Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/I_CAr9C1dxdUc47FYr9o6JqZ0lk.roa
File:                     I_CAr9C1dxdUc47FYr9o6JqZ0lk.roa (raw, json)
Hash identifier:          rVV8rEg/FnKtt1FjRORzavggwUAP2pLBZVJAfTBWxVE=
Subject key identifier:   23:F0:80:AF:D0:B5:77:17:54:73:8E:C5:62:BF:68:E8:9A:99:D2:59
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       018FC8F542CDFA3D311E8E53DE2DE7E01ED7
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/I_CAr9C1dxdUc47FYr9o6JqZ0lk.roa
Signing time:             Thu 30 May 2024 10:04:27 +0000
ROA not before:           Thu 30 May 2024 10:04:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199458
IP address blocks:        45.159.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c8:f5:42:cd:fa:3d:31:1e:8e:53:de:2d:e7:e0:1e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: May 30 10:04:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23f080afd0b5771754738ec562bf68e89a99d259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fd:82:0b:95:1e:7d:51:45:2f:bf:09:86:da:
                    b0:c0:c9:a7:74:ea:94:8e:af:43:41:96:b5:e9:7a:
                    38:e4:9d:4d:71:a3:91:20:b5:13:b3:b6:bc:27:10:
                    cd:84:e9:38:3f:82:56:e4:e8:c4:7b:25:34:48:41:
                    dd:54:f2:9d:70:22:a6:29:84:b4:60:f8:21:55:21:
                    77:c7:bd:85:c9:31:99:ab:22:27:62:da:c7:a3:74:
                    52:e7:e4:d9:4c:39:f6:87:ff:21:0f:18:85:32:19:
                    84:d6:84:6a:4c:92:57:26:c7:d9:8e:cd:ad:98:c6:
                    d8:f4:d6:ce:10:82:f2:a9:43:65:93:40:70:59:0e:
                    57:53:8a:a6:12:1e:e7:65:05:41:f8:0c:0c:d0:12:
                    31:e3:bf:b7:f9:da:1a:8b:e3:da:13:cc:2f:b2:57:
                    90:f8:a1:a5:ec:31:d3:cf:04:f5:dd:45:7a:f4:ae:
                    bf:b6:ec:44:70:27:16:fd:df:8d:62:31:a6:c3:10:
                    a2:59:c3:87:9a:de:d8:b7:6d:93:f6:77:17:52:a6:
                    ac:a8:b8:b7:fc:1d:4c:d1:6c:9f:d9:2b:f0:b3:d6:
                    58:8e:39:95:af:e2:aa:38:fa:04:01:2d:50:cc:46:
                    79:16:0b:3f:68:fe:84:3c:e5:61:01:24:51:1d:e6:
                    09:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F0:80:AF:D0:B5:77:17:54:73:8E:C5:62:BF:68:E8:9A:99:D2:59
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/I_CAr9C1dxdUc47FYr9o6JqZ0lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:bf:e0:4d:7b:db:36:60:9d:ae:89:6c:ef:bf:ef:38:46:91:
         05:4b:0f:22:89:ab:d6:f2:01:0a:1f:69:9c:5b:e0:5a:ef:bd:
         7f:42:6d:d9:5e:88:a6:6d:d1:bd:ac:71:bd:37:21:19:0c:58:
         89:f5:a2:e2:3c:a1:ce:4a:5a:e4:9b:50:8b:d6:ec:38:a7:22:
         98:b1:19:43:6d:1e:56:da:0f:58:f8:75:93:ff:c3:39:8e:92:
         66:3f:03:85:83:af:e3:fe:3d:49:0a:9e:56:a1:74:33:cd:f6:
         3c:ee:eb:90:c4:73:81:70:c4:b6:e5:84:f6:79:65:fe:15:84:
         a5:0c:c1:f3:51:48:45:ba:68:d0:96:60:0d:fc:fb:f0:06:4c:
         e4:57:33:bd:f6:f6:0b:ce:61:27:63:6a:50:e7:cf:83:35:5e:
         14:82:85:d4:f3:c0:4c:31:a6:a0:3d:ef:3f:92:59:2d:8f:8a:
         fd:e7:3f:a4:89:b5:39:1e:c2:fb:60:37:c9:ee:95:88:e8:a6:
         ce:2c:ee:13:ed:eb:6a:99:51:f4:e9:cd:5e:31:59:32:e3:b9:
         34:c5:7d:0a:72:2a:75:3e:2f:d9:a1:1b:e1:73:bc:00:4b:6e:
         03:04:80:ba:63:4c:5a:58:92:d5:79:25:ba:46:8f:c2:30:f2:
         b4:d0:0f:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/I9ULN+j0xHo5T3i3n4B7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjQwNTMwMTAwNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2YwODBhZmQwYjU3NzE3NTQ3MzhlYzU2MmJmNjhlODlhOTlkMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtP2CC5UefVFFL78JhtqwwMmndOqU
jq9DQZa16Xo45J1NcaORILUTs7a8JxDNhOk4P4JW5OjEeyU0SEHdVPKdcCKmKYS0
YPghVSF3x72FyTGZqyInYtrHo3RS5+TZTDn2h/8hDxiFMhmE1oRqTJJXJsfZjs2t
mMbY9NbOEILyqUNlk0BwWQ5XU4qmEh7nZQVB+AwM0BIx47+3+doai+PaE8wvsleQ
+KGl7DHTzwT13UV69K6/tuxEcCcW/d+NYjGmwxCiWcOHmt7Yt22T9ncXUqasqLi3
/B1M0Wyf2Svws9ZYjjmVr+KqOPoEAS1QzEZ5Fgs/aP6EPOVhASRRHeYJ0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPwgK/QtXcXVHOOxWK/aOiamdJZMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvSV9DQXI5QzFkeGRVYzQ3RllyOW82SnFaMGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCFv+BNe9s2YJ2uiWzvv+84RpEFSw8iiavW8gEKH2mc
W+Ba771/Qm3ZXoimbdG9rHG9NyEZDFiJ9aLiPKHOSlrkm1CL1uw4pyKYsRlDbR5W
2g9Y+HWT/8M5jpJmPwOFg6/j/j1JCp5WoXQzzfY87uuQxHOBcMS25YT2eWX+FYSl
DMHzUUhFumjQlmAN/PvwBkzkVzO99vYLzmEnY2pQ58+DNV4UgoXU88BMMaagPe8/
klktj4r95z+kibU5HsL7YDfJ7pWI6KbOLO4T7etqmVH06c1eMVky47k0xX0Kcip1
Pi/ZoRvhc7wAS24DBIC6Y0xaWJLVeSW6Ro/CMPK00A8v
-----END CERTIFICATE-----