Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/JI5BsNXHahWy4QexKMedtWYzOAc.roa
File:                     JI5BsNXHahWy4QexKMedtWYzOAc.roa (raw, json)
Hash identifier:          3hcHDeIGOIXdjeNZw6+oIBE6iv91gdqUqHMfveUmLYM=
Subject key identifier:   24:8E:41:B0:D5:C7:6A:15:B2:E1:07:B1:28:C7:9D:B5:66:33:38:07
Certificate issuer:       /CN=046587901f13079bed8982f629e9dd15468cfef1
Certificate serial:       018CC4931EB0752267F32FA79A2E33CE88FD
Authority key identifier: 04:65:87:90:1F:13:07:9B:ED:89:82:F6:29:E9:DD:15:46:8C:FE:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BGWHkB8TB5vtiYL2KendFUaM_vE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/JI5BsNXHahWy4QexKMedtWYzOAc.roa
Signing time:             Mon 01 Jan 2024 10:30:25 +0000
ROA not before:           Mon 01 Jan 2024 10:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208645
IP address blocks:        45.91.244.0/22 maxlen: 22
                          185.91.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/BGWHkB8TB5vtiYL2KendFUaM_vE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/BGWHkB8TB5vtiYL2KendFUaM_vE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BGWHkB8TB5vtiYL2KendFUaM_vE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1e:b0:75:22:67:f3:2f:a7:9a:2e:33:ce:88:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=046587901f13079bed8982f629e9dd15468cfef1
        Validity
            Not Before: Jan  1 10:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=248e41b0d5c76a15b2e107b128c79db566333807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:23:e5:26:22:a3:55:89:d0:c7:13:12:79:c6:
                    93:be:9c:1d:21:94:27:f3:ac:cb:3c:5c:02:2e:82:
                    d1:a4:4f:f7:90:f2:67:53:cb:8f:d3:dc:55:11:3b:
                    df:0d:cf:f4:45:7f:c0:da:7c:66:84:63:0d:f5:30:
                    a0:53:a2:c5:70:b2:8d:5c:ba:1b:c6:17:08:3e:07:
                    ac:4f:c2:0d:32:69:65:ae:ce:e2:f1:ab:76:f5:a1:
                    07:41:ed:ec:3f:61:ea:b0:d2:0c:b6:c1:e1:f6:18:
                    fb:c5:e3:f9:c7:9f:5e:90:dc:8c:c2:1e:d2:4c:e9:
                    43:07:ea:9b:2b:37:2f:89:56:ad:05:0d:8d:e9:1e:
                    18:81:8e:8d:14:2a:49:a9:aa:10:e8:4f:f6:23:d0:
                    78:ad:c3:77:4a:1a:fe:31:68:ea:40:2d:67:bd:d7:
                    31:fa:a9:95:7c:dd:99:d5:65:ea:55:1b:62:e2:c9:
                    48:f7:12:fc:98:ba:f7:7e:c0:be:9c:8a:60:58:37:
                    88:d6:03:65:d8:40:81:2d:6c:de:25:78:77:0b:50:
                    7f:17:92:51:86:4f:da:f6:1d:b9:8e:6b:e4:3e:a9:
                    7b:df:4e:2b:d7:4a:04:38:56:dd:1f:4d:66:5f:e0:
                    24:84:cb:50:f1:0a:cd:15:4a:9f:6e:08:b2:87:10:
                    e2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8E:41:B0:D5:C7:6A:15:B2:E1:07:B1:28:C7:9D:B5:66:33:38:07
            X509v3 Authority Key Identifier:
