Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/nQitejt2gl3dIqcNaDPm0wzdG88.roa
File:                     nQitejt2gl3dIqcNaDPm0wzdG88.roa (raw, json)
Hash identifier:          x4QSsbp5bZGlcXFPKsBQR5owTwQ1bX+ecijkA4ebE0Y=
Subject key identifier:   9D:08:AD:7A:3B:76:82:5D:DD:22:A7:0D:68:33:E6:D3:0C:DD:1B:CF
Certificate issuer:       /CN=899241a00348315c02c0e2a9150b863087d1c857
Certificate serial:       01907CD91250722592780A714B004E930DFF
Authority key identifier: 89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/nQitejt2gl3dIqcNaDPm0wzdG88.roa
Signing time:             Thu 04 Jul 2024 08:25:19 +0000
ROA not before:           Thu 04 Jul 2024 08:25:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206576
IP address blocks:        5.45.16.0/23 maxlen: 23
                          5.45.18.0/24 maxlen: 24
                          2a01:6c8:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:d9:12:50:72:25:92:78:0a:71:4b:00:4e:93:0d:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=899241a00348315c02c0e2a9150b863087d1c857
        Validity
            Not Before: Jul  4 08:25:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d08ad7a3b76825ddd22a70d6833e6d30cdd1bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f4:0c:d9:06:b8:ed:58:7f:5d:2f:82:0d:9b:
                    84:af:3a:26:be:16:ad:0b:9a:c5:48:7e:e8:46:2b:
                    75:ee:1f:72:4d:02:8b:97:df:f9:50:fd:a0:dc:91:
                    2b:4c:dc:ef:ac:71:fe:21:7b:4a:38:0d:ea:89:76:
                    68:df:e4:2e:ff:44:c4:0a:a4:ab:e5:11:c2:8f:0b:
                    8c:78:eb:3a:f6:61:69:c3:99:51:69:05:95:ab:e0:
                    46:2d:2d:22:b5:48:89:d6:ee:b3:8f:fa:57:77:80:
                    d3:63:92:7e:12:9a:5f:e5:d0:be:36:bb:d2:eb:09:
                    41:f7:be:ec:64:66:a2:65:ca:1c:2b:44:df:60:d8:
                    ee:bc:24:c8:43:b6:bc:69:d5:3a:65:ea:29:e9:c4:
                    31:bd:fd:5e:08:b3:d5:6f:f7:53:0e:1d:f7:31:c5:
                    b8:71:5e:f5:ea:20:fe:c1:58:3c:48:2d:c7:27:a0:
                    6e:fb:c6:ba:2e:c5:ef:de:59:f4:63:59:f9:1b:28:
                    d8:73:c9:0b:cd:92:0e:84:00:7f:39:d5:db:ff:1a:
                    a1:3e:1c:2d:04:c1:a0:f5:8d:55:fc:a5:c4:10:38:
                    5a:6f:45:3e:de:92:31:9c:6f:d7:da:d4:b3:a9:51:
                    b1:31:56:35:3a:dc:51:50:4c:3a:b0:38:5f:05:63:
                    41:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:08:AD:7A:3B:76:82:5D:DD:22:A7:0D:68:33:E6:D3:0C:DD:1B:CF
            X509v3 Authority Key Identifier:
