Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/E-QugW6lBDjoKQ5EMExqkrOxp_U.roa
File:                     E-QugW6lBDjoKQ5EMExqkrOxp_U.roa (raw, json)
Hash identifier:          v8+rMK3lrc1lJx40ubfY5dj5CcJ5aclQeFV9aQt5sr0=
Subject key identifier:   13:E4:2E:81:6E:A5:04:38:E8:29:0E:44:30:4C:6A:92:B3:B1:A7:F5
Certificate issuer:       /CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
Certificate serial:       01927A646260352B50837D04550275CCB176
Authority key identifier: 4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/E-QugW6lBDjoKQ5EMExqkrOxp_U.roa
Signing time:             Fri 11 Oct 2024 07:04:12 +0000
ROA not before:           Fri 11 Oct 2024 07:04:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214503
IP address blocks:        45.84.107.0/24 maxlen: 24
                          2a0d:bbc7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:64:62:60:35:2b:50:83:7d:04:55:02:75:cc:b1:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
        Validity
            Not Before: Oct 11 07:04:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13e42e816ea50438e8290e44304c6a92b3b1a7f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:40:55:4c:f7:4b:34:f2:17:9b:ab:e0:5a:e9:
                    eb:60:52:c9:11:fd:aa:8c:0b:e5:72:49:cb:4a:6a:
                    13:60:5d:11:88:ff:58:bc:0e:fa:51:e0:3a:4a:30:
                    af:68:47:20:ea:4c:2e:a7:dd:52:79:73:2a:35:7a:
                    7e:2b:61:04:6c:ab:01:b1:34:78:6e:39:32:9c:a8:
                    d8:12:3a:62:81:19:9d:9f:1e:4d:1d:e7:4b:5f:03:
                    b9:fd:c2:6a:bc:9f:58:98:a4:2e:6e:72:df:e9:50:
                    25:ad:da:ba:71:15:2d:9f:ba:ee:db:9b:da:f7:50:
                    f9:f7:63:92:33:56:58:6b:19:02:d9:3d:36:12:f7:
                    58:93:a1:d3:a4:98:4b:09:9a:0f:2c:a4:e3:c2:80:
                    0c:8c:1d:4f:30:50:f1:99:d6:a8:ec:5d:7f:4f:b9:
                    c1:cd:0b:ad:ea:83:b1:23:a7:f3:9d:17:24:b4:19:
                    c8:1b:46:9b:6f:7c:de:f6:57:18:18:92:3e:9d:30:
                    8c:69:31:7c:6e:56:31:3f:9f:a9:b9:75:04:52:c9:
                    ff:a4:60:f4:89:31:00:db:f0:e8:38:cb:7c:33:9b:
                    aa:0f:35:39:65:79:81:62:39:44:77:e7:c5:1a:91:
                    e6:e9:1b:8f:32:78:eb:f9:5f:d4:c9:df:bd:80:73:
                    14:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:E4:2E:81:6E:A5:04:38:E8:29:0E:44:30:4C:6A:92:B3:B1:A7:F5
            X509v3 Authority Key Identifier:
                keyid:4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/E-QugW6lBDjoKQ5EMExqkrOxp_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.107.0/24
                IPv6:
                  2a0d:bbc7::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:fa:95:5e:8a:9e:f7:3c:62:1b:0c:ee:fc:49:6d:91:3d:1b:
         a0:13:88:86:1f:4a:6f:8f:60:db:9d:35:2a:68:96:7c:d0:5b:
         36:0e:6d:d5:f3:ce:c7:e0:81:3a:b8:23:1a:a2:16:d0:47:d1:
         2e:62:cf:62:17:37:fd:3d:db:39:95:e0:b8:85:e9:b8:ad:1d:
         76:a2:4c:eb:10:76:99:0f:6a:1a:e1:47:e0:40:0a:02:8f:54:
         52:98:c7:0d:96:3a:dc:63:e2:b0:bc:f8:d6:80:9e:b0:25:e7:
         cc:de:1f:c0:5f:55:86:a3:1e:53:e4:4e:3a:91:61:97:2f:ca:
         d8:bc:bc:c6:6f:b4:d4:4d:00:99:65:db:e7:20:02:54:4d:17:
         58:2d:db:21:0c:a2:b2:74:ab:f4:df:20:e2:b4:95:4e:e2:ca:
         2a:21:53:25:80:b6:77:24:d8:03:8f:ca:4e:c7:36:c3:e3:6e:
         5a:20:a4:6b:37:ea:8d:ea:26:eb:80:e0:c6:2e:04:13:c4:66:
         d6:61:3d:6b:41:27:8f:23:ba:99:4a:46:8f:24:d0:7c:92:a3:
         c4:92:bf:38:2a:7f:a6:71:71:97:71:b5:cf:ef:ea:f9:33:e7:
         28:d0:99:ec:40:65:ac:a2:a2:1e:91:01:76:01:da:c0:01:ce:
         ac:8e:1f:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZJ6ZGJgNStQg30EVQJ1zLF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjgwODAyYzY1NzlhNGQ0YTEwNjA4ZGNmOTJlOWFjZTk5
MDViMTYwHhcNMjQxMDExMDcwNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2U0MmU4MTZlYTUwNDM4ZTgyOTBlNDQzMDRjNmE5MmIzYjFhN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEBVTPdLNPIXm6vgWunrYFLJEf2q
jAvlcknLSmoTYF0RiP9YvA76UeA6SjCvaEcg6kwup91SeXMqNXp+K2EEbKsBsTR4
bjkynKjYEjpigRmdnx5NHedLXwO5/cJqvJ9YmKQubnLf6VAlrdq6cRUtn7ru25va
91D592OSM1ZYaxkC2T02EvdYk6HTpJhLCZoPLKTjwoAMjB1PMFDxmdao7F1/T7nB
zQut6oOxI6fznRcktBnIG0abb3ze9lcYGJI+nTCMaTF8blYxP5+puXUEUsn/pGD0
iTEA2/DoOMt8M5uqDzU5ZXmBYjlEd+fFGpHm6RuPMnjr+V/Uyd+9gHMUiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBPkLoFupQQ46CkORDBMapKzsaf1MB8GA1UdIwQY
MBaAFEz4CALGV5pNShBgjc+S6azpkFsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAt
OTFmNDlkOGQxMTVkLzEvRS1RdWdXNmxCRGpvS1E1RU1FeHFrck94cF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAtOTFmNDlkOGQxMTVk
LzEvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALVRrMA8E
AgACMAkDBwAqDbvHAAAwDQYJKoZIhvcNAQELBQADggEBAB76lV6Knvc8YhsM7vxJ
bZE9G6ATiIYfSm+PYNudNSpolnzQWzYObdXzzsfggTq4IxqiFtBH0S5iz2IXN/09
2zmV4LiF6bitHXaiTOsQdpkPahrhR+BACgKPVFKYxw2WOtxj4rC8+NaAnrAl58ze
H8BfVYajHlPkTjqRYZcvyti8vMZvtNRNAJll2+cgAlRNF1gt2yEMorJ0q/TfIOK0
lU7iyiohUyWAtnck2AOPyk7HNsPjblogpGs36o3qJuuA4MYuBBPEZtZhPWtBJ48j
uplKRo8k0HySo8SSvzgqf6ZxcZdxtc/v6vkz5yjQmexAZayioh6RAXYB2sABzqyO
Hyg=
-----END CERTIFICATE-----