                keyid:04:65:87:90:1F:13:07:9B:ED:89:82:F6:29:E9:DD:15:46:8C:FE:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGWHkB8TB5vtiYL2KendFUaM_vE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/JI5BsNXHahWy4QexKMedtWYzOAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/BGWHkB8TB5vtiYL2KendFUaM_vE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.244.0/22
                  185.91.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:c4:a0:87:15:5c:6a:4a:ab:45:2f:0b:22:00:85:21:02:da:
         e9:bf:92:ad:49:9a:b3:6f:b2:7d:05:c3:93:71:20:78:f0:fc:
         ea:67:b7:d7:5e:e9:57:08:36:85:74:51:c7:d4:eb:1a:7d:6a:
         8e:66:22:9e:53:ed:c5:df:49:6b:bd:c1:16:db:88:5b:43:e8:
         87:18:67:35:0d:68:6b:2d:52:52:89:45:20:e1:e0:47:cf:ad:
         dd:c7:14:a4:6e:6d:a9:08:ba:6b:60:10:d3:fe:13:4f:3b:4d:
         65:0f:80:48:f6:c4:0e:b8:7d:85:77:d4:b7:4d:c4:a9:ed:23:
         78:e6:91:9c:ca:db:32:44:61:47:d2:4f:59:5d:23:24:0c:45:
         29:3b:68:cb:a7:6f:b4:50:07:9b:c3:48:bf:b3:c6:67:20:02:
         f9:c9:35:ba:64:e6:91:54:6f:ba:22:11:0d:7e:3e:4a:b7:a7:
         56:4d:e4:70:d1:a5:60:df:96:25:90:c7:c4:c4:a0:cd:09:2f:
         99:9b:81:6e:10:80:68:d9:88:5e:6e:b6:56:4f:64:74:eb:f8:
         ae:fb:23:ed:03:29:47:65:50:e7:5e:25:71:76:52:16:24:31:
         4d:65:b6:b9:3b:94:16:d5:b9:60:fb:a2:91:0f:a1:f3:09:a8:
         f4:05:03:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkx6wdSJn8y+nmi4zzoj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NjU4NzkwMWYxMzA3OWJlZDg5ODJmNjI5ZTlkZDE1NDY4
Y2ZlZjEwHhcNMjQwMTAxMTAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhlNDFiMGQ1Yzc2YTE1YjJlMTA3YjEyOGM3OWRiNTY2MzMzODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyPlJiKjVYnQxxMSecaTvpwdIZQn
86zLPFwCLoLRpE/3kPJnU8uP09xVETvfDc/0RX/A2nxmhGMN9TCgU6LFcLKNXLob
xhcIPgesT8INMmllrs7i8at29aEHQe3sP2HqsNIMtsHh9hj7xeP5x59ekNyMwh7S
TOlDB+qbKzcviVatBQ2N6R4YgY6NFCpJqaoQ6E/2I9B4rcN3Shr+MWjqQC1nvdcx
+qmVfN2Z1WXqVRti4slI9xL8mLr3fsC+nIpgWDeI1gNl2ECBLWzeJXh3C1B/F5JR
hk/a9h25jmvkPql7304r10oEOFbdH01mX+AkhMtQ8QrNFUqfbgiyhxDiiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCSOQbDVx2oVsuEHsSjHnbVmMzgHMB8GA1UdIwQY
MBaAFARlh5AfEweb7YmC9inp3RVGjP7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkdXSGtCOFRCNXZ0aVlMMktlbmRGVWFNX3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82M2QzOTQtNDJiZC00MGIxLWEyYTEt
NzRkNTkwMWE4YzU2LzEvSkk1QnNOWEhhaFd5NFFleEtNZWR0V1l6T0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82M2QzOTQtNDJiZC00MGIxLWEyYTEtNzRkNTkwMWE4YzU2
LzEvQkdXSGtCOFRCNXZ0aVlMMktlbmRGVWFNX3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVv0AwQC
uVsgMA0GCSqGSIb3DQEBCwUAA4IBAQChxKCHFVxqSqtFLwsiAIUhAtrpv5KtSZqz
b7J9BcOTcSB48PzqZ7fXXulXCDaFdFHH1OsafWqOZiKeU+3F30lrvcEW24hbQ+iH
GGc1DWhrLVJSiUUg4eBHz63dxxSkbm2pCLprYBDT/hNPO01lD4BI9sQOuH2Fd9S3
TcSp7SN45pGcytsyRGFH0k9ZXSMkDEUpO2jLp2+0UAebw0i/s8ZnIAL5yTW6ZOaR
VG+6IhENfj5Kt6dWTeRw0aVg35YlkMfExKDNCS+Zm4FuEIBo2YhebrZWT2R06/iu
+yPtAylHZVDnXiVxdlIWJDFNZba5O5QW1blg+6KRD6HzCaj0BQMy
-----END CERTIFICATE-----