Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/qvikn5ZgxWf37NDNFyW827JdsB0.roa
File:                     qvikn5ZgxWf37NDNFyW827JdsB0.roa (raw, json)
Hash identifier:          gZKXg0tNqz0GBg5HvV+KAPlunSMRGHgC5oYaa40zouQ=
Subject key identifier:   AA:F8:A4:9F:96:60:C5:67:F7:EC:D0:CD:17:25:BC:DB:B2:5D:B0:1D
Certificate issuer:       /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial:       018D8E9902A3346ED681E3D518A835761E55
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/qvikn5ZgxWf37NDNFyW827JdsB0.roa
Signing time:             Fri 09 Feb 2024 16:00:08 +0000
ROA not before:           Fri 09 Feb 2024 16:00:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        45.93.12.0/24 maxlen: 24
                          45.93.14.0/24 maxlen: 24
                          45.93.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:99:02:a3:34:6e:d6:81:e3:d5:18:a8:35:76:1e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
        Validity
            Not Before: Feb  9 16:00:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaf8a49f9660c567f7ecd0cd1725bcdbb25db01d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7e:b0:e6:c6:56:23:fb:86:33:fe:4e:ce:8d:
                    14:96:53:6c:fd:09:cf:25:11:09:2c:16:13:4e:d5:
                    b0:20:e0:c5:b8:23:fa:c1:8c:6b:a9:e6:31:30:c6:
                    07:4f:60:65:d8:51:bc:62:b7:88:64:44:1f:4f:10:
                    9b:1f:35:4b:cb:c8:44:48:53:60:7a:e6:64:6e:d1:
                    80:8c:2b:e3:d9:7c:f6:a3:73:9b:d0:fd:dd:97:e0:
                    4b:6f:85:d9:58:6f:95:90:27:69:7e:1b:5f:47:89:
                    6d:07:69:cf:35:27:2f:5a:f9:c0:07:ea:74:9c:c5:
                    22:64:68:ca:fc:04:fe:9b:1b:0a:2a:74:4e:40:32:
                    c3:db:b4:b9:26:13:98:09:61:8e:94:85:66:18:28:
                    35:55:ab:5a:3a:66:43:b7:a9:c6:46:70:a3:b1:38:
                    cf:8e:0b:5a:91:6a:42:77:e9:38:e1:60:0d:c9:78:
                    e3:cd:3b:45:aa:bf:48:7c:57:9f:fb:4e:b4:59:37:
                    05:05:cf:d7:92:96:a8:50:a2:b2:5d:05:33:c1:49:
                    18:54:56:7d:ce:65:45:72:ee:bf:27:d9:3a:f1:8c:
                    a5:59:67:6c:00:dd:f0:21:02:d2:9c:16:f4:79:8c:
                    25:ee:ea:63:17:57:64:27:79:db:d7:68:5a:c5:19:
                    85:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F8:A4:9F:96:60:C5:67:F7:EC:D0:CD:17:25:BC:DB:B2:5D:B0:1D
            X509v3 Authority Key Identifier:
                keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/qvikn5ZgxWf37NDNFyW827JdsB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.12.0/24
                  45.93.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:a5:af:6e:13:c6:f2:d3:89:c3:2a:5f:86:f1:63:8c:89:56:
         24:b4:75:65:36:a3:02:2e:74:81:2b:08:53:cb:db:8b:d9:e2:
         b0:f8:85:70:ce:cb:54:9b:63:9e:d4:9a:1f:5c:c9:20:9a:71:
         02:74:c1:dd:5e:b8:94:72:92:90:e1:b0:48:7a:8c:8b:6d:83:
         3f:ad:83:8d:b1:6a:9f:1f:92:9d:e8:91:b1:45:3b:5b:91:2a:
         69:f3:92:ee:f0:98:0c:cc:95:cc:c4:18:6c:0b:2e:50:76:24:
         e9:74:c2:00:7d:a7:ad:9a:63:e0:3c:bf:3a:fc:86:1d:5e:d7:
         9d:8f:15:40:a6:65:68:1a:b3:d6:72:b9:56:2b:56:36:8b:cc:
         3f:6e:22:d8:51:91:ad:b9:6d:54:63:b8:48:82:ac:47:4d:7d:
         21:64:15:d7:6d:b3:44:70:d8:c0:13:e6:d8:d1:de:7a:53:94:
         20:fb:98:fa:96:d5:a3:73:f3:4b:ee:63:cf:42:02:83:0e:c7:
         65:e9:83:19:84:f0:61:42:4f:38:cf:58:af:02:37:24:9a:b2:
         77:47:6a:86:4e:c4:f7:19:e9:11:59:09:d6:cc:db:02:39:b5:
         e5:14:a3:a9:b3:10:22:4d:9b:30:7e:cb:af:28:1a:e1:15:0f:
         2e:29:0a:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2OmQKjNG7WgePVGKg1dh5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwMjA5MTYwMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWY4YTQ5Zjk2NjBjNTY3ZjdlY2QwY2QxNzI1YmNkYmIyNWRiMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH6w5sZWI/uGM/5Ozo0UllNs/QnP
JREJLBYTTtWwIODFuCP6wYxrqeYxMMYHT2Bl2FG8YreIZEQfTxCbHzVLy8hESFNg
euZkbtGAjCvj2Xz2o3Ob0P3dl+BLb4XZWG+VkCdpfhtfR4ltB2nPNScvWvnAB+p0
nMUiZGjK/AT+mxsKKnROQDLD27S5JhOYCWGOlIVmGCg1VataOmZDt6nGRnCjsTjP
jgtakWpCd+k44WANyXjjzTtFqr9IfFef+060WTcFBc/XkpaoUKKyXQUzwUkYVFZ9
zmVFcu6/J9k68YylWWdsAN3wIQLSnBb0eYwl7upjF1dkJ3nb12haxRmF2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKr4pJ+WYMVn9+zQzRclvNuyXbAdMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvcXZpa241Wmd4V2YzN05ETkZ5VzgyN0pkc0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV0MAwQB
LV0OMA0GCSqGSIb3DQEBCwUAA4IBAQBnpa9uE8by04nDKl+G8WOMiVYktHVlNqMC
LnSBKwhTy9uL2eKw+IVwzstUm2Oe1JofXMkgmnECdMHdXriUcpKQ4bBIeoyLbYM/
rYONsWqfH5Kd6JGxRTtbkSpp85Lu8JgMzJXMxBhsCy5QdiTpdMIAfaetmmPgPL86
/IYdXtedjxVApmVoGrPWcrlWK1Y2i8w/biLYUZGtuW1UY7hIgqxHTX0hZBXXbbNE
cNjAE+bY0d56U5Qg+5j6ltWjc/NL7mPPQgKDDsdl6YMZhPBhQk84z1ivAjckmrJ3
R2qGTsT3GekRWQnWzNsCObXlFKOpsxAiTZswfsuvKBrhFQ8uKQqY
-----END CERTIFICATE-----