Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DcN-2SqTTkmhQBBF85nbgr-VWbQ.roa
File:                     DcN-2SqTTkmhQBBF85nbgr-VWbQ.roa (raw, json)
Hash identifier:          dNDgp05ytCCJg/CrgNfaQvriz2Qwj64gkKa0SF83gu0=
Subject key identifier:   0D:C3:7E:D9:2A:93:4E:49:A1:40:10:45:F3:99:DB:82:BF:95:59:B4
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0191E540B533E91F3405AF85296B192DEEBA
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DcN-2SqTTkmhQBBF85nbgr-VWbQ.roa
Signing time:             Thu 12 Sep 2024 08:01:48 +0000
ROA not before:           Thu 12 Sep 2024 08:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60721
IP address blocks:        45.88.136.0/23 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          45.144.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:40:b5:33:e9:1f:34:05:af:85:29:6b:19:2d:ee:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep 12 08:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dc37ed92a934e49a1401045f399db82bf9559b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:04:c2:ff:e4:cb:d3:42:02:bd:8f:36:7c:
                    da:bd:db:6d:52:df:e1:bf:7a:84:d0:cd:2a:b0:86:
                    b8:b6:95:d9:f9:a9:a3:91:45:7d:b0:04:f2:cf:bb:
                    a1:ff:25:03:32:41:34:58:e6:2a:46:c1:0d:d3:b6:
                    8b:41:a6:57:ff:32:8f:bb:e4:3f:0c:32:70:50:ee:
                    83:7e:b4:ab:31:96:cd:b0:97:da:73:49:1c:ef:1d:
                    c5:31:b2:00:0e:3b:ea:38:cd:73:fc:2f:51:72:42:
                    19:64:c8:14:25:05:3c:6c:5d:20:d5:3d:db:25:3e:
                    3d:27:3c:de:42:aa:94:27:16:51:f7:75:ac:6e:c4:
                    89:57:77:ff:e8:bd:dc:08:b0:f3:4e:66:90:b7:04:
                    5d:d7:7f:8e:d7:08:2c:c5:56:64:80:8e:db:9c:45:
                    59:b2:72:d0:6b:4c:f5:43:b0:81:09:f1:b8:f9:71:
                    82:04:60:01:44:05:c2:59:b0:7a:c5:8a:97:0b:5a:
                    f6:a4:1c:38:d6:75:92:ec:9d:94:08:04:c7:31:fc:
                    c7:c0:75:dc:01:a3:26:7c:c2:40:7a:8d:57:bb:fe:
                    b8:ae:2d:5e:c9:95:f6:25:1e:e3:53:96:1a:0f:56:
                    75:b3:8c:d9:11:a2:28:81:7a:a7:0d:e1:0c:3b:8d:
                    d0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C3:7E:D9:2A:93:4E:49:A1:40:10:45:F3:99:DB:82:BF:95:59:B4
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DcN-2SqTTkmhQBBF85nbgr-VWbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.136.0/23
                  45.132.182.0/23
                  45.144.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:e3:e1:b7:6f:6b:45:8c:6d:5c:01:59:60:b2:57:72:47:19:
         55:24:ea:a3:44:94:cf:01:73:28:f1:a2:b6:75:d1:c9:b6:c5:
         34:9e:8c:3c:b5:db:7a:2f:d4:51:74:cf:70:6d:82:89:df:36:
         15:ce:c4:4d:9a:e8:a4:16:27:9e:bf:f4:b2:fb:b8:d1:4d:33:
         c2:cc:23:69:ef:c3:0c:29:2c:2d:1e:15:46:16:f5:0f:0a:2f:
         01:0e:da:79:df:02:65:72:23:d5:a4:93:20:13:63:e0:ef:41:
         c6:9d:ce:95:af:a3:77:cc:fd:b5:69:06:8f:c7:40:5e:cd:2c:
         95:7e:70:39:73:be:17:36:3b:e1:6e:9e:66:5a:ed:1f:a6:4f:
         ed:1c:56:e7:c4:67:f3:e2:53:3a:a8:e6:31:2d:f0:09:c2:40:
         eb:a4:08:4d:28:e4:27:4f:2c:bc:6a:f9:87:40:32:61:20:61:
         33:c1:db:23:14:33:52:6d:80:85:42:c1:a1:4f:95:59:1c:6e:
         84:cc:01:2d:c4:81:5f:a1:29:00:78:67:3a:82:bb:8c:55:ff:
         d0:a6:03:9e:53:96:91:6c:a2:cf:88:74:0e:17:18:0f:f7:a2:
         f3:7b:3b:46:75:91:ce:c4:04:2d:3b:42:20:e3:77:ac:3e:a5:
         a8:46:8a:66
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZHlQLUz6R80Ba+FKWsZLe66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwOTEyMDgwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGMzN2VkOTJhOTM0ZTQ5YTE0MDEwNDVmMzk5ZGI4MmJmOTU1OWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw4Ewv/ky9NCAr2PNnzavdttUt/h
v3qE0M0qsIa4tpXZ+amjkUV9sATyz7uh/yUDMkE0WOYqRsEN07aLQaZX/zKPu+Q/
DDJwUO6DfrSrMZbNsJfac0kc7x3FMbIADjvqOM1z/C9RckIZZMgUJQU8bF0g1T3b
JT49JzzeQqqUJxZR93WsbsSJV3f/6L3cCLDzTmaQtwRd13+O1wgsxVZkgI7bnEVZ
snLQa0z1Q7CBCfG4+XGCBGABRAXCWbB6xYqXC1r2pBw41nWS7J2UCATHMfzHwHXc
AaMmfMJAeo1Xu/64ri1eyZX2JR7jU5YaD1Z1s4zZEaIogXqnDeEMO43Q2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA3Dftkqk05JoUAQRfOZ24K/lVm0MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRGNOLTJTcVRUa21oUUJCRjg1bmJnci1WV2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLViIAwQB
LYS2AwQALZDUMA0GCSqGSIb3DQEBCwUAA4IBAQAT4+G3b2tFjG1cAVlgsldyRxlV
JOqjRJTPAXMo8aK2ddHJtsU0now8tdt6L9RRdM9wbYKJ3zYVzsRNmuikFieev/Sy
+7jRTTPCzCNp78MMKSwtHhVGFvUPCi8BDtp53wJlciPVpJMgE2Pg70HGnc6Vr6N3
zP21aQaPx0BezSyVfnA5c74XNjvhbp5mWu0fpk/tHFbnxGfz4lM6qOYxLfAJwkDr
pAhNKOQnTyy8avmHQDJhIGEzwdsjFDNSbYCFQsGhT5VZHG6EzAEtxIFfoSkAeGc6
gruMVf/QpgOeU5aRbKLPiHQOFxgP96LzeztGdZHOxAQtO0Ig43esPqWoRopm
-----END CERTIFICATE-----