Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9BZ3fMLYZE9ZezeBLGzEc1pSJNg.roa
File:                     9BZ3fMLYZE9ZezeBLGzEc1pSJNg.roa (raw, json)
Hash identifier:          8u34hDQEttARvtX5XdC0Vb6WGwOGVw5kXbaQva7cMVQ=
Subject key identifier:   F4:16:77:7C:C2:D8:64:4F:59:7B:37:81:2C:6C:C4:73:5A:52:24:D8
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0190A687C737281B0C8A18EDB3A062901A20
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9BZ3fMLYZE9ZezeBLGzEc1pSJNg.roa
Signing time:             Fri 12 Jul 2024 10:40:34 +0000
ROA not before:           Fri 12 Jul 2024 10:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46918
IP address blocks:        45.91.84.0/22 maxlen: 22
                          91.242.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:87:c7:37:28:1b:0c:8a:18:ed:b3:a0:62:90:1a:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul 12 10:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f416777cc2d8644f597b37812c6cc4735a5224d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:47:1a:bd:15:88:87:6a:27:39:fd:7f:39:77:
                    7d:96:c9:13:17:89:ae:02:3c:05:6e:2b:a9:ae:da:
                    e2:24:9e:d2:86:a6:67:b4:9d:dc:79:49:e9:e4:0a:
                    ff:aa:83:1a:97:b5:ea:d4:61:0f:6c:a6:46:77:b7:
                    50:08:05:32:d8:e2:23:5f:c9:e7:d7:7e:92:61:0f:
                    73:4d:bd:3a:fe:a5:a3:25:93:c7:65:10:ed:e6:4c:
                    4c:12:57:b1:db:91:8f:f4:6f:34:da:af:d7:b2:53:
                    b8:4f:ae:4f:7e:69:05:61:62:80:bc:6f:11:60:57:
                    e8:14:0b:71:ee:bd:19:8f:10:bf:c7:c5:01:b5:13:
                    9e:3e:64:26:03:8c:3d:60:49:a3:48:57:22:3c:72:
                    14:61:f8:dd:65:64:77:dc:4f:70:8b:78:18:88:8a:
                    cf:53:6d:10:6d:aa:4c:68:24:40:4d:d5:12:45:6a:
                    68:0d:a8:9a:a6:7e:ba:44:ef:bb:0c:06:44:e0:5d:
                    54:61:92:fd:6e:b2:96:01:7d:8c:65:6f:a2:50:f6:
                    bc:da:c7:79:a8:ff:38:29:db:e9:19:05:85:06:81:
                    21:fa:ea:fe:2a:58:8b:63:2b:34:5e:b3:8e:66:79:
                    ac:95:cf:c3:ec:38:47:6d:df:3d:8e:87:ac:36:96:
                    e7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:16:77:7C:C2:D8:64:4F:59:7B:37:81:2C:6C:C4:73:5A:52:24:D8
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9BZ3fMLYZE9ZezeBLGzEc1pSJNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.84.0/22
                  91.242.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:8f:88:51:a3:d8:dc:85:bc:62:a0:7d:9d:71:9d:ba:a1:61:
         d2:d0:70:92:e5:ab:84:b1:69:46:52:cb:56:e6:59:b7:f7:fc:
         bf:7f:41:02:d0:ee:ae:88:8c:79:fa:bc:23:34:e8:45:be:b3:
         bf:59:be:5c:a3:e4:87:26:92:ab:0d:d1:98:e7:9d:60:f2:a8:
         c1:23:65:e1:30:07:a2:82:68:29:ec:b1:cd:41:19:c8:23:33:
         71:cc:4e:3f:ef:4e:df:59:d1:78:d6:40:4e:05:54:c1:f0:d4:
         b4:d5:a1:1e:66:f9:43:ba:06:4b:e9:1d:23:0d:12:43:57:d3:
         90:a4:6a:87:33:b3:29:1d:33:b8:9b:bc:f7:72:ea:ab:b5:6f:
         46:75:93:77:92:17:cc:f3:30:f8:33:71:bd:e4:42:0e:36:fe:
         b2:0d:bc:cb:4c:75:97:5a:bd:34:e2:b1:b2:b9:85:c4:e6:c0:
         58:80:3d:52:1b:0d:29:67:30:21:58:2e:30:91:a3:36:fa:22:
         89:ee:b4:47:db:dc:c3:e3:a7:47:14:3d:04:ae:20:ec:5f:fa:
         e9:ce:f3:34:95:06:ff:74:54:5b:5f:17:e2:32:6d:b5:d3:43:
         a4:17:ad:76:3d:4d:92:96:3e:51:22:e5:2c:b0:3d:5c:74:37:
         44:03:d3:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCmh8c3KBsMihjts6BikBogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNzEyMTA0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE2Nzc3Y2MyZDg2NDRmNTk3YjM3ODEyYzZjYzQ3MzVhNTIyNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60cavRWIh2onOf1/OXd9lskTF4mu
AjwFbiuprtriJJ7ShqZntJ3ceUnp5Ar/qoMal7Xq1GEPbKZGd7dQCAUy2OIjX8nn
136SYQ9zTb06/qWjJZPHZRDt5kxMElex25GP9G802q/XslO4T65PfmkFYWKAvG8R
YFfoFAtx7r0ZjxC/x8UBtROePmQmA4w9YEmjSFciPHIUYfjdZWR33E9wi3gYiIrP
U20QbapMaCRATdUSRWpoDaiapn66RO+7DAZE4F1UYZL9brKWAX2MZW+iUPa82sd5
qP84KdvpGQWFBoEh+ur+KliLYys0XrOOZnmslc/D7DhHbd89joesNpbnRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQWd3zC2GRPWXs3gSxsxHNaUiTYMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvOUJaM2ZNTFlaRTlaZXplQkxHekVjMXBTSk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVtUAwQC
W/JAMA0GCSqGSIb3DQEBCwUAA4IBAQAVj4hRo9jchbxioH2dcZ26oWHS0HCS5auE
sWlGUstW5lm39/y/f0EC0O6uiIx5+rwjNOhFvrO/Wb5co+SHJpKrDdGY551g8qjB
I2XhMAeigmgp7LHNQRnIIzNxzE4/707fWdF41kBOBVTB8NS01aEeZvlDugZL6R0j
DRJDV9OQpGqHM7MpHTO4m7z3cuqrtW9GdZN3khfM8zD4M3G95EIONv6yDbzLTHWX
Wr004rGyuYXE5sBYgD1SGw0pZzAhWC4wkaM2+iKJ7rRH29zD46dHFD0EriDsX/rp
zvM0lQb/dFRbXxfiMm2100OkF612PU2Slj5RIuUssD1cdDdEA9Og
-----END CERTIFICATE-----