f:41:27:f1:20:35:11:
         1a:bd:60:5a:6a:25:da:a2:13:e4:42:08:e5:8c:62:6d:b1:6e:
         da:10:69:80:f4:d0:af:1c:da:7b:f4:60:db:12:4b:0c:ff:87:
         cc:d1:8e:52:77:2e:12:5d:13:ca:bb:f0:80:3f:8e:ff:82:ea:
         64:c9:fc:c5:d1:ef:06:5e:c3:39:09:dc:bb:ec:42:96:f8:43:
         c0:40:24:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKj2rrCIkSet7yVvqMFc6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYmFlNmUzZWQ3NjZkZTQ3YWJhNjY5M2JiNWFmOGE2NDg5
NzQzMTAwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmRiNjkyZjA4MWU3Mjk2NWRmZDZjMmVmODAyNTMyNDkwOTRmNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfs7WfSMvhFv7ljH4dez/LprDaWW
8h+TEM/+aRL/nHJpHMhsuO/GBTrXfx1zUb078bqIKtq5eevKxISTnX9ZHcU6K9s7
DkJ69Ub1P64YSy0li2okpzREGpHgCImq3jA2pMR62HSQu177Sdnhi85mMYfQ8Amx
GDyiaNGW+8cyNnqGcXEFXyniRfIufsRtoXE8H3qfpUoT9f2H7+hn50eW8qPml9ek
CNH/0CFdDe59P/XGg48SEUFINBFsw6DwRSJDl+vFK0vF1nBKrIJVz6Yf9zQrg0VA
dViX9hOb393HhQNaC1urObxj3FyVo5PwZade3GAlwF8cK7K1xHZ4RlP/wwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNbbaS8IHnKWXf1sLvgCUySQlPVlMB8GA1UdIwQY
MBaAFJu65uPtdm3kerpmk7ta+KZIl0MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTdybTQtMTJiZVI2dW1hVHUxcjRwa2lYUXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kMzk1M2ItYjk0Mi00Yjc1LTljOWQt
OTg1YzY0ZmUyN2VlLzEvMXR0cEx3Z2VjcFpkX1d3dS1BSlRKSkNVOVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kMzk1M2ItYjk0Mi00Yjc1LTljOWQtOTg1YzY0ZmUyN2Vl
LzEvbTdybTQtMTJiZVI2dW1hVHUxcjRwa2lYUXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVscMA0E
AgACMAcDBQMqDiXAMA0GCSqGSIb3DQEBCwUAA4IBAQBKncSy1Ph21tcfSJeDkHC/
L8Fau51QQeb1PcGmvIE+qBE3a+VkA2N+PBsltHfF09ttxCnlTrvvWdrN4BMJEOQf
OWprgV4uUUNhC/7z2sXgFFWRDc2A/G1mJqfhQmp70IsX4Q9e4Di5FI8Or6bgYuT9
3o2zM7FV0c7h5R30ycBT18MAyu268pqcDKQJduEFAMoQmKzli/csZ2+NF+sF8ssX
Qtv2JSwVkv3JEDy3nD9BJ/EgNREavWBaaiXaohPkQgjljGJtsW7aEGmA9NCvHNp7
9GDbEksM/4fM0Y5Sdy4SXRPKu/CAP47/gupkyfzF0e8GXsM5Cdy77EKW+EPAQCT+
-----END CERTIFICATE-----