Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/zOdJBBMREu07n21F4ltd92KQ8ls.roa
File:                     zOdJBBMREu07n21F4ltd92KQ8ls.roa (raw, json)
Hash identifier:          ZsCinYVpkxBnYSp7va66ac94/JQdRJjg+RLMSXM+3xI=
Subject key identifier:   CC:E7:49:04:13:11:12:ED:3B:9F:6D:45:E2:5B:5D:F7:62:90:F2:5B
Certificate issuer:       /CN=84c17102b6e92e292ec8acaf659e3c290a8d0b68
Certificate serial:       018CC8DE6B088D40BEEB77811FB924F75F94
Authority key identifier: 84:C1:71:02:B6:E9:2E:29:2E:C8:AC:AF:65:9E:3C:29:0A:8D:0B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/zOdJBBMREu07n21F4ltd92KQ8ls.roa
Signing time:             Tue 02 Jan 2024 06:31:08 +0000
ROA not before:           Tue 02 Jan 2024 06:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215910
IP address blocks:        45.90.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:6b:08:8d:40:be:eb:77:81:1f:b9:24:f7:5f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84c17102b6e92e292ec8acaf659e3c290a8d0b68
        Validity
            Not Before: Jan  2 06:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cce74904131112ed3b9f6d45e25b5df76290f25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:72:e8:ba:dd:be:21:1d:cd:e6:5f:c5:f3:85:
                    66:01:1b:2a:63:ba:22:b8:40:72:b9:4a:d9:7d:fe:
                    a9:d4:6d:62:9f:58:94:48:11:9e:ff:d9:d0:e6:bb:
                    f2:37:11:86:39:ee:fd:f6:88:be:44:0a:76:a0:bc:
                    8a:a1:9b:8f:ba:ca:1a:b1:13:a1:cd:4e:80:eb:78:
                    b0:85:6b:9d:01:cc:b8:0a:eb:27:8c:d9:07:eb:74:
                    6c:32:13:76:2a:01:09:a3:18:d8:db:5d:e0:8f:59:
                    c6:d9:62:6c:36:76:ab:85:4a:87:5d:0a:9c:75:0e:
                    54:b9:9c:7d:43:c7:de:54:c7:b8:6b:01:18:d8:0e:
                    ee:57:df:20:5d:a4:c2:26:09:0a:ed:77:a3:5a:d6:
                    4d:b9:2f:8b:02:ff:24:22:28:48:8e:45:08:78:48:
                    4d:36:79:b8:88:6b:cb:c2:bd:ea:62:9d:41:90:73:
                    b4:f2:e8:5f:98:3a:bf:67:2e:00:09:7a:0e:8d:66:
                    c0:3b:e2:82:58:6d:01:b6:bb:ae:a6:9f:7a:56:95:
                    8f:5e:1e:52:3d:a9:b4:93:39:f1:8e:ef:20:cc:df:
                    50:86:25:89:10:77:c3:12:bb:a5:0e:92:70:66:91:
                    8d:ae:66:80:ff:3a:58:73:72:5b:92:2e:dd:83:6c:
                    51:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E7:49:04:13:11:12:ED:3B:9F:6D:45:E2:5B:5D:F7:62:90:F2:5B
            X509v3 Authority Key Identifier:
                keyid:84:C1:71:02:B6:E9:2E:29:2E:C8:AC:AF:65:9E:3C:29:0A:8D:0B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/zOdJBBMREu07n21F4ltd92KQ8ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:7d:bc:27:04:7b:ec:62:9c:2b:87:2c:6f:06:59:dc:26:a4:
         29:50:05:46:bd:57:d0:55:64:f6:8d:97:a3:88:ed:a0:79:00:
         6f:ed:e2:cc:a7:a6:88:28:ec:40:3b:34:07:bf:bd:a2:6f:f7:
         ea:67:db:d1:21:ed:a7:64:22:82:39:cd:fe:23:1f:16:70:ea:
         c6:66:eb:0d:33:d1:8e:5e:2d:10:02:9b:99:b7:0c:a3:94:b7:
         d5:b7:8c:51:ad:40:23:b9:0d:c0:66:f3:0e:50:ab:52:0b:e5:
         9d:26:05:b2:77:17:b1:14:72:dc:3e:ec:f5:bc:9e:c4:dd:53:
         60:a4:2e:5f:5a:e0:47:66:08:64:e0:82:42:53:02:f4:f0:67:
         95:af:05:1f:50:28:f9:9f:2b:05:db:49:26:53:11:f1:4e:2b:
         93:db:e7:61:5f:26:f2:0c:86:cb:05:cc:09:ab:54:86:f8:14:
         fd:25:0f:0e:df:bc:64:55:fb:d2:31:53:ee:b3:5f:f1:b1:df:
         8f:26:19:6c:fb:50:b5:ea:f8:18:7a:b8:2f:cd:eb:6a:3c:9c:
         40:fd:6e:74:46:5b:f9:54:93:ee:44:a3:f0:c3:13:09:b7:b9:
         fa:89:38:03:a9:1f:d3:e4:4f:c2:4b:bf:e3:88:92:b1:4e:2f:
         13:05:c3:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3msIjUC+63eBH7kk91+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YzE3MTAyYjZlOTJlMjkyZWM4YWNhZjY1OWUzYzI5MGE4
ZDBiNjgwHhcNMjQwMTAyMDYzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2U3NDkwNDEzMTExMmVkM2I5ZjZkNDVlMjViNWRmNzYyOTBmMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXLout2+IR3N5l/F84VmARsqY7oi
uEByuUrZff6p1G1in1iUSBGe/9nQ5rvyNxGGOe799oi+RAp2oLyKoZuPusoasROh
zU6A63iwhWudAcy4CusnjNkH63RsMhN2KgEJoxjY213gj1nG2WJsNnarhUqHXQqc
dQ5UuZx9Q8feVMe4awEY2A7uV98gXaTCJgkK7XejWtZNuS+LAv8kIihIjkUIeEhN
Nnm4iGvLwr3qYp1BkHO08uhfmDq/Zy4ACXoOjWbAO+KCWG0Btruupp96VpWPXh5S
Pam0kznxju8gzN9QhiWJEHfDErulDpJwZpGNrmaA/zpYc3Jbki7dg2xRMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMznSQQTERLtO59tReJbXfdikPJbMB8GA1UdIwQY
MBaAFITBcQK26S4pLsisr2WePCkKjQtoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE1GeEFyYnBMaWt1eUt5dlpaNDhLUXFOQzJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82ZDU2OWQtYzQ0Yi00YzM0LWExNTkt
ZDU4M2Y5YTY2ZTNiLzEvek9kSkJCTVJFdTA3bjIxRjRsdGQ5MktROGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82ZDU2OWQtYzQ0Yi00YzM0LWExNTktZDU4M2Y5YTY2ZTNi
LzEvaE1GeEFyYnBMaWt1eUt5dlpaNDhLUXFOQzJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVpQMA0G
CSqGSIb3DQEBCwUAA4IBAQA5fbwnBHvsYpwrhyxvBlncJqQpUAVGvVfQVWT2jZej
iO2geQBv7eLMp6aIKOxAOzQHv72ib/fqZ9vRIe2nZCKCOc3+Ix8WcOrGZusNM9GO
Xi0QApuZtwyjlLfVt4xRrUAjuQ3AZvMOUKtSC+WdJgWydxexFHLcPuz1vJ7E3VNg
pC5fWuBHZghk4IJCUwL08GeVrwUfUCj5nysF20kmUxHxTiuT2+dhXybyDIbLBcwJ
q1SG+BT9JQ8O37xkVfvSMVPus1/xsd+PJhls+1C16vgYergvzetqPJxA/W50Rlv5
VJPuRKPwwxMJt7n6iTgDqR/T5E/CS7/jiJKxTi8TBcPo
-----END CERTIFICATE-----