Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/k5I3CvRm0KoDTpGQsTs0bBVZ65w.roa
File:                     k5I3CvRm0KoDTpGQsTs0bBVZ65w.roa (raw, json)
Hash identifier:          GAj7HJSzcL9e6DvO+IDcgLTmgckV1gSZKJ8aNXpjZ+Q=
Subject key identifier:   93:92:37:0A:F4:66:D0:AA:03:4E:91:90:B1:3B:34:6C:15:59:EB:9C
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       018D1B89CAEFE0FC12263CB37C90978071E5
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/k5I3CvRm0KoDTpGQsTs0bBVZ65w.roa
Signing time:             Thu 18 Jan 2024 07:47:11 +0000
ROA not before:           Thu 18 Jan 2024 07:47:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62005
IP address blocks:        45.66.248.0/24 maxlen: 24
                          45.66.249.0/24 maxlen: 24
                          45.150.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1b:89:ca:ef:e0:fc:12:26:3c:b3:7c:90:97:80:71:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan 18 07:47:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9392370af466d0aa034e9190b13b346c1559eb9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0c:85:37:d3:00:00:46:50:37:3d:30:2e:43:
                    39:76:94:6b:7a:c4:56:39:18:9d:2c:24:a3:bd:e6:
                    58:2a:bc:dd:8b:85:18:6c:eb:35:5d:20:7a:d0:75:
                    06:da:84:f1:37:22:50:c0:7a:6d:76:a6:1f:c2:19:
                    be:10:6e:98:d1:60:56:dc:ff:12:e0:32:c4:6e:bf:
                    b3:9f:ae:d8:eb:61:cd:7c:e9:86:2c:3e:91:fc:8d:
                    c9:ef:81:8e:b8:58:d5:3a:f4:2b:19:cd:e0:9a:80:
                    f8:49:d4:2d:99:1a:1d:b3:42:ef:0f:2c:6f:b9:e8:
                    15:c7:c8:8b:df:8c:88:87:14:31:9c:1f:8b:92:f8:
                    99:51:6b:92:16:7a:37:c4:f0:fb:97:fe:fc:ec:e2:
                    d6:3b:02:21:de:40:c7:20:7e:eb:9c:bc:3e:bb:25:
                    38:c4:2f:71:3a:b0:78:cf:50:f1:ff:ce:f5:e5:5f:
                    a6:99:59:74:4b:44:e3:6f:63:ec:3c:63:6e:cb:09:
                    09:cd:b3:30:00:27:00:3d:36:6e:2b:bc:d2:1b:04:
                    eb:57:16:a5:68:83:2a:9d:c0:d7:6f:4a:d9:10:76:
                    0c:e2:00:22:4f:68:9f:1a:81:d8:36:7a:d0:c3:4c:
                    b9:0b:18:7c:00:72:3d:55:41:9d:c9:d5:a9:50:79:
                    ee:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:92:37:0A:F4:66:D0:AA:03:4E:91:90:B1:3B:34:6C:15:59:EB:9C
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/k5I3CvRm0KoDTpGQsTs0bBVZ65w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.248.0/23
                  45.150.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:11:d7:ee:a7:ba:8d:7e:7e:c0:9f:d3:30:ec:bc:5a:c7:d4:
         9c:a8:ab:48:52:85:7c:4f:45:38:43:d1:da:41:5b:80:43:d1:
         25:ad:74:9c:f3:21:3a:ea:13:41:1c:bf:91:9c:b3:34:43:e1:
         74:6d:f8:3f:00:fd:04:35:b9:ac:34:87:56:f8:fe:ea:65:9b:
         0b:e0:68:10:31:84:1b:ff:ac:76:58:83:85:76:86:01:60:85:
         82:d9:c8:0d:6f:47:f6:30:b0:0a:ad:10:a5:fa:9c:6b:00:a3:
         9a:53:56:b9:f9:6f:e4:a1:3d:77:ef:64:b4:9d:bc:0d:b6:9b:
         61:82:1d:53:91:67:bc:17:76:f1:d2:53:5b:75:4b:2d:31:73:
         cc:ee:6c:c2:1f:63:fc:1f:cd:9f:38:d3:4e:df:d5:62:d2:36:
         3d:8b:9e:a1:78:85:2c:01:74:4d:47:7d:0b:90:c1:c1:2c:18:
         b7:ef:61:69:c8:5d:21:19:c6:57:e2:13:57:6c:1c:17:ed:b1:
         f0:44:d4:71:c2:2d:30:dd:ed:eb:1f:4a:d0:8d:d0:e5:90:5c:
         67:ec:44:2e:0f:e8:8d:c3:35:f4:ae:f4:fa:13:7b:dc:10:52:
         49:8d:9e:2b:1b:ec:d6:38:36:d4:db:30:9f:e5:d2:ec:cf:81:
         5b:bf:cf:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0bicrv4PwSJjyzfJCXgHHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTE4MDc0NzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzkyMzcwYWY0NjZkMGFhMDM0ZTkxOTBiMTNiMzQ2YzE1NTllYjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAyFN9MAAEZQNz0wLkM5dpRresRW
ORidLCSjveZYKrzdi4UYbOs1XSB60HUG2oTxNyJQwHptdqYfwhm+EG6Y0WBW3P8S
4DLEbr+zn67Y62HNfOmGLD6R/I3J74GOuFjVOvQrGc3gmoD4SdQtmRods0LvDyxv
uegVx8iL34yIhxQxnB+LkviZUWuSFno3xPD7l/787OLWOwIh3kDHIH7rnLw+uyU4
xC9xOrB4z1Dx/8715V+mmVl0S0Tjb2PsPGNuywkJzbMwACcAPTZuK7zSGwTrVxal
aIMqncDXb0rZEHYM4gAiT2ifGoHYNnrQw0y5Cxh8AHI9VUGdydWpUHnucQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJOSNwr0ZtCqA06RkLE7NGwVWeucMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvazVJM0N2Um0wS29EVHBHUXNUczBiQlZaNjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLUL4AwQA
LZZsMA0GCSqGSIb3DQEBCwUAA4IBAQBgEdfup7qNfn7An9Mw7Lxax9ScqKtIUoV8
T0U4Q9HaQVuAQ9ElrXSc8yE66hNBHL+RnLM0Q+F0bfg/AP0ENbmsNIdW+P7qZZsL
4GgQMYQb/6x2WIOFdoYBYIWC2cgNb0f2MLAKrRCl+pxrAKOaU1a5+W/koT1372S0
nbwNtpthgh1TkWe8F3bx0lNbdUstMXPM7mzCH2P8H82fONNO39Vi0jY9i56heIUs
AXRNR30LkMHBLBi372FpyF0hGcZX4hNXbBwX7bHwRNRxwi0w3e3rH0rQjdDlkFxn
7EQuD+iNwzX0rvT6E3vcEFJJjZ4rG+zWODbU2zCf5dLsz4Fbv88b
-----END CERTIFICATE-----