Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/2SqBxKPH1ZIDFi9TE8B731FZ0iQ.roa
File:                     2SqBxKPH1ZIDFi9TE8B731FZ0iQ.roa (raw, json)
Hash identifier:          iKpOfYwVeoFaHHlV2BZFQObAkEglEWvxOYRDr/f2PLY=
Subject key identifier:   D9:2A:81:C4:A3:C7:D5:92:03:16:2F:53:13:C0:7B:DF:51:59:D2:24
Certificate issuer:       /CN=c4b21c89bc7e2b214067f30707a4a03dc346ee05
Certificate serial:       018CC6B846E0C23CFCBECED709C977A661F5
Authority key identifier: C4:B2:1C:89:BC:7E:2B:21:40:67:F3:07:07:A4:A0:3D:C3:46:EE:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/2SqBxKPH1ZIDFi9TE8B731FZ0iQ.roa
Signing time:             Mon 01 Jan 2024 20:30:14 +0000
ROA not before:           Mon 01 Jan 2024 20:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211335
IP address blocks:        45.11.41.0/24 maxlen: 24
                          2a0e:7d02::/32 maxlen: 32
                          2a0e:7d03::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:46:e0:c2:3c:fc:be:ce:d7:09:c9:77:a6:61:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b21c89bc7e2b214067f30707a4a03dc346ee05
        Validity
            Not Before: Jan  1 20:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d92a81c4a3c7d59203162f5313c07bdf5159d224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f4:b8:0a:08:f9:97:bd:30:f0:0d:85:02:c3:
                    0d:b7:5e:73:ae:07:1f:1e:e0:80:d8:71:13:2d:08:
                    e3:1d:cd:3c:5b:1f:61:7e:6b:3f:03:85:5a:4c:22:
                    a8:e3:75:11:9f:50:6c:32:79:24:2a:da:89:55:2d:
                    4a:4c:a9:59:7b:0d:b1:18:ed:66:e9:a0:6c:34:cf:
                    d2:3e:c7:53:bb:8e:61:7a:04:3f:93:4b:05:29:02:
                    ae:02:dd:c1:4b:b1:f6:9f:8d:0d:71:ad:72:be:59:
                    99:79:b0:d8:ac:64:f4:a4:a6:74:18:6b:c3:22:c2:
                    9a:e1:75:18:52:fb:69:b7:de:2a:e7:79:95:29:cf:
                    eb:e5:4e:d6:22:b4:55:fb:88:2b:b3:3d:bb:45:19:
                    6e:d6:41:03:62:23:2b:57:bf:92:1f:ed:de:b4:8c:
                    d5:d2:30:46:6e:2a:11:75:cb:56:92:8c:a1:3b:95:
                    ed:5c:f9:e4:10:89:62:a7:31:59:e3:3d:01:da:f5:
                    86:52:58:0f:1d:5c:84:2c:f9:f8:7d:3a:6d:eb:9f:
                    f2:f5:96:04:09:79:c5:d2:8a:26:4f:23:40:c1:27:
                    c7:62:26:99:0b:94:a9:a9:63:69:01:e7:47:90:7d:
                    20:6a:d5:8a:80:57:ac:c6:89:22:24:52:b4:db:42:
                    f8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:2A:81:C4:A3:C7:D5:92:03:16:2F:53:13:C0:7B:DF:51:59:D2:24
            X509v3 Authority Key Identifier:
                keyid:C4:B2:1C:89:BC:7E:2B:21:40:67:F3:07:07:A4:A0:3D:C3:46:EE:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/2SqBxKPH1ZIDFi9TE8B731FZ0iQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.41.0/24
