Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/2MldTXUj_f4uw5bUuu9_4pnZGMA.roa
File:                     2MldTXUj_f4uw5bUuu9_4pnZGMA.roa (raw, json)
Hash identifier:          GvShhWODQkH2fX18P045hH/lPykir+KPxRSBHjK4ewo=
Subject key identifier:   D8:C9:5D:4D:75:23:FD:FE:2E:C3:96:D4:BA:EF:7F:E2:99:D9:18:C0
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA9DB9EAC577C3262542702F40FA4
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/2MldTXUj_f4uw5bUuu9_4pnZGMA.roa
Signing time:             Tue 02 Jan 2024 04:30:10 +0000
ROA not before:           Tue 02 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        45.84.218.0/24 maxlen: 24
                          2a0f:e382::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 03:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a9:db:9e:ac:57:7c:32:62:54:27:02:f4:0f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8c95d4d7523fdfe2ec396d4baef7fe299d918c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f1:69:f2:1f:f9:3a:8e:c5:8b:20:d8:50:df:
                    84:90:1a:f1:e1:08:f7:26:1e:8a:ea:f4:ec:b5:2e:
                    38:be:4f:da:a9:67:a1:6f:6e:4c:34:02:8b:22:fe:
                    0b:c0:c6:f4:3a:d2:6f:21:5a:a2:f5:36:83:f3:06:
                    21:6a:27:4d:59:29:0e:b2:75:cf:fe:f5:95:09:67:
                    f3:5b:8d:b7:24:27:d3:cb:a0:54:6e:c3:84:3a:9e:
                    aa:c5:0b:93:c3:af:94:90:4a:cc:7f:ab:15:7b:ef:
                    fc:d1:d4:ba:a8:ee:b7:95:17:bd:fd:56:37:82:30:
                    f2:6e:54:c0:f8:3c:bc:9b:66:fe:7e:98:7f:32:f7:
                    8c:17:ff:b5:e5:e1:96:d1:e4:8c:e7:9f:2d:ba:d7:
                    8b:2e:51:60:20:e3:d3:73:6c:80:07:2a:e0:00:95:
                    b0:8a:13:db:2b:ed:a1:8d:81:92:fd:fa:3a:20:3e:
                    1d:21:17:93:0e:60:59:20:d9:a5:91:d4:33:42:d0:
                    6f:b3:93:e8:5a:91:c7:71:2f:d7:bc:6b:e4:0b:31:
                    22:f8:b2:dd:88:78:b9:14:29:77:4c:48:45:6c:5d:
                    54:c0:8e:9e:1a:b1:63:dd:c3:16:85:66:8a:20:f2:
                    fb:e0:80:f9:35:ce:77:77:54:73:f2:d1:02:5a:96:
                    f8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C9:5D:4D:75:23:FD:FE:2E:C3:96:D4:BA:EF:7F:E2:99:D9:18:C0
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/2MldTXUj_f4uw5bUuu9_4pnZGMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.218.0/24
                IPv6:
                  2a0f:e382::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:1c:83:e1:ac:6e:20:e6:2b:83:14:69:3b:a7:f8:3a:24:2b:
         33:11:ce:4d:3c:de:2d:36:0d:90:21:40:fe:d3:ab:3e:51:37:
         01:d2:bc:a8:43:88:47:37:4e:0b:ed:c4:fe:ed:8b:0e:fb:73:
         7b:ef:cf:5f:d5:f7:b7:a3:f2:ce:29:35:63:21:62:81:70:42:
         5f:43:4f:f0:af:01:7a:a3:fe:93:49:03:94:6b:91:9b:23:f3:
         08:7c:d8:07:25:cb:52:c7:79:03:15:f1:b4:7b:7a:a2:77:7f:
         ea:eb:cb:80:45:3f:2e:b1:99:c8:c7:76:a5:09:4a:13:0c:da:
         bb:73:b3:df:a2:56:ec:81:da:02:1e:8f:d8:56:1f:b6:c8:fb:
         bf:34:51:1d:5e:98:18:d7:6b:a1:ce:49:90:a2:55:39:28:ba:
         59:50:4b:fb:c9:a8:f9:20:23:01:b0:38:23:0c:a3:51:ee:53:
         6e:73:b8:27:85:86:dd:82:58:c2:7e:b6:b1:45:9e:2f:6a:d5:
         3e:97:a3:37:21:f1:08:bc:40:14:34:a6:72:94:a4:81:5c:15:
         da:6c:f3:96:40:3b:be:57:69:9f:b7:c2:b2:2d:65:d5:1c:f4:
         9d:60:54:28:7d:3a:ea:28:ce:bd:45:b5:f8:67:42:ee:3d:2d:
         b9:e7:ee:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb6nbnqxXfDJiVCcC9A+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGM5NWQ0ZDc1MjNmZGZlMmVjMzk2ZDRiYWVmN2ZlMjk5ZDkxOGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvFp8h/5Oo7FiyDYUN+EkBrx4Qj3
Jh6K6vTstS44vk/aqWehb25MNAKLIv4LwMb0OtJvIVqi9TaD8wYhaidNWSkOsnXP
/vWVCWfzW423JCfTy6BUbsOEOp6qxQuTw6+UkErMf6sVe+/80dS6qO63lRe9/VY3
gjDyblTA+Dy8m2b+fph/MveMF/+15eGW0eSM558tuteLLlFgIOPTc2yAByrgAJWw
ihPbK+2hjYGS/fo6ID4dIReTDmBZINmlkdQzQtBvs5PoWpHHcS/XvGvkCzEi+LLd
iHi5FCl3TEhFbF1UwI6eGrFj3cMWhWaKIPL74ID5Nc53d1Rz8tECWpb4PQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNjJXU11I/3+LsOW1Lrvf+KZ2RjAMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvMk1sZFRYVWpfZjR1dzViVXV1OV80cG5aR01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVTaMA0E
AgACMAcDBQAqD+OCMA0GCSqGSIb3DQEBCwUAA4IBAQAzHIPhrG4g5iuDFGk7p/g6
JCszEc5NPN4tNg2QIUD+06s+UTcB0ryoQ4hHN04L7cT+7YsO+3N7789f1fe3o/LO
KTVjIWKBcEJfQ0/wrwF6o/6TSQOUa5GbI/MIfNgHJctSx3kDFfG0e3qid3/q68uA
RT8usZnIx3alCUoTDNq7c7PfolbsgdoCHo/YVh+2yPu/NFEdXpgY12uhzkmQolU5
KLpZUEv7yaj5ICMBsDgjDKNR7lNuc7gnhYbdgljCfraxRZ4vatU+l6M3IfEIvEAU
NKZylKSBXBXabPOWQDu+V2mft8KyLWXVHPSdYFQofTrqKM69RbX4Z0LuPS255+4/
-----END CERTIFICATE-----