Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/058220-596e-480a-a058-0246868aa0ed/1/2Qgx7oq4VD8_uihrhYGo5S_-d-w.roa
File:                     2Qgx7oq4VD8_uihrhYGo5S_-d-w.roa (raw, json)
Hash identifier:          v6DV21F0BPvstCYPM3OgqjUWCfxuP54LKWgIsqvBryA=
Subject key identifier:   D9:08:31:EE:8A:B8:54:3F:3F:BA:28:6B:85:81:A8:E5:2F:FE:77:EC
Certificate issuer:       /CN=92479cae284765d628044119009880d28a7560b1
Certificate serial:       018CC7940ACD05F7D8FB7F326A44D4A404D3
Authority key identifier: 92:47:9C:AE:28:47:65:D6:28:04:41:19:00:98:80:D2:8A:75:60:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkecrihHZdYoBEEZAJiA0op1YLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/058220-596e-480a-a058-0246868aa0ed/1/2Qgx7oq4VD8_uihrhYGo5S_-d-w.roa
Signing time:             Tue 02 Jan 2024 00:30:17 +0000
ROA not before:           Tue 02 Jan 2024 00:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208929
IP address blocks:        45.15.88.0/22 maxlen: 22
                          2a0e:2380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/058220-596e-480a-a058-0246868aa0ed/1/kkecrihHZdYoBEEZAJiA0op1YLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/058220-596e-480a-a058-0246868aa0ed/1/kkecrihHZdYoBEEZAJiA0op1YLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkecrihHZdYoBEEZAJiA0op1YLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0a:cd:05:f7:d8:fb:7f:32:6a:44:d4:a4:04:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92479cae284765d628044119009880d28a7560b1
        Validity
            Not Before: Jan  2 00:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d90831ee8ab8543f3fba286b8581a8e52ffe77ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:da:08:87:4c:b0:f0:7f:bf:c0:15:6e:6e:9a:
                    8a:c5:17:62:0f:d1:a6:df:38:00:2f:eb:e8:bf:8b:
                    fe:6c:66:8a:9a:d1:d5:6b:59:d4:e4:8e:db:7b:17:
                    4b:c7:5d:33:59:57:6c:b3:16:3e:9f:70:77:50:a5:
                    43:b5:8e:bf:f6:27:14:3e:ee:35:75:93:6f:01:68:
                    48:f8:f5:5e:30:3a:97:29:9d:64:dc:98:f4:26:db:
                    63:73:cb:5b:62:4a:83:6b:25:df:3a:24:13:c9:78:
                    42:16:f8:b3:77:28:ea:16:d0:9b:88:6e:83:be:d4:
                    a6:2e:6c:eb:7e:2d:e0:96:f9:3c:69:a2:30:57:57:
                    b6:4f:79:12:28:e4:5b:0a:55:86:82:f1:1f:13:96:
                    aa:a2:72:fb:23:3e:4c:7a:41:59:48:35:60:10:42:
                    ec:23:53:62:32:8c:72:c5:3e:8f:56:ea:26:ff:ec:
                    a0:76:94:53:42:63:67:e9:6c:16:a7:d3:29:fd:ec:
                    85:d8:1f:83:d1:a8:96:71:14:73:43:53:7e:c9:e5:
                    77:37:47:79:45:1c:8b:69:88:06:89:f5:b2:17:8c:
                    20:48:f5:92:d1:ca:d6:9b:b6:b9:86:43:80:00:b6:
                    bf:83:9b:d4:38:86:44:56:c7:ea:09:1c:7e:90:e6:
                    f7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:08:31:EE:8A:B8:54:3F:3F:BA:28:6B:85:81:A8:E5:2F:FE:77:EC
            X509v3 Authority Key Identifier:
