Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/df4A0rGnA7kKgO6TeWEpkGUM-dk.roa
File:                     df4A0rGnA7kKgO6TeWEpkGUM-dk.roa (raw, json)
Hash identifier:          9BEc9kI3Rk4OQCvoe1bcXRy7yg3dsvf9mwb0EguoOZg=
Subject key identifier:   75:FE:00:D2:B1:A7:03:B9:0A:80:EE:93:79:61:29:90:65:0C:F9:D9
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       018CC793D77D6DEC6335DC5CB20EB5535D36
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/df4A0rGnA7kKgO6TeWEpkGUM-dk.roa
Signing time:             Tue 02 Jan 2024 00:30:04 +0000
ROA not before:           Tue 02 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201838
IP address blocks:        45.92.232.0/22 maxlen: 24
                          45.147.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:d7:7d:6d:ec:63:35:dc:5c:b2:0e:b5:53:5d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: Jan  2 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75fe00d2b1a703b90a80ee9379612990650cf9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ec:55:5b:d1:71:52:23:8a:01:cd:92:0f:bb:
                    0a:9a:cb:30:24:75:f5:9f:b0:0d:fd:0a:07:e4:1f:
                    d0:5d:41:ab:e8:4a:8d:93:8e:9b:d2:25:2d:64:14:
                    0d:cc:9d:a4:a7:4b:d5:f5:83:d3:71:55:4b:73:c4:
                    0e:51:5a:fa:72:4e:2b:b3:66:4e:ed:7b:7d:b0:37:
                    ca:32:9f:0d:ff:12:5e:c5:3d:3e:c4:78:8b:dc:1a:
                    a7:7c:f2:1b:31:e1:cd:db:9d:87:7b:a4:bf:e8:f3:
                    6c:ef:07:ea:b3:f5:cc:1d:83:d3:b3:9e:f5:48:02:
                    3f:dc:be:51:d1:c0:b1:5e:b1:a4:b8:e6:90:bb:15:
                    6e:30:46:14:58:88:f8:f4:22:1a:d6:c3:89:d3:c8:
                    b5:60:2b:83:cc:fd:e5:be:9d:23:6a:4b:79:58:49:
                    03:3d:40:28:c6:28:c2:2c:61:e0:f5:97:65:aa:96:
                    44:bf:18:c6:e9:22:63:cd:08:f3:cd:80:74:8d:dd:
                    be:01:89:53:8b:a8:5a:6e:3c:1d:c9:b2:fb:fe:90:
                    4c:53:19:2a:8a:07:80:fb:45:fa:57:cf:1f:c8:97:
                    3f:df:34:d7:9b:f5:49:98:b1:61:df:8b:4e:5f:fd:
                    d5:57:01:0b:32:36:ee:51:1d:9c:5a:97:dc:b8:b3:
                    8e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FE:00:D2:B1:A7:03:B9:0A:80:EE:93:79:61:29:90:65:0C:F9:D9
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/df4A0rGnA7kKgO6TeWEpkGUM-dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.232.0/22
                  45.147.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:c7:f8:cf:41:81:73:1b:37:e0:66:1b:c2:1a:8c:ce:32:2f:
         f3:1b:51:6f:53:ed:1e:73:37:4b:7f:ec:92:c7:68:96:42:18:
         97:ac:b5:2e:ab:95:8e:1b:1a:a9:08:e3:2c:71:bb:ec:63:0c:
         f4:1d:92:ef:f6:8b:23:d4:cc:24:80:13:8c:10:16:e9:b4:00:
         5a:31:15:ea:20:71:77:27:02:89:46:c1:c2:51:b8:36:9f:30:
         b6:35:14:8c:11:9c:de:40:f9:96:0b:ae:31:5b:75:c8:32:d5:
         ef:fa:98:2f:64:49:87:01:40:a4:68:8a:dd:0c:e6:da:38:6d:
         0f:b2:c3:bc:27:2d:e5:31:0b:ac:a7:90:6d:29:8c:a6:28:8c:
         84:99:70:3d:c6:fc:14:24:fc:c8:77:f8:37:0a:8b:85:0a:40:
         48:22:5b:12:0c:1d:6f:0b:bc:80:a9:68:a9:a7:a0:6c:dd:25:
         01:99:d2:6e:d5:d1:9e:90:0f:68:8d:36:30:67:74:8b:7d:a4:
         6a:84:23:d7:fb:89:04:0d:2f:68:7a:6a:b3:af:e3:45:64:20:
         19:1f:ea:08:f2:f6:d5:16:cd:2c:45:54:6c:7d:73:62:57:5b:
         ee:f3:62:d3:d9:32:02:27:06:e5:d8:dd:04:22:26:df:3d:97:
         34:24:82:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk9d9bexjNdxcsg61U102MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjQwMTAyMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZlMDBkMmIxYTcwM2I5MGE4MGVlOTM3OTYxMjk5MDY1MGNmOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjexVW9FxUiOKAc2SD7sKmsswJHX1
n7AN/QoH5B/QXUGr6EqNk46b0iUtZBQNzJ2kp0vV9YPTcVVLc8QOUVr6ck4rs2ZO
7Xt9sDfKMp8N/xJexT0+xHiL3BqnfPIbMeHN252He6S/6PNs7wfqs/XMHYPTs571
SAI/3L5R0cCxXrGkuOaQuxVuMEYUWIj49CIa1sOJ08i1YCuDzP3lvp0jakt5WEkD
PUAoxijCLGHg9ZdlqpZEvxjG6SJjzQjzzYB0jd2+AYlTi6habjwdybL7/pBMUxkq
igeA+0X6V88fyJc/3zTXm/VJmLFh34tOX/3VVwELMjbuUR2cWpfcuLOOcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHX+ANKxpwO5CoDuk3lhKZBlDPnZMB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvZGY0QTByR25BN2tLZ082VGVXRXBrR1VNLWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVzoAwQC
LZMgMA0GCSqGSIb3DQEBCwUAA4IBAQAOx/jPQYFzGzfgZhvCGozOMi/zG1FvU+0e
czdLf+ySx2iWQhiXrLUuq5WOGxqpCOMscbvsYwz0HZLv9osj1MwkgBOMEBbptABa
MRXqIHF3JwKJRsHCUbg2nzC2NRSMEZzeQPmWC64xW3XIMtXv+pgvZEmHAUCkaIrd
DObaOG0PssO8Jy3lMQusp5BtKYymKIyEmXA9xvwUJPzId/g3CouFCkBIIlsSDB1v
C7yAqWipp6Bs3SUBmdJu1dGekA9ojTYwZ3SLfaRqhCPX+4kEDS9oemqzr+NFZCAZ
H+oI8vbVFs0sRVRsfXNiV1vu82LT2TICJwbl2N0EIibfPZc0JILK
-----END CERTIFICATE-----