Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/DorSvCqXbbQQ7tpjdUX9GjGzSSs.roa
File:                     DorSvCqXbbQQ7tpjdUX9GjGzSSs.roa (raw, json)
Hash identifier:          qJl0LOo7Bo7HO3bA7xKaocBQguJ7xqbKZvwkdl4VZDI=
Subject key identifier:   0E:8A:D2:BC:2A:97:6D:B4:10:EE:DA:63:75:45:FD:1A:31:B3:49:2B
Certificate issuer:       /CN=45c5c1262e83d7bfa902c2c862a15f1e42d25591
Certificate serial:       0192DD509FEF8AA834A25086DBCA965CB958
Authority key identifier: 45:C5:C1:26:2E:83:D7:BF:A9:02:C2:C8:62:A1:5F:1E:42:D2:55:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RcXBJi6D17-pAsLIYqFfHkLSVZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/DorSvCqXbbQQ7tpjdUX9GjGzSSs.roa
Signing time:             Wed 30 Oct 2024 12:05:01 +0000
ROA not before:           Wed 30 Oct 2024 12:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210484
IP address blocks:        146.19.89.0/24 maxlen: 24
                          194.164.182.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/RcXBJi6D17-pAsLIYqFfHkLSVZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/RcXBJi6D17-pAsLIYqFfHkLSVZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RcXBJi6D17-pAsLIYqFfHkLSVZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:50:9f:ef:8a:a8:34:a2:50:86:db:ca:96:5c:b9:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45c5c1262e83d7bfa902c2c862a15f1e42d25591
        Validity
            Not Before: Oct 30 12:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e8ad2bc2a976db410eeda637545fd1a31b3492b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b3:fe:14:fd:5a:c8:cd:b6:88:c6:1c:de:ff:
                    e7:d8:3d:18:e7:80:f6:34:fb:62:63:06:e2:e7:d0:
                    49:a4:dc:a8:2d:40:c8:43:b2:44:a2:c5:13:f2:92:
                    a7:8c:a4:46:e0:26:86:a7:2b:0c:fe:9a:99:2a:3f:
                    9c:3e:9f:5b:7f:de:19:7e:55:9c:a8:b1:5b:6c:24:
                    13:d1:79:1b:4e:61:a8:7d:1e:1a:67:7e:dc:9c:99:
                    60:8e:03:cd:c3:2e:fa:ec:d1:ab:73:bd:1d:e1:61:
                    5d:88:c7:46:d1:1d:ba:b9:ee:df:1a:fe:03:78:1c:
                    df:75:2a:f2:40:8f:74:53:74:47:63:7c:6f:80:62:
                    34:14:67:2b:a9:ad:40:de:3f:20:ae:07:31:55:01:
                    92:93:bb:e2:f4:67:00:5e:8a:ed:d2:be:95:92:37:
                    12:d5:18:78:78:13:0f:a2:24:49:7e:c1:52:e4:53:
                    8a:2a:d7:1c:9a:88:50:59:c5:69:f2:79:35:b9:c4:
                    ac:2a:83:96:3f:c6:4f:8b:51:14:c5:56:8b:fa:81:
                    d0:18:00:d5:29:d1:7c:ff:17:be:20:42:bd:ea:6c:
                    86:1d:12:4e:e5:cb:91:4f:4f:b1:ef:a6:e9:84:c7:
                    69:44:79:23:0d:cb:73:53:cf:27:47:e8:90:18:dc:
                    5a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8A:D2:BC:2A:97:6D:B4:10:EE:DA:63:75:45:FD:1A:31:B3:49:2B
            X509v3 Authority Key Identifier:
                keyid:45:C5:C1:26:2E:83:D7:BF:A9:02:C2:C8:62:A1:5F:1E:42:D2:55:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RcXBJi6D17-pAsLIYqFfHkLSVZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/DorSvCqXbbQQ7tpjdUX9GjGzSSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/RcXBJi6D17-pAsLIYqFfHkLSVZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.89.0/24
                  194.164.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:84:20:41:2a:0e:4e:d6:e9:08:33:c1:ac:77:1f:03:1a:9f:
         84:fe:af:ae:34:48:a6:f6:72:a0:a6:06:6a:90:9a:0c:49:43:
         57:16:45:93:db:e1:82:1a:83:bd:27:c1:e4:ec:58:08:4e:46:
         e7:e1:52:45:43:05:46:16:34:f5:8b:d9:b7:c7:a3:e8:5f:cd:
         52:5f:cc:a3:66:34:dd:3a:d4:b6:8b:f4:b4:4b:a4:73:02:d1:
         4f:cf:20:36:ae:96:e4:2d:fa:52:04:6a:f5:b8:5a:c7:28:a8:
         78:20:7a:54:58:5a:d5:64:16:e3:55:32:57:a2:db:01:64:ea:
         62:b2:22:02:10:e7:87:53:64:94:71:e2:ec:f1:f4:7c:ed:cc:
         e4:82:71:07:f0:a0:3a:f8:b1:07:5b:40:b4:85:c0:4e:6b:5b:
         51:b3:5d:4a:99:2c:46:79:72:e6:be:95:b1:02:ae:75:b8:0f:
         d3:a1:84:91:05:d4:31:be:0a:3f:a7:b1:53:fd:0b:22:69:4e:
         51:97:79:09:58:6f:8e:a9:20:5e:60:76:7c:5a:15:8b:ae:ee:
         b6:9e:eb:5d:18:9f:13:2a:36:bb:df:4b:29:18:aa:9b:65:9e:
         c8:35:dc:86:9d:c3:0a:66:dd:f5:87:27:e4:1d:87:77:a3:38:
         b2:bd:17:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLdUJ/viqg0olCG28qWXLlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YzVjMTI2MmU4M2Q3YmZhOTAyYzJjODYyYTE1ZjFlNDJk
MjU1OTEwHhcNMjQxMDMwMTIwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThhZDJiYzJhOTc2ZGI0MTBlZWRhNjM3NTQ1ZmQxYTMxYjM0OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7P+FP1ayM22iMYc3v/n2D0Y54D2
NPtiYwbi59BJpNyoLUDIQ7JEosUT8pKnjKRG4CaGpysM/pqZKj+cPp9bf94ZflWc
qLFbbCQT0XkbTmGofR4aZ37cnJlgjgPNwy767NGrc70d4WFdiMdG0R26ue7fGv4D
eBzfdSryQI90U3RHY3xvgGI0FGcrqa1A3j8grgcxVQGSk7vi9GcAXort0r6VkjcS
1Rh4eBMPoiRJfsFS5FOKKtccmohQWcVp8nk1ucSsKoOWP8ZPi1EUxVaL+oHQGADV
KdF8/xe+IEK96myGHRJO5cuRT0+x76bphMdpRHkjDctzU88nR+iQGNxaywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA6K0rwql220EO7aY3VF/Roxs0krMB8GA1UdIwQY
MBaAFEXFwSYug9e/qQLCyGKhXx5C0lWRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmNYQkppNkQxNy1wQXNMSVlxRmZIa0xTVlpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9mNjg2YjItZmYzMy00MWUxLTliMWMt
ZjEwNjAzYjM3NjhkLzEvRG9yU3ZDcVhiYlFRN3RwamRVWDlHakd6U1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9mNjg2YjItZmYzMy00MWUxLTliMWMtZjEwNjAzYjM3Njhk
LzEvUmNYQkppNkQxNy1wQXNMSVlxRmZIa0xTVlpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhNZAwQB
wqS2MA0GCSqGSIb3DQEBCwUAA4IBAQA2hCBBKg5O1ukIM8Gsdx8DGp+E/q+uNEim
9nKgpgZqkJoMSUNXFkWT2+GCGoO9J8Hk7FgITkbn4VJFQwVGFjT1i9m3x6PoX81S
X8yjZjTdOtS2i/S0S6RzAtFPzyA2rpbkLfpSBGr1uFrHKKh4IHpUWFrVZBbjVTJX
otsBZOpisiICEOeHU2SUceLs8fR87czkgnEH8KA6+LEHW0C0hcBOa1tRs11KmSxG
eXLmvpWxAq51uA/ToYSRBdQxvgo/p7FT/QsiaU5Rl3kJWG+OqSBeYHZ8WhWLru62
nutdGJ8TKja730spGKqbZZ7INdyGncMKZt31hyfkHYd3oziyvRes
-----END CERTIFICATE-----