                keyid:92:47:9C:AE:28:47:65:D6:28:04:41:19:00:98:80:D2:8A:75:60:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkecrihHZdYoBEEZAJiA0op1YLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/058220-596e-480a-a058-0246868aa0ed/1/2Qgx7oq4VD8_uihrhYGo5S_-d-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/058220-596e-480a-a058-0246868aa0ed/1/kkecrihHZdYoBEEZAJiA0op1YLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.88.0/22
                IPv6:
                  2a0e:2380::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:36:fe:0e:9f:7f:7d:d1:65:a9:74:dd:66:56:24:97:fe:b8:
         ca:c8:23:d6:58:2d:95:92:2a:f6:a8:5f:34:c1:5c:f6:58:3c:
         0d:89:f5:02:d4:6d:db:9f:5c:b3:28:b6:48:93:3e:d8:45:1b:
         44:32:7e:4d:c1:c1:95:f6:6b:c5:04:09:17:d2:b7:e6:e9:68:
         33:e3:de:43:96:0c:be:1b:10:1c:ff:63:00:a9:b6:32:9e:33:
         b7:0f:af:f5:0f:cc:1a:df:1e:fc:b7:be:a9:0e:88:d3:82:81:
         eb:a4:b1:0f:da:11:dc:32:5d:0b:4e:af:d8:a4:72:bf:3a:05:
         0e:c7:b8:48:0e:d3:fa:2c:ea:cd:bb:b2:8a:0c:eb:58:9d:b1:
         8d:4c:ee:17:3f:94:b4:df:fc:c2:98:e8:32:90:f7:06:f7:91:
         6c:ac:1a:d7:bc:ad:b2:11:d7:4d:bb:57:38:40:1d:c2:4b:4a:
         53:1a:da:5c:e0:21:5a:54:c7:94:ef:78:05:1d:d5:d6:77:8a:
         92:09:f9:45:60:de:df:5c:a3:bd:00:e7:ab:fa:e8:09:d5:83:
         90:bf:b3:ba:f7:c1:1d:63:10:5b:5d:a6:56:77:16:d9:7b:89:
         a8:52:6e:55:08:5b:1d:b4:e6:1c:42:94:8f:b6:cd:15:16:62:
         73:a2:1c:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlArNBffY+38yakTUpATTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDc5Y2FlMjg0NzY1ZDYyODA0NDExOTAwOTg4MGQyOGE3
NTYwYjEwHhcNMjQwMTAyMDAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTA4MzFlZThhYjg1NDNmM2ZiYTI4NmI4NTgxYThlNTJmZmU3N2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49oIh0yw8H+/wBVubpqKxRdiD9Gm
3zgAL+vov4v+bGaKmtHVa1nU5I7bexdLx10zWVdssxY+n3B3UKVDtY6/9icUPu41
dZNvAWhI+PVeMDqXKZ1k3Jj0Jttjc8tbYkqDayXfOiQTyXhCFvizdyjqFtCbiG6D
vtSmLmzrfi3glvk8aaIwV1e2T3kSKORbClWGgvEfE5aqonL7Iz5MekFZSDVgEELs
I1NiMoxyxT6PVuom/+ygdpRTQmNn6WwWp9Mp/eyF2B+D0aiWcRRzQ1N+yeV3N0d5
RRyLaYgGifWyF4wgSPWS0crWm7a5hkOAALa/g5vUOIZEVsfqCRx+kOb36wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNkIMe6KuFQ/P7ooa4WBqOUv/nfsMB8GA1UdIwQY
MBaAFJJHnK4oR2XWKARBGQCYgNKKdWCxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tlY3JpaEhaZFlvQkVFWkFKaUEwb3AxWUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8wNTgyMjAtNTk2ZS00ODBhLWEwNTgt
MDI0Njg2OGFhMGVkLzEvMlFneDdvcTRWRDhfdWlocmhZR281U18tZC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8wNTgyMjAtNTk2ZS00ODBhLWEwNTgtMDI0Njg2OGFhMGVk
LzEva2tlY3JpaEhaZFlvQkVFWkFKaUEwb3AxWUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ9YMA0E
AgACMAcDBQAqDiOAMA0GCSqGSIb3DQEBCwUAA4IBAQBzNv4On3990WWpdN1mViSX
/rjKyCPWWC2Vkir2qF80wVz2WDwNifUC1G3bn1yzKLZIkz7YRRtEMn5NwcGV9mvF
BAkX0rfm6Wgz495Dlgy+GxAc/2MAqbYynjO3D6/1D8wa3x78t76pDojTgoHrpLEP
2hHcMl0LTq/YpHK/OgUOx7hIDtP6LOrNu7KKDOtYnbGNTO4XP5S03/zCmOgykPcG
95FsrBrXvK2yEddNu1c4QB3CS0pTGtpc4CFaVMeU73gFHdXWd4qSCflFYN7fXKO9
AOer+ugJ1YOQv7O698EdYxBbXaZWdxbZe4moUm5VCFsdtOYcQpSPts0VFmJzohxr
-----END CERTIFICATE-----