Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/mIrQ28tnpx-QYEwdsWQkNK-f2Q8.roa
File:                     mIrQ28tnpx-QYEwdsWQkNK-f2Q8.roa (raw, json)
Hash identifier:          aGpLzdsQQQndPxfizYqba9lw66mORMtHJFOQUSi+pZg=
Subject key identifier:   98:8A:D0:DB:CB:67:A7:1F:90:60:4C:1D:B1:64:24:34:AF:9F:D9:0F
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       01918E956B9C1A7DAC1FA770467F44BA7843
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/mIrQ28tnpx-QYEwdsWQkNK-f2Q8.roa
Signing time:             Mon 26 Aug 2024 12:07:22 +0000
ROA not before:           Mon 26 Aug 2024 12:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48430
IP address blocks:        45.91.52.0/22 maxlen: 22
                          45.155.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:95:6b:9c:1a:7d:ac:1f:a7:70:46:7f:44:ba:78:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Aug 26 12:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=988ad0dbcb67a71f90604c1db1642434af9fd90f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:56:3d:be:70:21:8e:16:92:e8:6a:c3:6f:f0:
                    fa:a7:37:a8:b3:fa:fb:75:f4:23:4b:69:60:e5:e7:
                    ef:d3:04:03:0b:69:71:c8:0c:54:4e:01:e6:1e:7d:
                    58:77:1e:d4:bc:97:3b:fa:80:5c:d2:c3:a5:70:c8:
                    ae:e2:e0:c7:4b:b0:69:c5:e4:cb:ca:d4:91:eb:5f:
                    f4:ad:61:79:6d:c1:c4:8e:a9:0b:d6:a9:d8:2d:7b:
                    cb:a2:6e:4b:19:a8:3e:ad:7f:08:ae:36:b0:9c:7e:
                    d9:55:d5:ec:4c:c7:8b:2c:a6:15:07:27:7b:f9:70:
                    2e:88:bb:2b:d5:4e:5d:8a:e5:18:70:9c:e2:84:5a:
                    78:62:45:6b:ec:16:91:9b:c2:fd:50:35:7b:6c:de:
                    50:80:93:12:bd:8d:4e:3b:03:73:b2:65:8e:4d:3b:
                    08:f0:9f:3f:a0:58:f1:e6:c6:3d:ae:49:ac:ea:3b:
                    0c:9f:a2:d5:b1:fd:c5:ba:11:ca:2e:d2:b5:7c:74:
                    e1:58:27:06:43:60:6d:22:0d:81:b8:3f:db:66:c4:
                    5b:e0:0c:57:c5:67:16:01:90:3b:35:0e:71:bd:24:
                    76:c3:2d:c8:68:ab:14:8e:e0:fa:b0:57:36:07:45:
                    e5:db:eb:01:3e:ec:e2:f2:9b:f2:26:a7:75:07:b6:
                    f1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8A:D0:DB:CB:67:A7:1F:90:60:4C:1D:B1:64:24:34:AF:9F:D9:0F
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/mIrQ28tnpx-QYEwdsWQkNK-f2Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.52.0/22
                  45.155.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ea:1d:aa:59:08:36:60:99:43:6f:91:45:0b:3b:9d:16:b9:cc:
         20:94:8e:8d:be:28:78:1b:3d:20:06:df:4d:ba:27:2d:22:b4:
         ad:62:94:a2:a5:c1:a0:5e:75:4b:85:80:22:d0:94:56:fb:a4:
         b5:94:b3:ab:c0:07:6a:12:00:71:2c:42:ed:66:e5:0d:56:87:
         3f:02:a1:74:7e:d5:83:db:ae:6a:1b:42:9a:5e:96:07:55:1b:
         38:4c:76:da:10:fe:71:8a:19:ba:cf:c0:84:d6:0b:24:5e:5c:
         79:14:88:7c:fb:da:c9:9f:c9:39:9b:60:ac:84:66:15:0b:4c:
         6e:ba:64:0d:22:f7:49:1a:f2:8d:d8:9d:ea:60:13:58:df:74:
         e5:25:b0:22:34:46:e4:ea:3d:28:7f:41:d3:30:70:b2:18:71:
         41:12:22:67:06:46:bc:7b:21:77:0f:6c:b3:8a:9b:c7:9c:d2:
         be:1f:ba:bc:52:e9:87:6b:c0:0a:ca:71:96:4a:89:24:12:e4:
         9d:d8:2b:a9:ee:bf:1f:f1:3f:90:29:20:00:af:e8:f1:dd:2b:
         69:b9:b3:56:de:6c:81:a9:52:8e:bc:d3:d5:0d:a6:e6:9a:27:
         9c:9c:8c:e6:2e:da:68:89:f0:0c:50:79:41:8f:bd:be:39:b6:
         9f:9f:18:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGOlWucGn2sH6dwRn9EunhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwODI2MTIwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhhZDBkYmNiNjdhNzFmOTA2MDRjMWRiMTY0MjQzNGFmOWZkOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFY9vnAhjhaS6GrDb/D6pzeos/r7
dfQjS2lg5efv0wQDC2lxyAxUTgHmHn1Ydx7UvJc7+oBc0sOlcMiu4uDHS7BpxeTL
ytSR61/0rWF5bcHEjqkL1qnYLXvLom5LGag+rX8IrjawnH7ZVdXsTMeLLKYVByd7
+XAuiLsr1U5diuUYcJzihFp4YkVr7BaRm8L9UDV7bN5QgJMSvY1OOwNzsmWOTTsI
8J8/oFjx5sY9rkms6jsMn6LVsf3FuhHKLtK1fHThWCcGQ2BtIg2BuD/bZsRb4AxX
xWcWAZA7NQ5xvSR2wy3IaKsUjuD6sFc2B0Xl2+sBPuzi8pvyJqd1B7bxUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJiK0NvLZ6cfkGBMHbFkJDSvn9kPMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvbUlyUTI4dG5weC1RWUV3ZHNXUWtOSy1mMlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVs0AwQC
LZs0MA0GCSqGSIb3DQEBCwUAA4IBAQDqHapZCDZgmUNvkUULO50WucwglI6Nvih4
Gz0gBt9NuictIrStYpSipcGgXnVLhYAi0JRW+6S1lLOrwAdqEgBxLELtZuUNVoc/
AqF0ftWD265qG0KaXpYHVRs4THbaEP5xihm6z8CE1gskXlx5FIh8+9rJn8k5m2Cs
hGYVC0xuumQNIvdJGvKN2J3qYBNY33TlJbAiNEbk6j0of0HTMHCyGHFBEiJnBka8
eyF3D2yzipvHnNK+H7q8UumHa8AKynGWSokkEuSd2Cup7r8f8T+QKSAAr+jx3Stp
ubNW3myBqVKOvNPVDabmmiecnIzmLtpoifAMUHlBj72+Obafnxiu
-----END CERTIFICATE-----