Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/xPq4nT5mCky-O6nW4jIbLS2uXU8.roa
File:                     xPq4nT5mCky-O6nW4jIbLS2uXU8.roa (raw, json)
Hash identifier:          f5Vnjb4y+984XKiHNaEkMZr4A0l9r731kc/WCmYDVdA=
Subject key identifier:   C4:FA:B8:9D:3E:66:0A:4C:BE:3B:A9:D6:E2:32:1B:2D:2D:AE:5D:4F
Certificate issuer:       /CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
Certificate serial:       018CC56EC57B0778D9DEA3D83AE03B21C90B
Authority key identifier: B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/xPq4nT5mCky-O6nW4jIbLS2uXU8.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        45.85.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c5:7b:07:78:d9:de:a3:d8:3a:e0:3b:21:c9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4fab89d3e660a4cbe3ba9d6e2321b2d2dae5d4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:dd:a4:50:cd:7f:b2:f1:3d:1e:7c:a5:b7:1b:
                    e0:03:c1:e9:10:e6:a1:8b:fe:6d:2d:0f:c2:b3:a1:
                    be:67:87:8b:3f:66:3d:b6:29:d1:d5:a1:70:0c:70:
                    c1:28:b0:8a:3c:48:eb:02:f7:d5:f8:f9:f8:54:9c:
                    4e:37:6d:2c:82:45:3a:23:6f:e8:4f:51:98:65:59:
                    b6:e6:8d:37:87:5b:6a:92:a5:c0:bd:46:96:2d:cc:
                    0d:6a:af:e1:3b:76:10:9a:d9:c6:25:6d:f2:58:6b:
                    ba:48:b7:b0:62:5b:df:ff:e3:fc:78:d9:ad:25:7d:
                    8a:dc:8a:39:7b:f3:f0:69:d3:d2:3f:fc:d8:e4:fa:
                    14:8a:43:f5:48:eb:82:0f:12:d3:92:90:0e:79:5a:
                    62:08:b4:78:9d:6a:26:62:40:15:6d:af:04:6d:98:
                    03:8d:1b:94:26:5e:c7:ee:83:03:34:1d:54:73:47:
                    db:e0:68:c2:18:1b:7d:47:9e:dd:d4:24:87:09:4c:
                    e6:20:bb:0a:93:32:17:94:c3:d9:93:a0:a6:54:d6:
                    14:ab:3b:6f:9d:61:ce:c5:c9:fb:fa:bd:83:03:61:
                    12:86:14:a0:ae:1e:d4:bb:fc:31:c6:d2:9b:29:94:
                    17:12:d7:5f:ea:2d:b4:5c:ad:dd:13:49:a9:cd:89:
                    b4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FA:B8:9D:3E:66:0A:4C:BE:3B:A9:D6:E2:32:1B:2D:2D:AE:5D:4F
            X509v3 Authority Key Identifier:
                keyid:B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/xPq4nT5mCky-O6nW4jIbLS2uXU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b6:0f:a9:45:14:e0:5c:17:56:3f:3c:c2:9c:5f:11:64:69:
         68:bd:fc:3d:81:b9:20:46:30:e9:76:0a:ac:ff:bd:bc:7a:df:
         9b:35:33:42:eb:26:e2:09:cd:34:f0:1e:cb:5c:2b:e9:e3:bc:
         29:23:2e:35:64:95:0d:97:e6:76:80:7b:18:ff:cf:c2:ed:23:
         16:92:21:e4:58:14:aa:26:68:21:af:f6:9b:1a:57:1b:fd:dc:
         1d:ec:0c:76:65:87:04:fb:02:40:04:a8:aa:6f:64:f8:0c:cf:
         d0:41:59:be:32:f6:2d:f9:cd:00:a5:db:e8:56:c4:69:5f:ce:
         c2:cc:2c:a0:5a:fa:3c:c1:9c:6d:33:bb:6e:61:e0:41:1f:bb:
         51:87:63:f0:52:75:92:fa:63:e2:b2:b1:af:23:2d:ee:73:00:
         3b:d1:72:14:4d:60:34:ca:c6:4e:71:97:12:f2:b1:2c:c6:80:
         a3:9a:6a:70:d7:3c:f2:dd:c7:cb:0e:ee:dc:7d:02:a6:4a:e6:
         b5:5e:1b:9b:5b:6f:bd:30:db:52:44:e8:ff:14:8d:6d:78:b7:
         5a:89:1c:37:17:e2:da:c7:14:c3:b0:94:1d:72:b4:67:95:d9:
         45:8d:0a:ec:39:ed:fb:df:75:c0:e8:7d:93:7e:fb:e1:cf:22:
         8d:e9:1f:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsV7B3jZ3qPYOuA7IckLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjBkMzM0MzJlY2E3N2MwNTRlOGZhODcwNzI0OGRhNGU0
N2RiMGIwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGZhYjg5ZDNlNjYwYTRjYmUzYmE5ZDZlMjMyMWIyZDJkYWU1ZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgt2kUM1/svE9HnyltxvgA8HpEOah
i/5tLQ/Cs6G+Z4eLP2Y9tinR1aFwDHDBKLCKPEjrAvfV+Pn4VJxON20sgkU6I2/o
T1GYZVm25o03h1tqkqXAvUaWLcwNaq/hO3YQmtnGJW3yWGu6SLewYlvf/+P8eNmt
JX2K3Io5e/PwadPSP/zY5PoUikP1SOuCDxLTkpAOeVpiCLR4nWomYkAVba8EbZgD
jRuUJl7H7oMDNB1Uc0fb4GjCGBt9R57d1CSHCUzmILsKkzIXlMPZk6CmVNYUqztv
nWHOxcn7+r2DA2EShhSgrh7Uu/wxxtKbKZQXEtdf6i20XK3dE0mpzYm0RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMT6uJ0+ZgpMvjup1uIyGy0trl1PMB8GA1UdIwQY
MBaAFLmw0zQy7Kd8BU6PqHBySNpOR9sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQt
ZDE5NmY5MjkxNzMyLzEveFBxNG5UNW1Da3ktTzZuVzRqSWJMUzJ1WFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQtZDE5NmY5MjkxNzMy
LzEvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVdMA0G
CSqGSIb3DQEBCwUAA4IBAQAAtg+pRRTgXBdWPzzCnF8RZGlovfw9gbkgRjDpdgqs
/728et+bNTNC6ybiCc008B7LXCvp47wpIy41ZJUNl+Z2gHsY/8/C7SMWkiHkWBSq
Jmghr/abGlcb/dwd7Ax2ZYcE+wJABKiqb2T4DM/QQVm+MvYt+c0ApdvoVsRpX87C
zCygWvo8wZxtM7tuYeBBH7tRh2PwUnWS+mPisrGvIy3ucwA70XIUTWA0ysZOcZcS
8rEsxoCjmmpw1zzy3cfLDu7cfQKmSua1XhubW2+9MNtSROj/FI1teLdaiRw3F+La
xxTDsJQdcrRnldlFjQrsOe3733XA6H2TfvvhzyKN6R+X
-----END CERTIFICATE-----