Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/dN5jQ6sPWP3VmiRUUrYoUtaH6rk.roa
File:                     dN5jQ6sPWP3VmiRUUrYoUtaH6rk.roa (raw, json)
Hash identifier:          jjGIiUWBfB5PmAG+WExXQD+dpwZ2U1b8mPZ+rxcbayo=
Subject key identifier:   74:DE:63:43:AB:0F:58:FD:D5:9A:24:54:52:B6:28:52:D6:87:EA:B9
Certificate issuer:       /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial:       018CC9BC3B15C4128C7DC8F75B16C4F3430E
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/dN5jQ6sPWP3VmiRUUrYoUtaH6rk.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199341
IP address blocks:        45.85.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3b:15:c4:12:8c:7d:c8:f7:5b:16:c4:f3:43:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74de6343ab0f58fdd59a245452b62852d687eab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ed:53:23:7c:59:1b:ae:72:ea:e8:bb:76:61:
                    51:11:d1:b4:86:fe:37:70:b6:5a:db:be:b1:dc:bf:
                    d7:e0:eb:e2:78:3e:bf:2e:59:49:55:18:b3:81:a7:
                    2a:f6:34:32:73:fb:1e:3f:5c:9b:a1:de:77:f5:db:
                    93:97:ee:75:ca:af:5c:01:cc:19:0c:92:95:77:cf:
                    41:63:62:03:0a:ff:c2:7e:5b:e3:96:dc:13:25:14:
                    e9:dd:0a:60:f3:f9:94:f6:2d:a9:60:00:dd:ff:b3:
                    fa:41:6c:c2:80:5b:da:cb:a3:54:a7:7f:8f:e9:57:
                    79:16:8f:71:75:66:50:02:15:83:86:ff:0d:d6:47:
                    6a:b0:02:0a:ce:44:80:67:1e:c1:71:98:80:b2:0f:
                    c3:16:5e:25:97:9b:85:25:d1:8d:e2:9f:98:2b:15:
                    66:28:68:7c:db:ee:06:50:36:ef:b6:b2:09:97:6c:
                    93:b6:87:d3:ae:fd:39:60:6e:5e:e7:bd:02:be:8c:
                    b9:16:fd:56:bb:14:22:ff:69:81:05:f6:c2:5e:d0:
                    5a:23:72:45:f0:7d:0f:9e:ba:e2:63:56:de:aa:76:
                    be:2b:85:0e:f1:7b:04:fb:f4:86:5e:b8:2b:a1:d7:
                    95:a4:f6:d0:96:ee:4d:28:10:32:0b:f6:7d:0a:ea:
                    36:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DE:63:43:AB:0F:58:FD:D5:9A:24:54:52:B6:28:52:D6:87:EA:B9
            X509v3 Authority Key Identifier:
                keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/dN5jQ6sPWP3VmiRUUrYoUtaH6rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:c2:c1:03:d0:f8:1d:f4:ff:a4:1e:8a:ea:f2:78:72:d1:58:
         a0:b7:53:a5:81:27:d7:3c:c4:43:8b:87:a0:91:74:dd:97:9c:
         bd:34:07:ee:b5:2f:65:c4:ea:7d:5e:15:32:c6:e2:52:61:b6:
         16:5c:97:f6:e8:21:61:78:fc:ae:56:75:82:a4:4b:20:7b:83:
         88:0b:06:5b:68:dc:b1:b2:78:07:d7:a5:53:a7:b7:1b:85:f4:
         69:e6:57:c6:67:8a:f0:46:50:f0:c7:c3:b7:d6:97:a3:a0:fa:
         b4:6b:31:4a:b9:20:81:d4:b2:1f:4e:32:14:06:ae:05:57:b8:
         e6:3a:38:5d:33:06:64:cc:25:8c:61:6d:e4:e1:9a:16:b0:d7:
         8b:22:ca:5e:32:7e:d8:c9:1f:3d:10:36:2d:9c:ac:07:7f:6f:
         80:be:b1:e2:ee:0a:52:90:58:2c:e3:16:49:64:0b:8c:3d:33:
         06:49:cb:16:87:94:2c:13:fb:00:6f:03:26:b4:29:af:46:68:
         e9:13:69:97:30:3a:db:a6:e1:c3:51:fc:64:c0:dc:93:86:b2:
         43:89:74:23:2a:df:45:88:26:47:c6:7c:3f:c0:13:c2:ac:cd:
         22:0c:cd:3e:b5:81:4e:78:04:22:79:65:70:c5:a0:6b:b4:06:
         61:f0:26:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDsVxBKMfcj3WxbE80MOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTFhMmM5ZmM4ZGU5Njc5YmIxNTg1ODFiMTBjZWFlZTkx
ZmY3OTEwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRlNjM0M2FiMGY1OGZkZDU5YTI0NTQ1MmI2Mjg1MmQ2ODdlYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe1TI3xZG65y6ui7dmFREdG0hv43
cLZa276x3L/X4OvieD6/LllJVRizgacq9jQyc/seP1ybod539duTl+51yq9cAcwZ
DJKVd89BY2IDCv/CflvjltwTJRTp3Qpg8/mU9i2pYADd/7P6QWzCgFvay6NUp3+P
6Vd5Fo9xdWZQAhWDhv8N1kdqsAIKzkSAZx7BcZiAsg/DFl4ll5uFJdGN4p+YKxVm
KGh82+4GUDbvtrIJl2yTtofTrv05YG5e570Cvoy5Fv1WuxQi/2mBBfbCXtBaI3JF
8H0PnrriY1beqna+K4UO8XsE+/SGXrgrodeVpPbQlu5NKBAyC/Z9Cuo2aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTeY0OrD1j91ZokVFK2KFLWh+q5MB8GA1UdIwQY
MBaAFKgRosn8jelnm7FYWBsQzq7pH/eRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYt
MGNjNGMwMDAwODU4LzEvZE41alE2c1BXUDNWbWlSVVVyWW9VdGFINnJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYtMGNjNGMwMDAwODU4
LzEvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVW4MA0G
CSqGSIb3DQEBCwUAA4IBAQABwsED0Pgd9P+kHorq8nhy0Vigt1OlgSfXPMRDi4eg
kXTdl5y9NAfutS9lxOp9XhUyxuJSYbYWXJf26CFhePyuVnWCpEsge4OICwZbaNyx
sngH16VTp7cbhfRp5lfGZ4rwRlDwx8O31pejoPq0azFKuSCB1LIfTjIUBq4FV7jm
OjhdMwZkzCWMYW3k4ZoWsNeLIspeMn7YyR89EDYtnKwHf2+AvrHi7gpSkFgs4xZJ
ZAuMPTMGScsWh5QsE/sAbwMmtCmvRmjpE2mXMDrbpuHDUfxkwNyThrJDiXQjKt9F
iCZHxnw/wBPCrM0iDM0+tYFOeAQieWVwxaBrtAZh8CbV
-----END CERTIFICATE-----