                IPv6:
                  2a0e:7d02::/31

    Signature Algorithm: sha256WithRSAEncryption
         a3:a4:25:df:e4:a3:de:07:48:0e:68:17:0c:ff:2e:33:6c:17:
         cd:73:ee:eb:ea:33:74:3f:ef:88:49:d1:1e:77:02:0f:42:2d:
         75:9e:55:04:0e:3b:ce:ec:39:1f:fb:ca:14:40:25:8e:6b:31:
         20:f1:1b:85:3a:36:6a:0a:92:7a:8d:3d:e2:40:f4:93:52:33:
         49:ef:07:fd:c7:6b:96:dd:db:4f:81:38:99:c3:7d:ad:0f:18:
         fa:a0:48:af:a7:59:00:ef:7b:26:09:6e:b4:60:34:3d:2e:5c:
         b8:dd:bd:22:36:a0:5a:60:10:bd:cd:45:87:ba:80:03:ba:40:
         48:32:ea:86:79:70:85:ac:30:e1:d9:cc:f4:41:06:0a:44:04:
         b7:f7:73:51:dd:20:78:cd:93:1e:00:2f:7a:da:6b:e8:46:ce:
         ca:c9:5a:4e:d7:24:25:20:dc:76:3f:2b:5b:37:3c:d5:e0:3d:
         99:ce:48:10:69:8b:ca:04:99:41:75:75:5b:e4:24:9b:54:1d:
         8f:f8:e5:70:24:bb:dc:4b:a5:d3:5e:17:1b:80:9d:5e:fb:5f:
         9b:99:f2:ea:6a:34:67:b2:9f:29:d3:b4:fb:5c:b0:a1:fc:f1:
         78:53:60:a4:e2:4f:f2:64:f7:59:fc:62:2f:fc:4b:2c:c3:42:
         7b:a7:96:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuEbgwjz8vs7XCcl3pmH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjIxYzg5YmM3ZTJiMjE0MDY3ZjMwNzA3YTRhMDNkYzM0
NmVlMDUwHhcNMjQwMTAxMjAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTJhODFjNGEzYzdkNTkyMDMxNjJmNTMxM2MwN2JkZjUxNTlkMjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPS4Cgj5l70w8A2FAsMNt15zrgcf
HuCA2HETLQjjHc08Wx9hfms/A4VaTCKo43URn1BsMnkkKtqJVS1KTKlZew2xGO1m
6aBsNM/SPsdTu45hegQ/k0sFKQKuAt3BS7H2n40Nca1yvlmZebDYrGT0pKZ0GGvD
IsKa4XUYUvtpt94q53mVKc/r5U7WIrRV+4grsz27RRlu1kEDYiMrV7+SH+3etIzV
0jBGbioRdctWkoyhO5XtXPnkEIlipzFZ4z0B2vWGUlgPHVyELPn4fTpt65/y9ZYE
CXnF0oomTyNAwSfHYiaZC5SpqWNpAedHkH0gatWKgFesxokiJFK020L49QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNkqgcSjx9WSAxYvUxPAe99RWdIkMB8GA1UdIwQY
MBaAFMSyHIm8fishQGfzBwekoD3DRu4FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExJY2lieC1LeUZBWl9NSEI2U2dQY05HN2dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82MTM3YjgtMTM4My00YjcxLWExODkt
MDYzYjQwMTc0NTk3LzEvMlNxQnhLUEgxWklERmk5VEU4QjczMUZaMGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82MTM3YjgtMTM4My00YjcxLWExODktMDYzYjQwMTc0NTk3
LzEveExJY2lieC1LeUZBWl9NSEI2U2dQY05HN2dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALQspMA0E
AgACMAcDBQEqDn0CMA0GCSqGSIb3DQEBCwUAA4IBAQCjpCXf5KPeB0gOaBcM/y4z
bBfNc+7r6jN0P++ISdEedwIPQi11nlUEDjvO7Dkf+8oUQCWOazEg8RuFOjZqCpJ6
jT3iQPSTUjNJ7wf9x2uW3dtPgTiZw32tDxj6oEivp1kA73smCW60YDQ9Lly43b0i
NqBaYBC9zUWHuoADukBIMuqGeXCFrDDh2cz0QQYKRAS393NR3SB4zZMeAC962mvo
Rs7KyVpO1yQlINx2PytbNzzV4D2ZzkgQaYvKBJlBdXVb5CSbVB2P+OVwJLvcS6XT
XhcbgJ1e+1+bmfLqajRnsp8p07T7XLCh/PF4U2Ck4k/yZPdZ/GIv/Essw0J7p5ap
-----END CERTIFICATE-----