Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/ZMraDMbqSJ-YaVa3GpMKopTPyEA.roa
File:                     ZMraDMbqSJ-YaVa3GpMKopTPyEA.roa (raw, json)
Hash identifier:          ikZvTkQslFEkZ2AJ6JtQnitoGpZR7oSg9wWs7Azbiks=
Subject key identifier:   64:CA:DA:0C:C6:EA:48:9F:98:69:56:B7:1A:93:0A:A2:94:CF:C8:40
Certificate issuer:       /CN=407c7083460e1a4c72c4bc4276313d3a85944a87
Certificate serial:       018CC6B79498FBB8A47254B179B9B1E7DAD7
Authority key identifier: 40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/ZMraDMbqSJ-YaVa3GpMKopTPyEA.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204572
IP address blocks:        45.86.216.0/22 maxlen: 22
                          2a0e:e880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:98:fb:b8:a4:72:54:b1:79:b9:b1:e7:da:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407c7083460e1a4c72c4bc4276313d3a85944a87
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64cada0cc6ea489f986956b71a930aa294cfc840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:14:a9:e8:5e:25:56:e3:bd:99:f1:5b:58:63:
                    75:e5:b1:80:23:e9:c0:74:15:ec:5a:6d:86:88:e4:
                    05:4f:b3:5e:d8:7c:c9:45:6f:34:0c:9f:be:73:a3:
                    2a:b8:51:bc:42:76:76:00:55:5d:e7:d5:75:9d:d9:
                    90:69:a7:50:9e:b3:31:d3:81:59:2f:84:7a:20:de:
                    f5:7c:7d:17:6b:d3:c1:6b:ed:c8:a4:b5:80:d9:ca:
                    43:af:e0:3e:db:df:2e:3b:38:38:85:4d:cc:f5:59:
                    b7:f6:e2:22:dd:ef:01:ed:b1:e2:89:8d:57:e0:19:
                    4e:5a:29:f6:20:68:44:5d:78:7f:db:7f:d6:47:51:
                    ab:7d:7e:b2:72:23:00:cd:56:41:74:15:ae:2a:61:
                    6f:e9:e8:d8:2f:d3:67:24:6a:a8:90:62:cf:40:1d:
                    fd:bc:4e:c3:84:bb:46:69:54:97:dd:7e:10:22:d1:
                    ad:12:e4:b6:ab:f9:cd:8c:61:fc:09:57:c9:40:77:
                    e2:85:61:fb:ff:2b:dd:2b:3d:37:68:54:09:1f:ca:
                    c7:a1:ba:c0:1c:68:8e:a3:87:76:6d:c2:f5:b6:31:
                    fd:a2:53:ef:e4:c1:9b:e5:db:b1:36:39:c7:5e:a0:
                    37:a7:01:62:06:cb:e2:7f:33:bc:a4:99:eb:7d:e7:
                    6e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CA:DA:0C:C6:EA:48:9F:98:69:56:B7:1A:93:0A:A2:94:CF:C8:40
            X509v3 Authority Key Identifier:
                keyid:40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/ZMraDMbqSJ-YaVa3GpMKopTPyEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.216.0/22
                IPv6:
                  2a0e:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:52:3a:a1:d7:ae:74:8f:0d:22:29:24:45:82:25:b0:d5:57:
         34:b8:8d:f0:36:a0:df:53:d2:d7:67:96:8c:f6:39:1b:df:46:
         4d:57:80:b8:fb:76:f2:49:28:80:a2:5b:f2:cc:34:bd:21:38:
         8e:5d:c8:76:95:85:44:8b:64:2a:f7:b8:c8:85:c1:e5:c3:28:
         56:0e:3b:8e:39:72:4b:5a:af:c7:a3:ae:28:ef:4e:8b:bf:25:
         b8:eb:a7:9f:05:a6:fd:61:fe:29:d1:a9:d2:5e:f4:ba:bd:91:
         68:b1:86:96:18:f0:83:bb:a6:83:e9:21:1d:49:94:3b:80:bc:
         e5:6b:2f:2d:fb:a4:c2:21:62:cd:15:7e:34:34:3a:45:24:92:
         ad:36:1a:ce:4f:90:dc:2a:9d:8a:10:cf:76:af:b6:86:45:84:
         84:bc:f0:3e:43:9b:16:d4:92:c7:5d:97:43:38:b3:67:c0:ab:
         2c:57:f0:4b:73:04:41:50:cb:3a:6d:d6:eb:13:f4:5c:a8:67:
         cc:58:45:ec:da:b3:62:ba:fe:12:e3:6a:cd:c2:89:c3:f2:eb:
         fc:82:40:c7:dc:bb:1a:01:ba:ec:c3:e9:dd:41:e4:1b:f1:76:
         c4:e1:72:7f:4e:77:66:56:8e:05:54:07:03:65:0f:a2:c9:52:
         e3:34:c8:aa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt5SY+7ikclSxebmx59rXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2M3MDgzNDYwZTFhNGM3MmM0YmM0Mjc2MzEzZDNhODU5
NDRhODcwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNhZGEwY2M2ZWE0ODlmOTg2OTU2YjcxYTkzMGFhMjk0Y2ZjODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxSp6F4lVuO9mfFbWGN15bGAI+nA
dBXsWm2GiOQFT7Ne2HzJRW80DJ++c6MquFG8QnZ2AFVd59V1ndmQaadQnrMx04FZ
L4R6IN71fH0Xa9PBa+3IpLWA2cpDr+A+298uOzg4hU3M9Vm39uIi3e8B7bHiiY1X
4BlOWin2IGhEXXh/23/WR1GrfX6yciMAzVZBdBWuKmFv6ejYL9NnJGqokGLPQB39
vE7DhLtGaVSX3X4QItGtEuS2q/nNjGH8CVfJQHfihWH7/yvdKz03aFQJH8rHobrA
HGiOo4d2bcL1tjH9olPv5MGb5duxNjnHXqA3pwFiBsvifzO8pJnrfedu2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGTK2gzG6kifmGlWtxqTCqKUz8hAMB8GA1UdIwQY
MBaAFEB8cINGDhpMcsS8QnYxPTqFlEqHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2Mjct
OTg1ZWQxNWM5YWViLzEvWk1yYURNYnFTSi1ZYVZhM0dwTUtvcFRQeUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2MjctOTg1ZWQxNWM5YWVi
LzEvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVbYMA0E
AgACMAcDBQMqDuiAMA0GCSqGSIb3DQEBCwUAA4IBAQALUjqh1650jw0iKSRFgiWw
1Vc0uI3wNqDfU9LXZ5aM9jkb30ZNV4C4+3bySSiAolvyzDS9ITiOXch2lYVEi2Qq
97jIhcHlwyhWDjuOOXJLWq/Ho64o706LvyW466efBab9Yf4p0anSXvS6vZFosYaW
GPCDu6aD6SEdSZQ7gLzlay8t+6TCIWLNFX40NDpFJJKtNhrOT5DcKp2KEM92r7aG
RYSEvPA+Q5sW1JLHXZdDOLNnwKssV/BLcwRBUMs6bdbrE/RcqGfMWEXs2rNiuv4S
42rNwonD8uv8gkDH3LsaAbrsw+ndQeQb8XbE4XJ/TndmVo4FVAcDZQ+iyVLjNMiq
-----END CERTIFICATE-----