Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/sVjQyKTaYio-xI55QKvTIAL8SFE.roa
File:                     sVjQyKTaYio-xI55QKvTIAL8SFE.roa (raw, json)
Hash identifier:          48eTXfVvXYFhB0jETYdJ/Plmu14BJpmCKv5vsDykRhM=
Subject key identifier:   B1:58:D0:C8:A4:DA:62:2A:3E:C4:8E:79:40:AB:D3:20:02:FC:48:51
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB35107FC9B1F5B62386343F61D606
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/sVjQyKTaYio-xI55QKvTIAL8SFE.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205835
IP address blocks:        45.15.64.0/22 maxlen: 22
                          178.175.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:35:10:7f:c9:b1:f5:b6:23:86:34:3f:61:d6:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b158d0c8a4da622a3ec48e7940abd32002fc4851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0d:8d:2c:12:74:4a:c7:e1:8f:af:c0:5e:5a:
                    65:34:9c:4c:bf:42:4c:84:7b:2e:43:1a:8b:42:47:
                    a8:7e:09:6c:ef:d8:5a:2d:9d:7b:10:da:37:88:fc:
                    05:ec:e1:fe:20:33:c3:d2:b9:2e:59:0e:99:a8:85:
                    c6:1d:13:35:08:36:86:f5:62:75:1a:68:e2:5d:fa:
                    dd:a2:dd:33:c1:fa:91:47:66:cd:28:d5:e6:6c:b3:
                    e7:60:f1:4a:da:b8:5e:b4:c4:08:02:c6:57:20:92:
                    30:a9:8d:27:f7:10:68:6a:b3:b0:52:69:f4:86:23:
                    74:84:4e:00:f4:25:e7:d5:0f:e9:49:ef:97:0e:8a:
                    71:e9:1b:2d:7b:0e:15:59:74:a6:2a:f1:9d:17:94:
                    f7:b9:dd:76:a9:26:57:dc:cd:37:e1:88:e4:44:93:
                    43:e4:10:c5:39:dd:cc:b0:a2:98:35:45:3e:b7:39:
                    dd:ee:c7:05:06:b1:7b:61:87:f5:53:a2:b2:69:01:
                    29:88:78:ea:18:3d:54:d0:d7:e0:ca:0b:da:69:0c:
                    7f:3f:ef:e9:46:f9:d9:5f:33:52:9c:53:75:d8:71:
                    1e:93:ac:20:0a:8d:16:37:65:cc:0e:7c:2b:57:95:
                    78:d0:0c:da:24:a6:15:cd:37:8d:0d:8e:7a:6a:cc:
                    5b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:58:D0:C8:A4:DA:62:2A:3E:C4:8E:79:40:AB:D3:20:02:FC:48:51
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/sVjQyKTaYio-xI55QKvTIAL8SFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  178.175.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:c2:d7:26:fc:cd:a2:ab:c2:e9:37:81:1b:fc:e6:28:1d:b4:
         04:f1:10:cb:8c:ee:01:7d:0d:75:74:bc:4a:20:30:2e:42:24:
         84:e5:e7:90:52:28:02:eb:98:99:28:ba:1e:13:af:ab:36:66:
         48:01:cb:ec:50:5b:6d:12:3c:eb:eb:35:69:ba:a6:9c:5d:e4:
         21:cc:fe:68:1b:8e:ad:c1:51:39:c8:0d:47:5d:cf:65:87:8b:
         b2:0e:3b:2c:7c:1e:45:35:1d:ac:5d:20:4c:9c:e3:12:e8:34:
         66:46:73:c2:56:d1:41:7b:ea:e2:57:9b:52:c1:1c:0a:3c:2d:
         3c:95:4b:19:e6:16:b4:53:b5:29:e9:8f:18:17:3e:7a:20:45:
         f9:5b:4a:f0:cb:96:e5:7a:09:b5:cc:dc:f9:c0:97:e6:b7:12:
         fa:3d:34:26:f0:aa:1c:0b:75:f4:0d:f9:b2:ad:7e:b5:f6:53:
         90:8b:72:06:b1:74:a9:96:c5:e7:77:aa:11:44:9f:17:1e:dc:
         da:6a:4b:b6:78:fc:9d:47:0f:4d:1d:a1:a0:e0:83:25:b2:f1:
         bb:b7:82:c4:01:90:e4:47:a6:3d:36:ef:39:78:13:33:7f:08:
         3d:0b:e8:c5:b7:d9:4a:a9:84:1f:1b:16:fd:13:8b:1e:ac:f6:
         57:1d:3f:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2zUQf8mx9bYjhjQ/YdYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU4ZDBjOGE0ZGE2MjJhM2VjNDhlNzk0MGFiZDMyMDAyZmM0ODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA2NLBJ0Ssfhj6/AXlplNJxMv0JM
hHsuQxqLQkeofgls79haLZ17ENo3iPwF7OH+IDPD0rkuWQ6ZqIXGHRM1CDaG9WJ1
GmjiXfrdot0zwfqRR2bNKNXmbLPnYPFK2rhetMQIAsZXIJIwqY0n9xBoarOwUmn0
hiN0hE4A9CXn1Q/pSe+XDopx6Rstew4VWXSmKvGdF5T3ud12qSZX3M034YjkRJND
5BDFOd3MsKKYNUU+tznd7scFBrF7YYf1U6KyaQEpiHjqGD1U0NfgygvaaQx/P+/p
RvnZXzNSnFN12HEek6wgCo0WN2XMDnwrV5V40AzaJKYVzTeNDY56asxbmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLFY0Mik2mIqPsSOeUCr0yAC/EhRMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvc1ZqUXlLVGFZaW8teEk1NVFLdlRJQUw4U0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQ9AAwQC
sq+wMA0GCSqGSIb3DQEBCwUAA4IBAQAswtcm/M2iq8LpN4Eb/OYoHbQE8RDLjO4B
fQ11dLxKIDAuQiSE5eeQUigC65iZKLoeE6+rNmZIAcvsUFttEjzr6zVpuqacXeQh
zP5oG46twVE5yA1HXc9lh4uyDjssfB5FNR2sXSBMnOMS6DRmRnPCVtFBe+riV5tS
wRwKPC08lUsZ5ha0U7Up6Y8YFz56IEX5W0rwy5blegm1zNz5wJfmtxL6PTQm8Koc
C3X0DfmyrX619lOQi3IGsXSplsXnd6oRRJ8XHtzaaku2ePydRw9NHaGg4IMlsvG7
t4LEAZDkR6Y9Nu85eBMzfwg9C+jFt9lKqYQfGxb9E4serPZXHT8Y
-----END CERTIFICATE-----