Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/1dR2R-7hlcf2EODtbBHqMUyzpQU.roa
File:                     1dR2R-7hlcf2EODtbBHqMUyzpQU.roa (raw, json)
Hash identifier:          VRGbRCNqbZWvcwu+EGZRgdGzim90389vWdJj45CVHPg=
Subject key identifier:   D5:D4:76:47:EE:E1:95:C7:F6:10:E0:ED:6C:11:EA:31:4C:B3:A5:05
Certificate issuer:       /CN=8b91e0a104b5b3ddf1f5d08e7acb2b79e0d566f9
Certificate serial:       018CC726F02834FFA67D4A27937F4E1BDE30
Authority key identifier: 8B:91:E0:A1:04:B5:B3:DD:F1:F5:D0:8E:7A:CB:2B:79:E0:D5:66:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/1dR2R-7hlcf2EODtbBHqMUyzpQU.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.92.116.0/22 maxlen: 22
                          194.28.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f0:28:34:ff:a6:7d:4a:27:93:7f:4e:1b:de:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b91e0a104b5b3ddf1f5d08e7acb2b79e0d566f9
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5d47647eee195c7f610e0ed6c11ea314cb3a505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9d:a5:b2:b1:cd:e3:78:ef:18:18:4e:a1:34:
                    c4:af:e4:22:7e:e1:57:02:af:17:cd:10:20:3a:02:
                    62:52:c2:e6:49:f5:02:f1:fb:58:09:be:42:d3:9e:
                    7d:55:64:20:ae:88:63:9e:49:3b:e2:d0:12:64:5f:
                    57:f1:b7:d8:3a:c8:76:54:0e:8d:09:03:2c:ba:53:
                    a0:b4:d7:a8:8b:a7:98:35:4f:3b:c6:04:d8:cc:c7:
                    8d:18:6a:aa:12:b6:79:c6:b3:05:0e:5b:a0:04:91:
                    08:29:9f:29:3d:4d:89:f3:a1:56:52:f6:8f:d4:e6:
                    5f:37:cd:7f:9c:86:0e:e6:36:ca:69:95:06:4a:da:
                    f0:01:ff:e0:17:40:bc:9b:73:1c:db:de:48:22:1a:
                    c9:85:b3:ed:ba:e1:b2:5a:bb:6a:9c:37:2a:06:e9:
                    f7:f9:5d:36:d3:64:a4:6b:a7:fb:9f:a6:7c:27:97:
                    f4:23:40:f8:8a:64:3c:75:42:44:44:65:28:b0:ac:
                    77:3a:3f:a9:39:28:74:db:8e:a7:1a:8b:45:73:be:
                    2a:11:2c:1f:ba:0d:55:b2:14:2a:8b:9c:00:12:34:
                    e1:c6:40:68:dd:95:e4:34:ee:a8:4d:3f:4f:9b:e6:
                    c4:e0:4f:7d:f3:f7:17:30:7e:92:2f:6b:5b:93:5d:
                    29:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D4:76:47:EE:E1:95:C7:F6:10:E0:ED:6C:11:EA:31:4C:B3:A5:05
            X509v3 Authority Key Identifier:
                keyid:8B:91:E0:A1:04:B5:B3:DD:F1:F5:D0:8E:7A:CB:2B:79:E0:D5:66:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/1dR2R-7hlcf2EODtbBHqMUyzpQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.116.0/22