                keyid:89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/nQitejt2gl3dIqcNaDPm0wzdG88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.16.0-5.45.18.255
                IPv6:
                  2a01:6c8:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         84:24:cb:d0:af:02:0c:5d:0d:cf:32:13:7a:16:c7:1d:fa:53:
         45:f8:e1:61:ea:52:e4:54:e4:69:07:ad:a5:e5:3b:87:4a:a7:
         a5:96:4f:b7:12:f3:c5:e8:8f:af:b4:98:82:38:64:cd:23:0d:
         b0:8e:5f:3f:36:e4:20:4e:2a:77:64:dd:d0:9c:78:8e:ea:5f:
         09:78:7a:ea:47:03:b7:c5:27:c1:aa:6a:3c:90:6f:1c:a9:1c:
         83:48:40:d0:b5:43:90:53:ba:f6:37:03:8d:d1:97:ee:b0:8e:
         f4:35:f5:11:e7:7f:ef:fe:62:c6:b9:d7:05:0b:c0:1d:33:db:
         61:7c:3a:ab:48:00:b6:eb:37:2d:e3:e7:68:d2:53:f5:6b:e0:
         91:4f:a3:02:58:17:b4:55:f6:b1:da:a9:03:68:ac:72:a4:a7:
         c6:a3:56:6e:18:e7:ed:36:10:ab:16:b8:a6:89:b7:1f:cd:a8:
         d6:3d:c8:5f:ae:43:e3:92:ca:53:ce:8e:fe:a5:dc:7f:91:a6:
         c9:5c:65:ee:14:a3:b9:f0:65:77:6b:16:e1:26:36:72:61:ff:
         57:22:30:eb:e8:d5:4c:5d:a6:d0:1e:3d:68:91:3b:a3:d4:c5:
         81:c5:57:d4:75:6d:34:2a:77:1f:08:a9:cf:d9:af:c3:f3:7e:
         d7:c5:ea:17
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZB82RJQciWSeApxSwBOkw3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5OTI0MWEwMDM0ODMxNWMwMmMwZTJhOTE1MGI4NjMwODdk
MWM4NTcwHhcNMjQwNzA0MDgyNTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDA4YWQ3YTNiNzY4MjVkZGQyMmE3MGQ2ODMzZTZkMzBjZGQxYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPQM2Qa47Vh/XS+CDZuErzomvhat
C5rFSH7oRit17h9yTQKLl9/5UP2g3JErTNzvrHH+IXtKOA3qiXZo3+Qu/0TECqSr
5RHCjwuMeOs69mFpw5lRaQWVq+BGLS0itUiJ1u6zj/pXd4DTY5J+Eppf5dC+NrvS
6wlB977sZGaiZcocK0TfYNjuvCTIQ7a8adU6Zeop6cQxvf1eCLPVb/dTDh33McW4
cV716iD+wVg8SC3HJ6Bu+8a6LsXv3ln0Y1n5GyjYc8kLzZIOhAB/OdXb/xqhPhwt
BMGg9Y1V/KXEEDhab0U+3pIxnG/X2tSzqVGxMVY1OtxRUEw6sDhfBWNBNwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJ0IrXo7doJd3SKnDWgz5tMM3RvPMB8GA1UdIwQY
MBaAFImSQaADSDFcAsDiqRULhjCH0chXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzIt
OTllNzgwYmYzYjk4LzEvblFpdGVqdDJnbDNkSXFjTmFEUG0wd3pkRzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzItOTllNzgwYmYzYjk4
LzEvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAQFLRAD
BAAFLRIwDgQCAAIwCAMGBCoBBsggMA0GCSqGSIb3DQEBCwUAA4IBAQCEJMvQrwIM
XQ3PMhN6Fscd+lNF+OFh6lLkVORpB62l5TuHSqellk+3EvPF6I+vtJiCOGTNIw2w
jl8/NuQgTip3ZN3QnHiO6l8JeHrqRwO3xSfBqmo8kG8cqRyDSEDQtUOQU7r2NwON
0ZfusI70NfUR53/v/mLGudcFC8AdM9thfDqrSAC26zct4+do0lP1a+CRT6MCWBe0
Vfax2qkDaKxypKfGo1ZuGOftNhCrFrimibcfzajWPchfrkPjkspTzo7+pdx/kabJ
XGXuFKO58GV3axbhJjZyYf9XIjDr6NVMXabQHj1okTuj1MWBxVfUdW00KncfCKnP
2a/D837XxeoX
-----END CERTIFICATE-----