Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/B-6aedIG2yqdG6sBKUDx20x7sHU.roa
File:                     B-6aedIG2yqdG6sBKUDx20x7sHU.roa (raw, json)
Hash identifier:          ra77jrRmH35pNAnFzk7H2FWhlI3oKV3KWxAC0teQkAA=
Subject key identifier:   07:EE:9A:79:D2:06:DB:2A:9D:1B:AB:01:29:40:F1:DB:4C:7B:B0:75
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       018CC4248579B9062B0121E3C53A78542C5F
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/B-6aedIG2yqdG6sBKUDx20x7sHU.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203303
IP address blocks:        45.10.91.0/24 maxlen: 24
                          185.138.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:85:79:b9:06:2b:01:21:e3:c5:3a:78:54:2c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07ee9a79d206db2a9d1bab012940f1db4c7bb075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:57:c3:ca:75:c5:b1:e0:d8:ec:d8:c4:b6:6d:
                    5d:00:75:70:30:18:26:ac:91:08:cf:f9:6b:fe:04:
                    86:36:11:4e:16:de:94:1a:d0:8a:64:67:9b:2d:48:
                    fa:48:32:47:d3:4d:d2:54:90:29:a1:4a:99:0c:e1:
                    e1:1b:73:3f:f4:cc:5c:2f:c5:2a:34:05:7a:f5:6b:
                    8a:26:a3:7f:aa:da:bf:8d:61:1a:9a:b5:81:df:d0:
                    2a:0e:db:cd:2f:7e:88:11:2d:b5:f3:01:1a:4a:5d:
                    09:22:5f:94:9a:c1:0e:69:fb:6b:16:9d:88:ea:4b:
                    28:7f:fa:f5:97:dd:76:54:52:18:8d:6d:1a:4a:62:
                    4b:68:60:9c:0d:14:cc:17:53:1b:5c:39:b1:1f:64:
                    82:46:99:2f:90:e5:48:e2:fd:aa:59:59:eb:fa:ae:
                    95:0b:f2:5e:07:1d:4b:8e:21:63:f8:20:c8:d1:48:
                    75:b0:87:3a:f0:32:a6:a0:26:c4:cd:eb:4c:f1:d4:
                    f8:d3:1b:71:38:83:30:cd:63:8f:22:94:62:6f:03:
                    0e:e7:7f:6b:0f:19:9f:9d:33:54:b2:a1:32:ec:d5:
                    13:2d:b6:38:84:8a:49:b3:c9:99:16:2c:0c:97:37:
                    ac:07:e9:6a:32:5b:6c:9d:42:2c:59:11:bb:bf:9f:
                    00:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:EE:9A:79:D2:06:DB:2A:9D:1B:AB:01:29:40:F1:DB:4C:7B:B0:75
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/B-6aedIG2yqdG6sBKUDx20x7sHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.91.0/24
                  185.138.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:f5:3b:2e:be:28:5f:37:09:9e:75:28:79:08:ed:3a:62:35:
         9f:dc:3a:34:85:e8:dd:49:8a:43:9a:7e:9c:f5:e1:8d:2f:66:
         7b:72:cf:bc:de:6a:fb:a2:aa:a6:4d:c1:3e:8f:96:7d:4c:3a:
         4f:f4:21:2a:2e:70:ce:39:3b:2d:41:9b:a8:4b:ef:9c:fa:35:
         c6:1c:cd:d9:1e:3b:3b:46:a8:8d:a5:22:0b:74:70:14:03:32:
         2d:ee:e1:5a:c1:18:0e:d3:30:47:2f:1a:5b:ac:1f:2f:fc:4c:
         ab:1e:ea:66:50:07:8e:a8:70:c8:09:0c:4c:3a:a5:8c:2e:ab:
         88:e5:64:69:9d:bf:0b:3d:8c:55:f6:fa:cb:f4:7a:d1:22:f5:
         2c:7a:48:e6:1d:8d:bd:8d:d3:83:7f:75:28:4b:90:07:db:b1:
         3c:b0:4d:93:68:84:28:9a:99:83:76:90:42:35:02:68:7e:14:
         79:95:e3:b9:c9:ba:de:bf:5f:d6:57:9a:0c:3e:0c:cf:ea:80:
         c3:dd:a4:43:65:e2:2d:25:20:72:95:64:5a:98:5c:76:b5:2d:
         70:44:e7:97:8d:ae:ed:4e:9d:54:ea:ea:89:7c:8e:a6:23:8a:
         7b:a2:21:53:94:d7:57:06:49:50:46:ae:aa:ae:cb:40:d3:5e:
         32:13:ba:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJIV5uQYrASHjxTp4VCxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2VlOWE3OWQyMDZkYjJhOWQxYmFiMDEyOTQwZjFkYjRjN2JiMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFfDynXFseDY7NjEtm1dAHVwMBgm
rJEIz/lr/gSGNhFOFt6UGtCKZGebLUj6SDJH003SVJApoUqZDOHhG3M/9MxcL8Uq
NAV69WuKJqN/qtq/jWEamrWB39AqDtvNL36IES218wEaSl0JIl+UmsEOaftrFp2I
6ksof/r1l912VFIYjW0aSmJLaGCcDRTMF1MbXDmxH2SCRpkvkOVI4v2qWVnr+q6V
C/JeBx1LjiFj+CDI0Uh1sIc68DKmoCbEzetM8dT40xtxOIMwzWOPIpRibwMO539r
DxmfnTNUsqEy7NUTLbY4hIpJs8mZFiwMlzesB+lqMltsnUIsWRG7v58AeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAfumnnSBtsqnRurASlA8dtMe7B1MB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvQi02YWVkSUcyeXFkRzZzQktVRHgyMHg3c0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQpbAwQA
uYrkMA0GCSqGSIb3DQEBCwUAA4IBAQA79TsuvihfNwmedSh5CO06YjWf3Do0hejd
SYpDmn6c9eGNL2Z7cs+83mr7oqqmTcE+j5Z9TDpP9CEqLnDOOTstQZuoS++c+jXG
HM3ZHjs7RqiNpSILdHAUAzIt7uFawRgO0zBHLxpbrB8v/EyrHupmUAeOqHDICQxM
OqWMLquI5WRpnb8LPYxV9vrL9HrRIvUsekjmHY29jdODf3UoS5AH27E8sE2TaIQo
mpmDdpBCNQJofhR5leO5ybrev1/WV5oMPgzP6oDD3aRDZeItJSBylWRamFx2tS1w
ROeXja7tTp1U6uqJfI6mI4p7oiFTlNdXBklQRq6qrstA014yE7qo
-----END CERTIFICATE-----