Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/d-nedqvXi_AFPcVVKVDBWJExuCA.roa
File:                     d-nedqvXi_AFPcVVKVDBWJExuCA.roa (raw, json)
Hash identifier:          TmVlfkAkWg4NLih4a+f61kzl7gyBPBkJegkLHH5GOUA=
Subject key identifier:   77:E9:DE:76:AB:D7:8B:F0:05:3D:C5:55:29:50:C1:58:91:31:B8:20
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018F2A8EA85A5CBDDF7A0C1EF98950D65776
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/d-nedqvXi_AFPcVVKVDBWJExuCA.roa
Signing time:             Mon 29 Apr 2024 15:52:23 +0000
ROA not before:           Mon 29 Apr 2024 15:52:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        45.88.137.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:8e:a8:5a:5c:bd:df:7a:0c:1e:f9:89:50:d6:57:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 29 15:52:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77e9de76abd78bf0053dc5552950c1589131b820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1b:6b:98:35:0f:69:e5:48:b7:b9:c4:60:20:
                    96:c5:f1:57:c1:7c:a4:64:53:a1:78:2e:b6:63:b5:
                    49:1c:70:0e:bb:68:f6:4e:52:d8:38:72:25:0f:ff:
                    ec:41:6c:5b:3d:6c:2d:06:9d:54:98:1c:9e:90:c9:
                    94:64:a2:73:65:4d:a3:52:cb:84:72:79:42:c6:21:
                    31:75:98:70:7f:cf:0c:86:69:b5:6d:a7:5f:de:a6:
                    46:46:ef:a8:df:e2:30:13:84:6e:9f:8d:68:b4:57:
                    a7:f0:52:28:1b:23:62:85:97:f9:a5:1e:61:79:5f:
                    ff:b2:45:b6:5e:00:10:67:47:08:c8:85:81:31:75:
                    fb:39:0c:c7:98:83:a5:85:a1:41:93:31:a6:9c:d6:
                    7a:88:e0:f4:a2:15:cc:ea:88:8b:25:cb:4e:f9:75:
                    e6:ff:25:7e:fb:b0:c5:56:ce:8b:67:b1:cb:d4:08:
                    5c:b1:f4:53:5e:a8:9b:25:d3:a5:44:1b:58:5b:1d:
                    d7:a2:c9:25:85:e6:76:4b:10:02:f0:8e:ce:ae:1a:
                    79:a7:55:b1:0d:d9:16:89:aa:97:02:ee:a2:d2:91:
                    c1:e5:ce:58:96:0e:f4:d5:3b:8f:69:12:a2:c0:01:
                    6e:fb:01:b0:9f:ff:4c:00:86:ed:97:28:5c:5d:52:
                    44:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E9:DE:76:AB:D7:8B:F0:05:3D:C5:55:29:50:C1:58:91:31:B8:20
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/d-nedqvXi_AFPcVVKVDBWJExuCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.137.0/24
                  195.62.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:1d:1f:53:ee:12:26:f8:10:b0:70:7e:f3:16:b5:69:54:72:
         1f:a3:d9:44:5c:b7:f4:25:7b:da:ea:97:21:f8:7c:2f:9c:0e:
         1d:af:ea:4b:9a:09:59:3d:ec:25:60:2d:1d:13:38:c6:4b:22:
         a9:ca:31:92:49:0a:6c:ab:ce:48:c6:fc:7c:47:de:27:5e:e4:
         06:a9:40:2c:02:08:f6:2e:de:a8:80:88:c4:5f:9a:b2:f2:52:
         c4:dd:13:ea:41:7f:dc:bc:2c:e2:69:46:f9:71:9a:9d:5f:20:
         3a:dc:1c:5b:d1:63:35:5e:7a:f4:54:ed:e4:ab:b4:c7:44:dd:
         35:dc:94:dc:80:72:38:de:44:2f:70:8a:7e:61:a0:87:92:64:
         d7:97:0d:73:04:28:15:d8:80:6a:15:02:a7:30:80:ca:f9:bc:
         28:c1:de:45:5d:62:58:83:b6:5d:d4:a1:1d:52:aa:85:5b:ad:
         7d:63:51:ff:7b:8b:7b:b6:77:b3:9a:49:b4:ab:41:ce:f3:b6:
         ed:ff:be:71:3b:cc:c0:3a:8e:b3:f3:d8:45:dc:ec:4f:b1:bc:
         4c:26:30:95:72:2a:1d:45:70:e2:72:ec:60:86:fa:fc:d9:7b:
         bc:11:cc:e5:91:80:5f:84:de:e9:be:ea:1a:e6:78:fb:41:a6:
         ee:11:2e:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8qjqhaXL3fegwe+YlQ1ld2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNDI5MTU1MjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U5ZGU3NmFiZDc4YmYwMDUzZGM1NTUyOTUwYzE1ODkxMzFiODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhtrmDUPaeVIt7nEYCCWxfFXwXyk
ZFOheC62Y7VJHHAOu2j2TlLYOHIlD//sQWxbPWwtBp1UmByekMmUZKJzZU2jUsuE
cnlCxiExdZhwf88Mhmm1badf3qZGRu+o3+IwE4Run41otFen8FIoGyNihZf5pR5h
eV//skW2XgAQZ0cIyIWBMXX7OQzHmIOlhaFBkzGmnNZ6iOD0ohXM6oiLJctO+XXm
/yV++7DFVs6LZ7HL1AhcsfRTXqibJdOlRBtYWx3XosklheZ2SxAC8I7Orhp5p1Wx
DdkWiaqXAu6i0pHB5c5Ylg701TuPaRKiwAFu+wGwn/9MAIbtlyhcXVJEjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHfp3nar14vwBT3FVSlQwViRMbggMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZC1uZWRxdlhpX0FGUGNWVktWREJXSkV4dUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALViJAwQA
wz4YMA0GCSqGSIb3DQEBCwUAA4IBAQBYHR9T7hIm+BCwcH7zFrVpVHIfo9lEXLf0
JXva6pch+HwvnA4dr+pLmglZPewlYC0dEzjGSyKpyjGSSQpsq85Ixvx8R94nXuQG
qUAsAgj2Lt6ogIjEX5qy8lLE3RPqQX/cvCziaUb5cZqdXyA63Bxb0WM1Xnr0VO3k
q7THRN013JTcgHI43kQvcIp+YaCHkmTXlw1zBCgV2IBqFQKnMIDK+bwowd5FXWJY
g7Zd1KEdUqqFW619Y1H/e4t7tnezmkm0q0HO87bt/75xO8zAOo6z89hF3OxPsbxM
JjCVciodRXDicuxghvr82Xu8EczlkYBfhN7pvuoa5nj7QabuES4D
-----END CERTIFICATE-----