Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/KidBmSJQC90WWlzzX6-raLlPkBk.roa
File:                     KidBmSJQC90WWlzzX6-raLlPkBk.roa (raw, json)
Hash identifier:          UjIj4BCKN2Yzl+7rl6tYpEx3eAYndxpux9jsq4JXQKM=
Subject key identifier:   2A:27:41:99:22:50:0B:DD:16:5A:5C:F3:5F:AF:AB:68:B9:4F:90:19
Certificate issuer:       /CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
Certificate serial:       01941F8C93B3E4AD5B667A80057CB720C7A6
Authority key identifier: 62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/KidBmSJQC90WWlzzX6-raLlPkBk.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206483
IP address blocks:        84.45.30.0/24 maxlen: 24
                          84.45.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:93:b3:e4:ad:5b:66:7a:80:05:7c:b7:20:c7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a27419922500bdd165a5cf35fafab68b94f9019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:69:5f:e1:cd:81:cd:c4:9d:99:5c:5e:2f:01:
                    16:ca:cf:e2:74:eb:24:10:6d:24:33:7c:e3:c7:e4:
                    14:32:8b:59:ee:da:0b:5d:97:64:28:69:e5:da:b9:
                    3b:88:cf:a8:81:82:05:1b:ec:af:8f:a4:e5:48:8b:
                    4c:a0:f5:3d:c6:39:99:01:75:bc:6e:55:85:a9:b8:
                    4c:5f:5f:05:f6:42:f1:61:41:84:68:26:e3:dc:5a:
                    f1:4b:14:39:cd:80:ab:51:c4:89:c9:70:c8:97:10:
                    a2:df:85:19:cd:3c:74:0f:21:dd:b7:8b:6a:8e:2f:
                    af:fd:c2:a0:07:5d:73:73:ba:af:36:86:76:d6:d7:
                    07:af:2d:d7:aa:24:cc:bc:25:cd:28:39:23:63:3c:
                    57:40:9f:14:5a:b6:24:fd:4c:d5:f8:30:04:06:15:
                    4a:52:19:59:0b:fc:ad:72:5b:5e:7d:b0:08:9e:7c:
                    f5:a9:d7:85:41:d6:3f:38:42:83:4c:25:af:1a:47:
                    48:0e:10:6e:a6:89:7c:21:31:65:f6:d0:e3:93:f7:
                    ca:95:7d:4f:bd:6e:c7:a0:f2:c7:f6:13:d0:2c:34:
                    bc:91:50:5d:f6:d2:f0:57:03:0a:03:2e:0e:53:82:
                    51:4f:68:8e:21:c8:f2:05:6d:c9:c7:39:31:5c:08:
                    36:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:27:41:99:22:50:0B:DD:16:5A:5C:F3:5F:AF:AB:68:B9:4F:90:19
            X509v3 Authority Key Identifier:
                keyid:62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/KidBmSJQC90WWlzzX6-raLlPkBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.45.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:3b:06:38:54:e7:f9:bc:94:2f:40:ff:8c:b4:27:05:2a:0d:
         31:4e:df:9f:e7:49:3a:5f:33:30:64:97:3a:85:eb:c8:1e:f1:
         23:e1:4d:ff:85:5a:1f:b9:fe:62:37:08:2b:b5:cd:32:48:e3:
         35:e3:7c:33:42:a2:5d:70:3b:f0:04:4d:6d:06:b6:b1:98:86:
         19:e3:76:8b:5f:0f:8d:1e:7c:e7:5c:15:9e:d6:a1:df:bf:c8:
         ee:d9:86:26:83:8b:a1:c7:a8:02:38:f7:17:81:5b:77:a6:0f:
         eb:49:b1:31:a0:fd:0b:e7:db:c7:6e:4b:9c:e8:88:1b:a2:9f:
         cc:03:63:ff:a4:d3:42:e9:2f:dc:04:a7:28:68:4e:c6:a0:46:
         fd:e5:c1:04:bf:e4:48:5d:83:07:89:e7:f6:3d:79:70:92:1c:
         a4:6c:13:b6:55:89:3d:bc:7f:b3:6f:2b:4b:8b:aa:7a:74:83:
         14:3e:ed:c9:24:92:63:71:e0:f6:14:44:83:48:02:6e:d9:08:
         74:68:3b:dc:b8:2c:d5:d3:91:91:d9:1e:e2:2f:55:69:d3:d8:
         d6:92:5d:2c:55:59:dc:cc:4c:df:f4:a4:2d:eb:72:74:0a:11:
         89:a6:41:52:36:31:80:5b:50:c8:d3:91:13:ce:c8:ca:c8:14:
         17:51:7f:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJOz5K1bZnqABXy3IMemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE5MGIyMzhkOTdhZjc5MDBiZGNiZDAyMzA0Yjc4MmZm
Y2FmMmEwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTI3NDE5OTIyNTAwYmRkMTY1YTVjZjM1ZmFmYWI2OGI5NGY5MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Glf4c2BzcSdmVxeLwEWys/idOsk
EG0kM3zjx+QUMotZ7toLXZdkKGnl2rk7iM+ogYIFG+yvj6TlSItMoPU9xjmZAXW8
blWFqbhMX18F9kLxYUGEaCbj3FrxSxQ5zYCrUcSJyXDIlxCi34UZzTx0DyHdt4tq
ji+v/cKgB11zc7qvNoZ21tcHry3XqiTMvCXNKDkjYzxXQJ8UWrYk/UzV+DAEBhVK
UhlZC/ytcltefbAInnz1qdeFQdY/OEKDTCWvGkdIDhBupol8ITFl9tDjk/fKlX1P
vW7HoPLH9hPQLDS8kVBd9tLwVwMKAy4OU4JRT2iOIcjyBW3JxzkxXAg2zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFConQZkiUAvdFlpc81+vq2i5T5AZMB8GA1UdIwQY
MBaAFGLRkLI42Xr3kAvcvQIwS3gv/K8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTkt
MTYzZmI3MDAzZTVkLzEvS2lkQm1TSlFDOTBXV2x6elg2LXJhTGxQa0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTktMTYzZmI3MDAzZTVk
LzEvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVC0eMA0G
CSqGSIb3DQEBCwUAA4IBAQCMOwY4VOf5vJQvQP+MtCcFKg0xTt+f50k6XzMwZJc6
hevIHvEj4U3/hVofuf5iNwgrtc0ySOM143wzQqJdcDvwBE1tBraxmIYZ43aLXw+N
HnznXBWe1qHfv8ju2YYmg4uhx6gCOPcXgVt3pg/rSbExoP0L59vHbkuc6Igbop/M
A2P/pNNC6S/cBKcoaE7GoEb95cEEv+RIXYMHief2PXlwkhykbBO2VYk9vH+zbytL
i6p6dIMUPu3JJJJjceD2FESDSAJu2Qh0aDvcuCzV05GR2R7iL1Vp09jWkl0sVVnc
zEzf9KQt63J0ChGJpkFSNjGAW1DI05ETzsjKyBQXUX+d
-----END CERTIFICATE-----