Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/ff03a3-31a1-4da1-b8e9-7a0b3d5d9156/1/x8TzX6LqqX9zL7MFdq_g__iLtws.roa
File:                     x8TzX6LqqX9zL7MFdq_g__iLtws.roa (raw, json)
Hash identifier:          eMdumGDEicNvqqjxsqLYnbsXifkwcWbeSJ7g1rnWjqY=
Subject key identifier:   C7:C4:F3:5F:A2:EA:A9:7F:73:2F:B3:05:76:AF:E0:FF:F8:8B:B7:0B
Certificate issuer:       /CN=de085b0d1bbf9e781b154b06f7b9141129db775f
Certificate serial:       018CC3B6A153C1BF2B9B2571273850A1CB01
Authority key identifier: DE:08:5B:0D:1B:BF:9E:78:1B:15:4B:06:F7:B9:14:11:29:DB:77:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ghbDRu_nngbFUsG97kUESnbd18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/ff03a3-31a1-4da1-b8e9-7a0b3d5d9156/1/x8TzX6LqqX9zL7MFdq_g__iLtws.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208651
IP address blocks:        45.91.152.0/22 maxlen: 22
                          45.91.152.0/24 maxlen: 24
                          45.91.153.0/24 maxlen: 24
                          45.91.154.0/24 maxlen: 24
                          45.91.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/ff03a3-31a1-4da1-b8e9-7a0b3d5d9156/1/3ghbDRu_nngbFUsG97kUESnbd18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/ff03a3-31a1-4da1-b8e9-7a0b3d5d9156/1/3ghbDRu_nngbFUsG97kUESnbd18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ghbDRu_nngbFUsG97kUESnbd18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a1:53:c1:bf:2b:9b:25:71:27:38:50:a1:cb:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de085b0d1bbf9e781b154b06f7b9141129db775f
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7c4f35fa2eaa97f732fb30576afe0fff88bb70b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3e:c5:6e:1d:36:d0:82:a8:0a:01:5c:b2:80:
                    b1:4a:d3:64:eb:92:f5:05:0f:ec:f0:ad:2f:40:81:
                    08:93:b6:51:c7:0e:92:2e:a9:f2:ec:bb:58:a5:7f:
                    2e:20:90:f5:5a:5c:b6:69:34:96:ab:14:44:d6:83:
                    5e:74:0b:e8:28:d4:4f:2b:42:f0:da:c4:fc:bc:df:
                    fa:4c:b4:f0:05:a9:a4:23:16:24:2f:53:18:d9:26:
                    71:16:de:8a:52:86:c4:ef:74:7b:91:7a:cb:40:69:
                    52:bc:10:fc:2e:88:21:bc:66:e9:fb:a1:15:a6:e3:
                    0e:42:4a:f0:76:87:23:c5:f7:68:ce:d0:d0:9f:8f:
                    6b:c9:4a:45:2c:b0:b2:d2:bc:85:25:b8:27:db:e7:
                    6f:fa:8d:32:c9:2a:df:6e:90:4d:59:21:bd:8b:f5:
                    f7:65:e8:f0:4c:d4:86:d6:24:ba:1c:3f:65:9f:39:
                    1c:2e:b5:03:e5:4b:a0:1e:94:3a:b4:a7:3f:8d:64:
                    d8:50:cb:c6:9f:90:8d:1b:fc:06:d2:54:6f:8c:dc:
                    b6:4e:98:3e:a1:77:4f:90:89:05:12:39:e0:92:10:
                    d9:78:82:c8:bd:3a:27:8d:f3:16:95:78:1b:df:e1:
                    fc:55:02:5d:19:35:54:09:84:2b:0c:55:0b:ee:d3:
                    cd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C4:F3:5F:A2:EA:A9:7F:73:2F:B3:05:76:AF:E0:FF:F8:8B:B7:0B
            X509v3 Authority Key Identifier:
                keyid:DE:08:5B:0D:1B:BF:9E:78:1B:15:4B:06:F7:B9:14:11:29:DB:77:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ghbDRu_nngbFUsG97kUESnbd18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/ff03a3-31a1-4da1-b8e9-7a0b3d5d9156/1/x8TzX6LqqX9zL7MFdq_g__iLtws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/ff03a3-31a1-4da1-b8e9-7a0b3d5d9156/1/3ghbDRu_nngbFUsG97kUESnbd18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:70:8a:59:45:9e:a7:75:37:c8:67:f1:ff:ed:65:f4:ba:53:
         f1:91:a5:53:ce:1e:b4:51:1d:9a:50:a2:ba:9a:4a:fa:fe:b6:
         f0:8a:7f:d7:94:d5:70:eb:ec:e2:cc:86:77:68:57:51:09:83:
         43:66:14:fa:0f:4a:d6:73:6b:1a:e4:a9:fa:f9:39:fc:7f:23:
         8a:1c:d2:fc:3e:a4:7c:cf:22:d2:87:0b:17:1c:c6:1a:eb:bc:
         a4:5c:f5:db:be:c5:6a:31:bd:16:bc:c2:a2:14:2a:df:a4:a9:
         f3:b3:8f:98:d1:84:65:a9:09:8a:49:94:11:c9:78:c3:36:38:
         0f:59:cc:53:b6:df:2b:1c:97:f7:13:6e:12:b7:ef:48:42:aa:
         4a:ea:57:e8:39:0f:64:85:5c:b2:7d:c0:01:b8:dc:81:6c:28:
         93:b0:9f:8d:14:07:73:da:db:b0:97:54:73:35:df:7f:99:12:
         dc:cd:a2:eb:ec:3f:ff:27:53:53:8c:ad:e7:21:f5:45:3e:5b:
         b3:a1:9e:37:1b:8f:d2:6c:58:86:e4:c2:d8:7b:2e:16:53:c2:
         9d:2b:92:07:e6:06:5a:a2:79:5f:28:05:57:06:2f:2c:83:12:
         b1:03:fb:11:5d:71:d9:5f:86:d0:58:fa:2c:9d:83:fa:48:54:
         3d:da:25:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqFTwb8rmyVxJzhQocsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMDg1YjBkMWJiZjllNzgxYjE1NGIwNmY3YjkxNDExMjlk
Yjc3NWYwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2M0ZjM1ZmEyZWFhOTdmNzMyZmIzMDU3NmFmZTBmZmY4OGJiNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT7Fbh020IKoCgFcsoCxStNk65L1
BQ/s8K0vQIEIk7ZRxw6SLqny7LtYpX8uIJD1Wly2aTSWqxRE1oNedAvoKNRPK0Lw
2sT8vN/6TLTwBamkIxYkL1MY2SZxFt6KUobE73R7kXrLQGlSvBD8LoghvGbp+6EV
puMOQkrwdocjxfdoztDQn49ryUpFLLCy0ryFJbgn2+dv+o0yySrfbpBNWSG9i/X3
ZejwTNSG1iS6HD9lnzkcLrUD5UugHpQ6tKc/jWTYUMvGn5CNG/wG0lRvjNy2Tpg+
oXdPkIkFEjngkhDZeILIvTonjfMWlXgb3+H8VQJdGTVUCYQrDFUL7tPNYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfE81+i6ql/cy+zBXav4P/4i7cLMB8GA1UdIwQY
MBaAFN4IWw0bv554GxVLBve5FBEp23dfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2doYkRSdV9ubmdiRlVzRzk3a1VFU25iZDE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mZjAzYTMtMzFhMS00ZGExLWI4ZTkt
N2EwYjNkNWQ5MTU2LzEveDhUelg2THFxWDl6TDdNRmRxX2dfX2lMdHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mZjAzYTMtMzFhMS00ZGExLWI4ZTktN2EwYjNkNWQ5MTU2
LzEvM2doYkRSdV9ubmdiRlVzRzk3a1VFU25iZDE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVuYMA0G
CSqGSIb3DQEBCwUAA4IBAQA0cIpZRZ6ndTfIZ/H/7WX0ulPxkaVTzh60UR2aUKK6
mkr6/rbwin/XlNVw6+zizIZ3aFdRCYNDZhT6D0rWc2sa5Kn6+Tn8fyOKHNL8PqR8
zyLShwsXHMYa67ykXPXbvsVqMb0WvMKiFCrfpKnzs4+Y0YRlqQmKSZQRyXjDNjgP
WcxTtt8rHJf3E24St+9IQqpK6lfoOQ9khVyyfcABuNyBbCiTsJ+NFAdz2tuwl1Rz
Nd9/mRLczaLr7D//J1NTjK3nIfVFPluzoZ43G4/SbFiG5MLYey4WU8KdK5IH5gZa
onlfKAVXBi8sgxKxA/sRXXHZX4bQWPosnYP6SFQ92iUc
-----END CERTIFICATE-----