Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/n0APRDvviU0xEyJLkjFToZ2jTGI.roa
File:                     n0APRDvviU0xEyJLkjFToZ2jTGI.roa (raw, json)
Hash identifier:          tj/C+HsnLk9qfOjapsBbduRdb+BWoLGgFOg1EtMRk+c=
Subject key identifier:   9F:40:0F:44:3B:EF:89:4D:31:13:22:4B:92:31:53:A1:9D:A3:4C:62
Certificate issuer:       /CN=1722e9678fb0d414d2ddfbd2420c4c748263f34b
Certificate serial:       018CC64B8349477DE198884F816678158EF7
Authority key identifier: 17:22:E9:67:8F:B0:D4:14:D2:DD:FB:D2:42:0C:4C:74:82:63:F3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyLpZ4-w1BTS3fvSQgxMdIJj80s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/n0APRDvviU0xEyJLkjFToZ2jTGI.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210412
IP address blocks:        89.106.203.0/24 maxlen: 24
                          45.150.57.0/24 maxlen: 24
                          2a12:b380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/FyLpZ4-w1BTS3fvSQgxMdIJj80s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/FyLpZ4-w1BTS3fvSQgxMdIJj80s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyLpZ4-w1BTS3fvSQgxMdIJj80s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:83:49:47:7d:e1:98:88:4f:81:66:78:15:8e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1722e9678fb0d414d2ddfbd2420c4c748263f34b
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f400f443bef894d3113224b923153a19da34c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:21:78:4c:84:2b:f0:90:be:3c:67:bf:8e:3b:
                    86:09:de:dc:89:02:ba:ff:59:f8:f7:22:44:ae:67:
                    9d:0f:97:39:0d:64:5c:54:5f:b8:70:46:04:53:73:
                    92:92:b4:a5:d7:f9:a6:a7:ba:d7:ed:58:71:6c:5f:
                    a0:19:90:cd:14:aa:ca:2a:40:f9:02:42:ef:6a:25:
                    01:77:e8:31:85:c2:b4:67:bf:a8:57:39:4b:77:08:
                    5d:a4:0b:f5:44:28:9a:63:92:55:d2:d2:8a:fe:ab:
                    cf:59:9a:63:70:65:e5:09:4e:f8:d2:99:e8:0a:b7:
                    ab:a8:1a:6b:20:c7:57:b4:4d:92:b0:3b:14:0e:4d:
                    6f:57:bc:eb:64:7d:f5:c4:12:03:1a:a3:61:1c:e6:
                    7e:b6:3f:7b:24:97:86:2d:d3:c8:1f:b1:9f:17:fa:
                    ad:47:3a:37:39:02:af:1f:3d:15:5c:0e:9d:22:25:
                    af:b2:82:34:cf:8f:f7:3f:fb:50:04:80:0e:10:6e:
                    ae:0f:66:18:8e:b5:76:61:5e:7d:44:dd:7a:0c:0e:
                    8b:a2:01:8f:ab:b8:16:4c:26:e1:a7:26:32:b4:08:
                    9a:70:91:97:ed:92:88:6a:52:33:69:fa:4a:e6:a7:
                    5c:de:98:d5:2b:21:30:c3:3f:26:9d:f1:d1:3f:66:
                    e5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:40:0F:44:3B:EF:89:4D:31:13:22:4B:92:31:53:A1:9D:A3:4C:62
            X509v3 Authority Key Identifier:
                keyid:17:22:E9:67:8F:B0:D4:14:D2:DD:FB:D2:42:0C:4C:74:82:63:F3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyLpZ4-w1BTS3fvSQgxMdIJj80s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/n0APRDvviU0xEyJLkjFToZ2jTGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/FyLpZ4-w1BTS3fvSQgxMdIJj80s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.57.0/24
                  89.106.203.0/24
                IPv6:
                  2a12:b380::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:63:c2:0e:2a:42:ff:f7:7e:c1:f8:28:f0:13:49:af:e4:49:
         43:5e:1f:99:b6:ce:c8:8a:a8:c3:f4:06:39:19:0d:ad:67:d8:
         97:03:0f:3a:a2:59:e7:f7:7d:81:5d:de:5d:58:2b:a5:c2:0e:
         19:f5:41:91:09:57:fd:d3:10:89:ba:26:6f:84:19:a3:48:51:
         04:3f:b0:96:f9:fd:15:ae:4c:28:70:84:18:92:9b:57:d1:1c:
         20:92:25:35:23:f3:3f:b3:59:59:11:78:76:f0:8a:bb:c5:e6:
         af:dc:22:15:70:c0:a3:e8:d7:c3:00:75:99:ed:eb:a8:78:b3:
         bf:cf:13:45:b8:e1:ee:d4:47:b2:58:0b:61:1e:b3:6a:81:6a:
         01:5d:06:f3:7f:06:41:ae:16:63:7d:ad:c9:c3:5d:bb:12:02:
         24:a6:53:56:c4:70:eb:a6:fb:e1:3d:1e:0b:34:84:a3:72:9e:
         f2:b4:29:bb:f6:35:bf:b0:64:4c:b6:6b:07:41:1c:ff:a3:39:
         7c:09:f1:d5:c1:33:4e:9c:c3:d5:2d:c5:9e:c6:78:b6:55:37:
         f1:6f:a2:72:1f:2e:12:6a:40:f4:8b:ea:f7:e4:fa:27:bd:3e:
         d2:a3:a7:33:b4:0a:79:ee:27:63:39:b2:42:a0:70:03:2a:3b:
         95:d4:0a:a0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGS4NJR33hmIhPgWZ4FY73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjJlOTY3OGZiMGQ0MTRkMmRkZmJkMjQyMGM0Yzc0ODI2
M2YzNGIwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQwMGY0NDNiZWY4OTRkMzExMzIyNGI5MjMxNTNhMTlkYTM0YzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniF4TIQr8JC+PGe/jjuGCd7ciQK6
/1n49yJErmedD5c5DWRcVF+4cEYEU3OSkrSl1/mmp7rX7VhxbF+gGZDNFKrKKkD5
AkLvaiUBd+gxhcK0Z7+oVzlLdwhdpAv1RCiaY5JV0tKK/qvPWZpjcGXlCU740pno
CrerqBprIMdXtE2SsDsUDk1vV7zrZH31xBIDGqNhHOZ+tj97JJeGLdPIH7GfF/qt
Rzo3OQKvHz0VXA6dIiWvsoI0z4/3P/tQBIAOEG6uD2YYjrV2YV59RN16DA6LogGP
q7gWTCbhpyYytAiacJGX7ZKIalIzafpK5qdc3pjVKyEwwz8mnfHRP2blvQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ9AD0Q774lNMRMiS5IxU6Gdo0xiMB8GA1UdIwQY
MBaAFBci6WePsNQU0t370kIMTHSCY/NLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlMcFo0LXcxQlRTM2Z2U1FneE1kSUpqODBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hNmUxYjUtZTc4MS00MDE4LTk2MGIt
ODhjOTUxY2VlNzg0LzEvbjBBUFJEdnZpVTB4RXlKTGtqRlRvWjJqVEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hNmUxYjUtZTc4MS00MDE4LTk2MGItODhjOTUxY2VlNzg0
LzEvRnlMcFo0LXcxQlRTM2Z2U1FneE1kSUpqODBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALZY5AwQA
WWrLMA0EAgACMAcDBQMqErOAMA0GCSqGSIb3DQEBCwUAA4IBAQBFY8IOKkL/937B
+CjwE0mv5ElDXh+Zts7IiqjD9AY5GQ2tZ9iXAw86olnn932BXd5dWCulwg4Z9UGR
CVf90xCJuiZvhBmjSFEEP7CW+f0VrkwocIQYkptX0RwgkiU1I/M/s1lZEXh28Iq7
xeav3CIVcMCj6NfDAHWZ7euoeLO/zxNFuOHu1EeyWAthHrNqgWoBXQbzfwZBrhZj
fa3Jw127EgIkplNWxHDrpvvhPR4LNISjcp7ytCm79jW/sGRMtmsHQRz/ozl8CfHV
wTNOnMPVLcWexni2VTfxb6JyHy4SakD0i+r35PonvT7So6cztAp57idjObJCoHAD
KjuV1Aqg
-----END CERTIFICATE-----