Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/kgiPzmA-eIC12ho7DuN2ev_yfDA.roa
File:                     kgiPzmA-eIC12ho7DuN2ev_yfDA.roa (raw, json)
Hash identifier:          4z8fCydezXD/5Nyza28gHObzfsuZSafgCvXjY+oa0Fg=
Subject key identifier:   92:08:8F:CE:60:3E:78:80:B5:DA:1A:3B:0E:E3:76:7A:FF:F2:7C:30
Certificate issuer:       /CN=899241a00348315c02c0e2a9150b863087d1c857
Certificate serial:       01907CD90FF3B198413E66F4582B577F3BC6
Authority key identifier: 89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/kgiPzmA-eIC12ho7DuN2ev_yfDA.roa
Signing time:             Thu 04 Jul 2024 08:25:18 +0000
ROA not before:           Thu 04 Jul 2024 08:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        5.45.16.0/23 maxlen: 23
                          5.45.18.0/24 maxlen: 24
                          2a01:6c8:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:d9:0f:f3:b1:98:41:3e:66:f4:58:2b:57:7f:3b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=899241a00348315c02c0e2a9150b863087d1c857
        Validity
            Not Before: Jul  4 08:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92088fce603e7880b5da1a3b0ee3767afff27c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ae:00:71:18:ba:77:0f:66:56:6a:fd:40:b5:
                    45:30:c5:5f:aa:2c:74:21:16:67:89:de:46:5d:ab:
                    de:05:84:cc:7c:24:30:14:de:2a:cd:f0:f4:a4:09:
                    81:cb:cb:9b:56:3a:a5:26:15:bc:f7:a0:04:e3:78:
                    26:6f:ce:f9:3a:2e:a9:45:74:a9:a9:a5:59:8b:45:
                    10:d4:f6:dd:b4:68:cf:95:57:c4:e1:36:2d:95:13:
                    b6:25:e2:d2:f7:36:9d:d1:fb:f2:fa:6c:1c:3c:72:
                    cd:b1:33:fa:24:1e:14:8d:63:cd:c0:39:5c:d4:64:
                    5c:24:87:a8:19:5e:c4:c3:28:60:2e:89:35:a5:da:
                    ff:8b:40:85:b6:be:60:38:3e:3a:dc:86:b5:64:76:
                    10:b4:d0:90:09:83:ad:c5:36:35:ab:55:e2:d3:7f:
                    df:b0:46:e9:c4:08:d5:3b:ac:33:7b:5f:f0:12:bc:
                    d2:81:18:94:25:6e:99:61:39:42:27:ad:ad:91:ad:
                    c8:26:3c:1f:17:3e:97:70:22:56:f8:03:43:94:83:
                    7c:c8:8d:2b:75:a3:c8:1c:72:be:08:c6:49:a8:4f:
                    38:e4:d0:9a:66:54:68:11:f8:f5:e5:ab:00:70:96:
                    65:2a:2b:12:f9:4e:cb:b6:1b:8c:65:2f:3a:a2:d6:
                    b9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:08:8F:CE:60:3E:78:80:B5:DA:1A:3B:0E:E3:76:7A:FF:F2:7C:30
            X509v3 Authority Key Identifier:
                keyid:89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/kgiPzmA-eIC12ho7DuN2ev_yfDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.16.0-5.45.18.255
                IPv6:
                  2a01:6c8:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         42:49:d7:4c:f4:a1:ce:3b:ea:60:31:31:d9:16:f3:0c:cf:31:
         68:7b:51:c0:55:08:45:1e:66:63:ea:23:55:ce:8e:7c:31:57:
         3b:67:9a:f1:f7:77:9c:e3:2d:7d:6e:00:31:ea:76:7f:36:91:
         2c:13:a0:31:69:4d:94:fc:12:6a:3c:0f:32:a8:24:8b:b4:a4:
         c3:84:c4:49:9f:e0:b5:87:82:c9:d0:8a:52:bb:d9:8b:63:b6:
         ad:e7:98:10:04:93:d1:e5:b1:11:be:8d:15:30:e3:53:ee:a3:
         ac:22:5d:6c:84:73:ed:2d:ed:b0:44:26:45:52:7a:79:8a:65:
         7a:5c:26:da:48:38:7d:70:8d:37:ce:e9:0a:0b:e8:da:e0:20:
         a8:09:28:0f:94:a4:56:e4:9c:0f:6b:96:cd:ea:e3:f4:47:a7:
         24:93:20:0a:86:c4:67:01:bd:10:c3:5b:b0:f6:78:42:63:dd:
         2c:03:49:f8:c9:44:76:0d:07:d1:3f:40:41:b3:c0:52:84:8d:
         99:99:d7:4d:4e:13:bd:4f:4b:da:5e:e1:e7:d2:25:5b:4a:55:
         60:b5:b6:4e:b5:80:27:4a:50:ab:48:3e:ab:ad:39:62:aa:88:
         41:af:27:42:c5:35:b5:12:85:88:44:65:6a:31:f3:83:e2:f4:
         f6:cb:8d:26
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZB82Q/zsZhBPmb0WCtXfzvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5OTI0MWEwMDM0ODMxNWMwMmMwZTJhOTE1MGI4NjMwODdk
MWM4NTcwHhcNMjQwNzA0MDgyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjA4OGZjZTYwM2U3ODgwYjVkYTFhM2IwZWUzNzY3YWZmZjI3YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxa4AcRi6dw9mVmr9QLVFMMVfqix0
IRZnid5GXaveBYTMfCQwFN4qzfD0pAmBy8ubVjqlJhW896AE43gmb875Oi6pRXSp
qaVZi0UQ1PbdtGjPlVfE4TYtlRO2JeLS9zad0fvy+mwcPHLNsTP6JB4UjWPNwDlc
1GRcJIeoGV7EwyhgLok1pdr/i0CFtr5gOD463Ia1ZHYQtNCQCYOtxTY1q1Xi03/f
sEbpxAjVO6wze1/wErzSgRiUJW6ZYTlCJ62tka3IJjwfFz6XcCJW+ANDlIN8yI0r
daPIHHK+CMZJqE845NCaZlRoEfj15asAcJZlKisS+U7LthuMZS86ota5dQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJIIj85gPniAtdoaOw7jdnr/8nwwMB8GA1UdIwQY
MBaAFImSQaADSDFcAsDiqRULhjCH0chXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzIt
OTllNzgwYmYzYjk4LzEva2dpUHptQS1lSUMxMmhvN0R1TjJldl95ZkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzItOTllNzgwYmYzYjk4
LzEvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAQFLRAD
BAAFLRIwDgQCAAIwCAMGBCoBBsggMA0GCSqGSIb3DQEBCwUAA4IBAQBCSddM9KHO
O+pgMTHZFvMMzzFoe1HAVQhFHmZj6iNVzo58MVc7Z5rx93ec4y19bgAx6nZ/NpEs
E6AxaU2U/BJqPA8yqCSLtKTDhMRJn+C1h4LJ0IpSu9mLY7at55gQBJPR5bERvo0V
MONT7qOsIl1shHPtLe2wRCZFUnp5imV6XCbaSDh9cI03zukKC+ja4CCoCSgPlKRW
5JwPa5bN6uP0R6ckkyAKhsRnAb0Qw1uw9nhCY90sA0n4yUR2DQfRP0BBs8BShI2Z
mddNThO9T0vaXuHn0iVbSlVgtbZOtYAnSlCrSD6rrTliqohBrydCxTW1EoWIRGVq
MfOD4vT2y40m
-----END CERTIFICATE-----