Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ihIQ2YjrJaZj4RbfTaEOSqxys-E.roa
File:                     ihIQ2YjrJaZj4RbfTaEOSqxys-E.roa (raw, json)
Hash identifier:          qzx9xw4uwqkrHpS362jKGLcfX8EeeiZAWLUpfr5l4tg=
Subject key identifier:   8A:12:10:D9:88:EB:25:A6:63:E1:16:DF:4D:A1:0E:4A:AC:72:B3:E1
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DD1E8C65C44EFB79E70F65E889210C278
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ihIQ2YjrJaZj4RbfTaEOSqxys-E.roa
Signing time:             Thu 22 Feb 2024 17:41:49 +0000
ROA not before:           Thu 22 Feb 2024 17:41:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208626
IP address blocks:        45.89.69.0/24 maxlen: 24
                          91.188.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:e8:c6:5c:44:ef:b7:9e:70:f6:5e:88:92:10:c2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 22 17:41:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a1210d988eb25a663e116df4da10e4aac72b3e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:18:8d:4e:9f:eb:30:55:0d:4e:54:5b:50:64:
                    a5:2c:d8:77:d7:33:3b:88:59:c9:d0:c9:33:1f:01:
                    67:48:ce:ed:8e:bb:a9:31:90:d4:1d:e4:84:bd:2c:
                    00:45:83:a4:1a:14:b1:2b:b7:89:6a:b4:be:8b:31:
                    d8:57:68:4a:31:c7:99:d4:9d:d9:08:f4:a7:85:c8:
                    1e:fa:70:24:4c:ff:d0:fa:ea:94:2f:51:a0:94:6c:
                    c8:7c:ca:d0:e7:4f:3d:63:9d:7e:52:8f:ec:ef:5b:
                    a1:d1:24:1f:37:ae:ff:0d:2b:6c:91:df:60:a6:e2:
                    0f:8e:6a:d5:ff:83:0c:68:d0:de:ab:02:67:b5:6c:
                    44:fd:a2:9d:0c:69:06:3f:c3:f5:25:75:b9:bd:37:
                    3f:84:8c:89:54:1b:79:51:fd:5b:e3:72:9f:78:35:
                    3f:f8:09:2a:fc:b5:55:f1:0b:31:49:ef:99:b5:51:
                    74:09:23:fc:ca:07:2b:86:31:e1:18:f0:ff:3d:87:
                    c2:75:26:e7:f2:7a:e8:6c:5c:14:25:e5:c6:b8:69:
                    24:b2:a2:1b:50:59:3c:35:c8:d6:4e:f5:a4:80:39:
                    a9:73:e7:b7:be:d0:21:69:ba:fa:5f:fb:b8:b9:13:
                    1a:20:70:34:24:d7:ed:01:69:b6:f1:84:ae:0a:03:
                    da:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:12:10:D9:88:EB:25:A6:63:E1:16:DF:4D:A1:0E:4A:AC:72:B3:E1
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ihIQ2YjrJaZj4RbfTaEOSqxys-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.69.0/24
                  91.188.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:40:11:08:17:7d:9a:26:ef:de:be:2e:f3:9b:cb:26:5c:12:
         9a:10:d2:2f:e7:53:d6:6e:a9:8b:74:1a:55:c1:3e:22:2d:5d:
         77:da:02:a2:53:e1:74:94:a1:46:d6:bc:af:06:6b:2b:b3:67:
         b8:f8:cd:1b:ac:fe:00:b1:d8:e4:be:ae:81:8c:3d:86:02:32:
         0b:b0:92:2a:c2:9d:ea:22:44:48:0d:bd:81:b0:10:49:39:c3:
         bb:79:77:36:4f:33:9e:4b:81:03:23:10:5c:b9:2d:eb:14:6c:
         76:de:d6:64:2e:09:8a:cb:fa:03:9c:54:d4:7c:3b:f5:d4:1c:
         7c:7c:95:a7:aa:46:92:92:6f:2a:bc:b4:cf:1a:3b:81:fc:31:
         6a:55:65:fc:71:9a:10:be:9a:df:9b:d8:48:c4:c0:49:15:7b:
         92:71:22:0a:81:30:29:dc:cb:d2:a3:a8:d2:9e:86:66:b3:d2:
         a5:29:28:6a:55:71:c3:cd:82:60:11:be:79:e4:d5:77:1f:ae:
         ac:3c:1f:12:70:63:99:4a:bd:49:fe:59:f9:b4:0e:cd:bb:1d:
         9e:8f:1d:1f:78:fc:66:a9:85:80:5d:7d:61:b3:63:7f:a6:6d:
         aa:29:f8:e9:65:6a:fc:a1:07:09:c2:55:f2:fb:13:fc:30:bc:
         82:86:c5:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3R6MZcRO+3nnD2XoiSEMJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjIyMTc0MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTEyMTBkOTg4ZWIyNWE2NjNlMTE2ZGY0ZGExMGU0YWFjNzJiM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixiNTp/rMFUNTlRbUGSlLNh31zM7
iFnJ0MkzHwFnSM7tjrupMZDUHeSEvSwARYOkGhSxK7eJarS+izHYV2hKMceZ1J3Z
CPSnhcge+nAkTP/Q+uqUL1GglGzIfMrQ5089Y51+Uo/s71uh0SQfN67/DStskd9g
puIPjmrV/4MMaNDeqwJntWxE/aKdDGkGP8P1JXW5vTc/hIyJVBt5Uf1b43KfeDU/
+Akq/LVV8QsxSe+ZtVF0CSP8ygcrhjHhGPD/PYfCdSbn8nrobFwUJeXGuGkksqIb
UFk8NcjWTvWkgDmpc+e3vtAhabr6X/u4uRMaIHA0JNftAWm28YSuCgPaFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIoSENmI6yWmY+EW302hDkqscrPhMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvaWhJUTJZanJKYVpqNFJiZlRhRU9TcXh5cy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVlFAwQA
W7zeMA0GCSqGSIb3DQEBCwUAA4IBAQBqQBEIF32aJu/evi7zm8smXBKaENIv51PW
bqmLdBpVwT4iLV132gKiU+F0lKFG1ryvBmsrs2e4+M0brP4Asdjkvq6BjD2GAjIL
sJIqwp3qIkRIDb2BsBBJOcO7eXc2TzOeS4EDIxBcuS3rFGx23tZkLgmKy/oDnFTU
fDv11Bx8fJWnqkaSkm8qvLTPGjuB/DFqVWX8cZoQvprfm9hIxMBJFXuScSIKgTAp
3MvSo6jSnoZms9KlKShqVXHDzYJgEb555NV3H66sPB8ScGOZSr1J/ln5tA7Nux2e
jx0fePxmqYWAXX1hs2N/pm2qKfjpZWr8oQcJwlXy+xP8MLyChsVP
-----END CERTIFICATE-----