Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/bMi7_i9BEaN9STYOCqSfGd3Svf8.roa
File:                     bMi7_i9BEaN9STYOCqSfGd3Svf8.roa (raw, json)
Hash identifier:          XoEFQfXWeTS8Hhdt/pWMbCx+dl8Xm5VxClIYu8olmSo=
Subject key identifier:   6C:C8:BB:FE:2F:41:11:A3:7D:49:36:0E:0A:A4:9F:19:DD:D2:BD:FF
Certificate issuer:       /CN=c67e2a46e34f491433c8b62f319b902bddfde831
Certificate serial:       019136B431907F329E368DDAAA06AF8766A6
Authority key identifier: C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/bMi7_i9BEaN9STYOCqSfGd3Svf8.roa
Signing time:             Fri 09 Aug 2024 10:34:24 +0000
ROA not before:           Fri 09 Aug 2024 10:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216014
IP address blocks:        45.143.220.0/24 maxlen: 24
                          45.143.221.0/24 maxlen: 24
                          45.143.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:b4:31:90:7f:32:9e:36:8d:da:aa:06:af:87:66:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c67e2a46e34f491433c8b62f319b902bddfde831
        Validity
            Not Before: Aug  9 10:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cc8bbfe2f4111a37d49360e0aa49f19ddd2bdff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ba:b7:da:26:d7:17:17:ae:b4:66:26:c6:f6:
                    9c:2f:66:7a:a5:c6:85:7a:cd:a4:44:05:63:e4:2a:
                    60:57:37:f1:28:76:77:d0:5e:55:87:e0:9f:52:4f:
                    0d:14:24:dc:32:68:7e:c1:3d:27:d4:18:5f:8d:db:
                    48:25:c9:27:8d:80:c9:e2:8a:40:36:ce:f5:d5:6c:
                    30:89:da:8d:fb:62:c7:84:bd:92:16:4f:1c:2f:30:
                    c9:6c:61:21:8d:c9:35:56:2d:b2:11:8a:fe:4c:1b:
                    0e:29:b2:30:e1:60:4a:4f:f8:50:b8:2c:ed:11:29:
                    b0:ff:2c:22:74:ab:33:3b:4a:18:a9:f6:e3:f3:98:
                    7b:62:4b:f9:20:35:47:71:b4:60:11:87:06:85:32:
                    ed:7f:54:97:11:19:1c:4e:1f:16:fc:e4:a2:42:79:
                    68:ae:0e:23:8b:87:e3:70:07:98:0c:8d:6e:6e:b8:
                    2d:f7:d2:77:21:56:8d:ed:d3:e5:e9:21:e1:4d:73:
                    0f:0e:48:3e:f6:7a:58:5d:4f:25:7c:5d:1c:35:0a:
                    9e:0d:5f:19:68:0e:f1:2e:55:0a:b3:80:a8:2b:73:
                    56:ce:a0:a7:50:de:76:1b:71:56:70:06:4b:ab:77:
                    4b:f3:80:4c:74:ea:87:36:b6:1a:d5:08:0e:2b:f8:
                    c6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:C8:BB:FE:2F:41:11:A3:7D:49:36:0E:0A:A4:9F:19:DD:D2:BD:FF
            X509v3 Authority Key Identifier:
                keyid:C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/bMi7_i9BEaN9STYOCqSfGd3Svf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.220.0-45.143.222.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:3a:7c:3e:35:76:b4:d2:a2:87:d7:35:6a:b4:b7:0b:75:12:
         f2:12:36:97:dc:59:04:ac:d7:cf:70:4a:a2:ab:25:28:c4:f9:
         0f:ea:d1:ce:8d:67:a2:fc:2b:89:ef:67:37:17:e1:8c:cb:32:
         40:fe:d7:e1:ed:a4:7d:e4:84:60:1d:aa:7c:9a:f7:be:c6:90:
         a8:8a:12:7a:5c:1b:89:1c:e4:e6:b7:43:90:6a:d1:3c:fe:ed:
         9a:61:91:c3:d4:df:2e:96:2c:16:08:90:fc:cf:37:ab:95:c2:
         98:84:06:ac:c5:2e:62:e4:30:4b:29:ab:86:04:68:ab:f1:4f:
         46:2b:c4:fc:ac:c4:d1:4d:f8:06:68:61:5f:31:66:8d:40:1d:
         95:97:08:a1:b3:80:e4:41:57:18:c3:16:47:86:c3:9f:fb:e9:
         76:59:c8:bb:bf:34:2f:69:ec:00:ce:36:aa:19:b7:68:a9:d5:
         ba:de:ad:ea:1b:fb:34:76:9b:a0:fc:3c:34:3d:1a:77:87:4e:
         bd:d9:d6:c4:03:5b:eb:7a:43:19:06:8e:d2:69:eb:e3:96:5c:
         77:3d:39:91:79:14:4c:8e:bc:b9:15:84:dc:00:04:f6:cf:d7:
         80:d8:77:85:db:ea:87:01:6e:a5:66:7a:5f:60:62:9b:b1:83:
         ec:e0:09:d4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZE2tDGQfzKeNo3aqgavh2amMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2N2UyYTQ2ZTM0ZjQ5MTQzM2M4YjYyZjMxOWI5MDJiZGRm
ZGU4MzEwHhcNMjQwODA5MTAzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2M4YmJmZTJmNDExMWEzN2Q0OTM2MGUwYWE0OWYxOWRkZDJiZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27q32ibXFxeutGYmxvacL2Z6pcaF
es2kRAVj5CpgVzfxKHZ30F5Vh+CfUk8NFCTcMmh+wT0n1BhfjdtIJcknjYDJ4opA
Ns711WwwidqN+2LHhL2SFk8cLzDJbGEhjck1Vi2yEYr+TBsOKbIw4WBKT/hQuCzt
ESmw/ywidKszO0oYqfbj85h7Ykv5IDVHcbRgEYcGhTLtf1SXERkcTh8W/OSiQnlo
rg4ji4fjcAeYDI1ubrgt99J3IVaN7dPl6SHhTXMPDkg+9npYXU8lfF0cNQqeDV8Z
aA7xLlUKs4CoK3NWzqCnUN52G3FWcAZLq3dL84BMdOqHNrYa1QgOK/jGYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGzIu/4vQRGjfUk2Dgqknxnd0r3/MB8GA1UdIwQY
MBaAFMZ+KkbjT0kUM8i2LzGbkCvd/egxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQt
MDY2ODY2ZjJkZWQwLzEvYk1pN19pOUJFYU45U1RZT0NxU2ZHZDNTdmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQtMDY2ODY2ZjJkZWQw
LzEveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAItj9wD
BAAtj94wDQYJKoZIhvcNAQELBQADggEBADw6fD41drTSoofXNWq0twt1EvISNpfc
WQSs189wSqKrJSjE+Q/q0c6NZ6L8K4nvZzcX4YzLMkD+1+HtpH3khGAdqnya977G
kKiKEnpcG4kc5Oa3Q5Bq0Tz+7ZphkcPU3y6WLBYIkPzPN6uVwpiEBqzFLmLkMEsp
q4YEaKvxT0YrxPysxNFN+AZoYV8xZo1AHZWXCKGzgORBVxjDFkeGw5/76XZZyLu/
NC9p7ADONqoZt2ip1brereob+zR2m6D8PDQ9GneHTr3Z1sQDW+t6QxkGjtJp6+OW
XHc9OZF5FEyOvLkVhNwABPbP14DYd4Xb6ocBbqVmel9gYpuxg+zgCdQ=
-----END CERTIFICATE-----