                  194.28.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d2:9d:cd:5c:17:b3:ba:68:77:bc:a6:e8:75:53:7f:19:2e:96:
         6b:e7:38:61:02:22:2f:17:6f:5b:ad:85:6b:36:a7:63:c0:fc:
         7e:73:7f:07:3d:b1:63:c6:85:e7:e9:9f:0e:c8:d9:53:7e:62:
         b3:0d:50:6f:7c:1c:8f:7d:a3:d0:0c:7e:0d:e5:e6:3c:ef:60:
         4d:c5:02:94:8f:41:e6:65:44:79:2a:34:6f:1b:75:4b:df:f3:
         24:5b:7d:6c:b2:99:5e:20:bd:68:9b:c5:dd:1a:2f:19:c0:86:
         50:f4:89:85:3f:17:5f:f2:49:81:26:11:76:ab:bf:0b:c4:b1:
         3f:67:d9:3d:84:9f:42:04:76:c7:53:d4:a6:0a:2f:f4:e4:26:
         ce:18:b5:bd:d6:1f:fa:25:56:e4:08:11:d9:26:c3:16:76:22:
         5d:1c:78:80:f3:4f:08:3a:c5:88:54:d3:45:86:9d:c3:e6:bc:
         b7:8d:75:8e:e5:dc:c6:78:4d:27:d9:06:c9:44:e5:ea:f3:c6:
         97:4a:54:ff:74:21:5e:82:92:c7:24:07:b2:81:e5:f6:06:9f:
         81:27:82:b3:be:e2:a9:cd:74:6f:aa:01:58:4a:a9:3d:33:37:
         1f:9e:67:9f:c5:1b:45:69:ec:79:e6:73:90:01:eb:f1:c1:90:
         1b:44:1e:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJvAoNP+mfUonk39OG94wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTFlMGExMDRiNWIzZGRmMWY1ZDA4ZTdhY2IyYjc5ZTBk
NTY2ZjkwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWQ0NzY0N2VlZTE5NWM3ZjYxMGUwZWQ2YzExZWEzMTRjYjNhNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ2lsrHN43jvGBhOoTTEr+QifuFX
Aq8XzRAgOgJiUsLmSfUC8ftYCb5C0559VWQgrohjnkk74tASZF9X8bfYOsh2VA6N
CQMsulOgtNeoi6eYNU87xgTYzMeNGGqqErZ5xrMFDlugBJEIKZ8pPU2J86FWUvaP
1OZfN81/nIYO5jbKaZUGStrwAf/gF0C8m3Mc295IIhrJhbPtuuGyWrtqnDcqBun3
+V0202Ska6f7n6Z8J5f0I0D4imQ8dUJERGUosKx3Oj+pOSh0246nGotFc74qESwf
ug1VshQqi5wAEjThxkBo3ZXkNO6oTT9Pm+bE4E998/cXMH6SL2tbk10pPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNXUdkfu4ZXH9hDg7WwR6jFMs6UFMB8GA1UdIwQY
MBaAFIuR4KEEtbPd8fXQjnrLK3ng1Wb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVIZ29RUzFzOTN4OWRDT2Vzc3JlZURWWnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kZmJmYzQtY2MzZi00NzdjLThkNzYt
YThjNTc2MjI0YmEyLzEvMWRSMlItN2hsY2YyRU9EdGJCSHFNVXl6cFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kZmJmYzQtY2MzZi00NzdjLThkNzYtYThjNTc2MjI0YmEy
LzEvaTVIZ29RUzFzOTN4OWRDT2Vzc3JlZURWWnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVx0AwQB
whwuMA0GCSqGSIb3DQEBCwUAA4IBAQDSnc1cF7O6aHe8puh1U38ZLpZr5zhhAiIv
F29brYVrNqdjwPx+c38HPbFjxoXn6Z8OyNlTfmKzDVBvfByPfaPQDH4N5eY872BN
xQKUj0HmZUR5KjRvG3VL3/MkW31sspleIL1om8XdGi8ZwIZQ9ImFPxdf8kmBJhF2
q78LxLE/Z9k9hJ9CBHbHU9SmCi/05CbOGLW91h/6JVbkCBHZJsMWdiJdHHiA808I
OsWIVNNFhp3D5ry3jXWO5dzGeE0n2QbJROXq88aXSlT/dCFegpLHJAeygeX2Bp+B
J4KzvuKpzXRvqgFYSqk9MzcfnmefxRtFaex55nOQAevxwZAbRB6s
-----END CERTIFICATE-----