Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/geK_DYO0qf6lJyND4rADG-XxfXg.roa
File:                     geK_DYO0qf6lJyND4rADG-XxfXg.roa (raw, json)
Hash identifier:          jQjmwJKlXeh85G72X4eBcO5HrBEIrl6MbzlRFkMEyMM=
Subject key identifier:   81:E2:BF:0D:83:B4:A9:FE:A5:27:23:43:E2:B0:03:1B:E5:F1:7D:78
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018FD2F08158E5086D76D676BDFA3F3EFC6E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/geK_DYO0qf6lJyND4rADG-XxfXg.roa
Signing time:             Sat 01 Jun 2024 08:35:28 +0000
ROA not before:           Sat 01 Jun 2024 08:35:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35793
IP address blocks:        45.9.208.0/22 maxlen: 24
                          2a00:1728:48::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d2:f0:81:58:e5:08:6d:76:d6:76:bd:fa:3f:3e:fc:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  1 08:35:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81e2bf0d83b4a9fea5272343e2b0031be5f17d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ed:4f:ba:99:8a:bf:7b:a1:82:40:0f:5a:b5:
                    c4:b5:c1:bd:bc:19:67:63:03:e1:01:9f:3e:4b:f9:
                    fe:9a:41:52:82:d3:5f:cc:00:1d:c7:6b:e9:95:68:
                    a9:4c:f4:3c:c0:11:1d:44:b3:a1:ea:1a:70:8f:fb:
                    2e:e1:d6:1f:e7:a6:79:1b:02:21:40:3d:04:0d:6c:
                    ec:73:e6:6a:8a:62:97:72:66:38:6c:66:01:2d:bd:
                    7c:82:9b:ca:9a:e6:83:14:60:a6:e3:66:69:e4:b6:
                    74:bc:d2:10:a3:1e:99:ea:b3:cd:ef:1c:c3:04:db:
                    dd:7a:cd:05:01:f3:b4:f7:ef:e5:7c:3d:c7:dd:e2:
                    69:fb:0c:ee:86:c9:7d:4a:09:3a:80:f1:13:28:10:
                    58:39:0e:8c:7e:a6:b6:ef:2e:73:0f:15:0f:dc:2e:
                    a1:96:b8:51:a3:b6:cf:bc:90:a1:ed:c6:3c:46:72:
                    57:fb:64:06:db:e6:33:f3:fc:f8:3a:71:9e:a6:06:
                    5d:4d:67:49:d8:5e:42:ff:6c:37:3c:15:50:6d:86:
                    e2:4a:49:26:64:dc:15:fa:bd:89:f6:b6:51:4b:ec:
                    3e:0e:92:79:31:9f:c8:cd:41:a6:54:b7:b0:28:b1:
                    07:50:22:98:37:d7:16:f8:29:77:a9:5b:e3:21:ab:
                    c3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E2:BF:0D:83:B4:A9:FE:A5:27:23:43:E2:B0:03:1B:E5:F1:7D:78
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/geK_DYO0qf6lJyND4rADG-XxfXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.208.0/22
                IPv6:
                  2a00:1728:48::/46

    Signature Algorithm: sha256WithRSAEncryption
         75:6e:08:6a:bc:0e:5b:b8:5f:ce:99:b6:45:a5:18:53:48:8d:
         a6:44:2f:18:c9:25:a7:7d:39:ae:c4:bd:ef:21:e1:6f:3b:f0:
         71:1c:6e:b0:46:65:b5:5c:ec:dc:9e:a4:44:ad:71:35:d7:43:
         7f:88:04:58:8b:51:51:cc:0a:6d:da:6b:41:37:72:e9:7e:cc:
         5b:20:2f:42:c8:9b:7e:31:e8:af:87:b2:0d:32:8f:00:f4:c6:
         db:24:30:7c:85:80:9d:25:f3:93:cd:0f:37:be:ef:c3:3c:00:
         c3:ac:33:cc:46:77:c3:8c:77:c2:ce:18:15:75:cf:16:86:fb:
         d3:8a:c1:d9:63:25:25:32:ce:bb:a1:60:d3:ef:d0:90:7d:6f:
         dc:86:3c:7c:53:70:56:d8:e1:f6:61:4a:ef:65:54:40:00:17:
         8a:c8:10:7a:90:a8:e2:ba:81:d7:66:b2:be:f0:59:03:5d:0c:
         98:b2:fa:8c:ef:a5:de:22:12:94:84:6a:65:13:4a:b6:6f:08:
         61:fc:89:9f:7b:0c:52:4f:b8:bc:53:4e:95:a7:b9:cf:d3:24:
         7b:58:7a:e5:89:5c:ac:77:05:4a:8e:37:c9:94:a8:6b:a2:e4:
         a9:0f:a8:82:84:20:bc:40:6c:46:30:1c:9d:2f:6e:b5:57:75:
         9c:95:dd:b2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY/S8IFY5QhtdtZ2vfo/PvxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNjAxMDgzNTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWUyYmYwZDgzYjRhOWZlYTUyNzIzNDNlMmIwMDMxYmU1ZjE3ZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O1PupmKv3uhgkAPWrXEtcG9vBln
YwPhAZ8+S/n+mkFSgtNfzAAdx2vplWipTPQ8wBEdRLOh6hpwj/su4dYf56Z5GwIh
QD0EDWzsc+ZqimKXcmY4bGYBLb18gpvKmuaDFGCm42Zp5LZ0vNIQox6Z6rPN7xzD
BNvdes0FAfO09+/lfD3H3eJp+wzuhsl9Sgk6gPETKBBYOQ6Mfqa27y5zDxUP3C6h
lrhRo7bPvJCh7cY8RnJX+2QG2+Yz8/z4OnGepgZdTWdJ2F5C/2w3PBVQbYbiSkkm
ZNwV+r2J9rZRS+w+DpJ5MZ/IzUGmVLewKLEHUCKYN9cW+Cl3qVvjIavDVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIHivw2DtKn+pScjQ+KwAxvl8X14MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZ2VLX0RZTzBxZjZsSnlORDRyQURHLVh4ZlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLQnQMA8E
AgACMAkDBwIqABcoAEgwDQYJKoZIhvcNAQELBQADggEBAHVuCGq8Dlu4X86ZtkWl
GFNIjaZELxjJJad9Oa7Eve8h4W878HEcbrBGZbVc7NyepEStcTXXQ3+IBFiLUVHM
Cm3aa0E3cul+zFsgL0LIm34x6K+Hsg0yjwD0xtskMHyFgJ0l85PNDze+78M8AMOs
M8xGd8OMd8LOGBV1zxaG+9OKwdljJSUyzruhYNPv0JB9b9yGPHxTcFbY4fZhSu9l
VEAAF4rIEHqQqOK6gddmsr7wWQNdDJiy+ozvpd4iEpSEamUTSrZvCGH8iZ97DFJP
uLxTTpWnuc/TJHtYeuWJXKx3BUqON8mUqGui5KkPqIKEILxAbEYwHJ0vbrVXdZyV
3bI=
-----END CERTIFICATE-----