Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/0Do0LybEPQ5dl4PCwV94JXoLDhE.roa
File:                     0Do0LybEPQ5dl4PCwV94JXoLDhE.roa (raw, json)
Hash identifier:          36a+wYrqBP0VVGHPyz9OU7OxzhIUKaQzf1bflVl7oLo=
Subject key identifier:   D0:3A:34:2F:26:C4:3D:0E:5D:97:83:C2:C1:5F:78:25:7A:0B:0E:11
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0191BDED2D98948166879A9ECEE25579CA2E
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/0Do0LybEPQ5dl4PCwV94JXoLDhE.roa
Signing time:             Wed 04 Sep 2024 16:45:23 +0000
ROA not before:           Wed 04 Sep 2024 16:45:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        45.91.6.0/24 maxlen: 24
                          45.139.71.0/24 maxlen: 24
                          45.145.18.0/24 maxlen: 24
                          45.145.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:ed:2d:98:94:81:66:87:9a:9e:ce:e2:55:79:ca:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Sep  4 16:45:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d03a342f26c43d0e5d9783c2c15f78257a0b0e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1f:4e:5e:9f:3b:07:06:d3:a8:63:73:b0:f9:
                    90:ba:72:d3:24:4e:41:1a:4e:6e:98:13:d5:be:27:
                    d9:86:f1:18:5f:c0:c5:77:80:4e:ea:27:a0:7e:61:
                    b9:19:7f:61:eb:c1:58:d8:59:3d:99:18:cf:69:34:
                    91:fe:be:a8:cf:32:ec:17:83:22:88:ef:54:70:66:
                    6f:52:ac:1b:08:51:2f:83:99:c7:08:55:14:a5:c2:
                    b8:91:ae:8c:c8:28:65:91:c8:9e:73:88:80:a1:8f:
                    1d:a1:7b:70:bb:cc:bc:8d:95:88:e4:f5:9a:c3:f1:
                    e7:c0:39:a2:bc:f2:fc:8c:05:44:0c:d9:4b:f6:4f:
                    e0:8b:13:87:14:08:26:38:a7:9f:07:15:e7:59:69:
                    98:2c:d2:cc:4e:b2:82:f0:85:78:80:55:a7:9f:7b:
                    b2:d5:8f:b4:89:4f:b8:cf:55:68:68:c4:3f:b9:5b:
                    48:0e:c2:7e:44:9f:52:89:3e:55:97:8e:0d:2b:1a:
                    80:14:85:f5:eb:47:bf:cc:b7:90:9d:3b:1b:81:32:
                    c9:f8:83:29:30:38:ec:f8:d3:ac:e8:20:9d:c3:d0:
                    6c:12:9d:ee:54:18:b4:c8:d6:e7:ad:a7:4b:ec:ff:
                    c7:7c:93:84:94:85:30:b8:fc:dc:21:1f:44:81:40:
                    5e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:3A:34:2F:26:C4:3D:0E:5D:97:83:C2:C1:5F:78:25:7A:0B:0E:11
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/0Do0LybEPQ5dl4PCwV94JXoLDhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.6.0/24
                  45.139.71.0/24
                  45.145.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:53:a0:8e:ba:50:ad:fc:a1:d8:3a:bf:92:27:e4:21:ee:ed:
         31:73:2c:78:04:b9:b3:31:62:75:9b:64:20:58:26:d9:52:fb:
         5f:61:4d:b7:8e:69:e6:a4:ba:32:29:35:a4:1c:c0:6e:3f:ac:
         6a:bf:3c:e3:9f:ac:4d:1d:59:22:b8:cc:8b:ac:2e:cf:c7:29:
         71:a6:d1:50:60:03:dc:bd:b5:c2:f2:52:ac:8b:6a:7b:06:2f:
         2a:d6:40:f9:c3:8c:97:6b:85:ff:a1:d0:12:fb:2c:de:22:d3:
         9c:d0:d6:e3:4b:17:1b:dd:50:fc:a8:65:af:b7:d9:ee:23:43:
         1f:fd:79:46:34:18:74:ee:f5:8a:24:ba:78:30:63:fc:e9:65:
         8a:53:8f:5e:8b:1d:54:ce:d5:70:6a:78:d6:b8:ed:ea:4e:7e:
         8c:d1:4d:91:b8:2e:13:b2:67:82:80:2a:01:84:f7:39:88:36:
         bf:ec:95:45:25:c1:ff:a1:31:eb:ec:5c:f8:ab:2e:55:6f:be:
         7f:9a:ca:de:12:b4:0b:34:dc:57:cf:d6:c0:ff:75:50:d4:27:
         dc:50:ca:79:0d:ef:f2:20:43:aa:ba:51:fb:8e:18:67:a7:11:
         a3:d5:c2:70:b2:b4:c4:2a:ef:7a:8d:11:62:2c:d0:3d:20:29:
         fc:52:6c:ca
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZG97S2YlIFmh5qezuJVecouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwOTA0MTY0NTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDNhMzQyZjI2YzQzZDBlNWQ5NzgzYzJjMTVmNzgyNTdhMGIwZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB9OXp87BwbTqGNzsPmQunLTJE5B
Gk5umBPVvifZhvEYX8DFd4BO6iegfmG5GX9h68FY2Fk9mRjPaTSR/r6ozzLsF4Mi
iO9UcGZvUqwbCFEvg5nHCFUUpcK4ka6MyChlkciec4iAoY8doXtwu8y8jZWI5PWa
w/HnwDmivPL8jAVEDNlL9k/gixOHFAgmOKefBxXnWWmYLNLMTrKC8IV4gFWnn3uy
1Y+0iU+4z1VoaMQ/uVtIDsJ+RJ9SiT5Vl44NKxqAFIX160e/zLeQnTsbgTLJ+IMp
MDjs+NOs6CCdw9BsEp3uVBi0yNbnradL7P/HfJOElIUwuPzcIR9EgUBeKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNA6NC8mxD0OXZeDwsFfeCV6Cw4RMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvMERvMEx5YkVQUTVkbDRQQ3dWOTRKWG9MRGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVsGAwQA
LYtHAwQBLZESMA0GCSqGSIb3DQEBCwUAA4IBAQBrU6COulCt/KHYOr+SJ+Qh7u0x
cyx4BLmzMWJ1m2QgWCbZUvtfYU23jmnmpLoyKTWkHMBuP6xqvzzjn6xNHVkiuMyL
rC7PxylxptFQYAPcvbXC8lKsi2p7Bi8q1kD5w4yXa4X/odAS+yzeItOc0NbjSxcb
3VD8qGWvt9nuI0Mf/XlGNBh07vWKJLp4MGP86WWKU49eix1UztVwanjWuO3qTn6M
0U2RuC4TsmeCgCoBhPc5iDa/7JVFJcH/oTHr7Fz4qy5Vb75/msreErQLNNxXz9bA
/3VQ1CfcUMp5De/yIEOqulH7jhhnpxGj1cJwsrTEKu96jRFiLNA9ICn8UmzK
-----END CERTIFICATE-----