Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/b463a6-282f-45f0-b4ba-cdf92fbe8f0b/1/RrYQYfv230YAsHc87M7UA1kqV70.roa
File:                     RrYQYfv230YAsHc87M7UA1kqV70.roa (raw, json)
Hash identifier:          Y2H8CX+0S1AGrrTrW6thmh6ZV49jg9ASZW+87I1/G6M=
Subject key identifier:   46:B6:10:61:FB:F6:DF:46:00:B0:77:3C:EC:CE:D4:03:59:2A:57:BD
Certificate issuer:       /CN=ac91f230a0e2eeda3810522e74a698200713e620
Certificate serial:       018CC8DE5789676EB6C05C9B687815025B65
Authority key identifier: AC:91:F2:30:A0:E2:EE:DA:38:10:52:2E:74:A6:98:20:07:13:E6:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJHyMKDi7to4EFIudKaYIAcT5iA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/b463a6-282f-45f0-b4ba-cdf92fbe8f0b/1/RrYQYfv230YAsHc87M7UA1kqV70.roa
Signing time:             Tue 02 Jan 2024 06:31:03 +0000
ROA not before:           Tue 02 Jan 2024 06:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208403
IP address blocks:        45.131.23.0/24 maxlen: 24
                          45.131.20.0/24 maxlen: 24
                          45.131.21.0/24 maxlen: 24
                          45.131.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/b463a6-282f-45f0-b4ba-cdf92fbe8f0b/1/rJHyMKDi7to4EFIudKaYIAcT5iA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/b463a6-282f-45f0-b4ba-cdf92fbe8f0b/1/rJHyMKDi7to4EFIudKaYIAcT5iA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJHyMKDi7to4EFIudKaYIAcT5iA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:57:89:67:6e:b6:c0:5c:9b:68:78:15:02:5b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac91f230a0e2eeda3810522e74a698200713e620
        Validity
            Not Before: Jan  2 06:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46b61061fbf6df4600b0773cecced403592a57bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2a:bd:d9:6e:9a:52:85:dc:df:df:59:01:6e:
                    a6:ec:9b:e3:a5:ae:a5:db:2d:49:83:63:fe:ed:7d:
                    02:c4:32:31:99:8e:4f:f1:71:da:ec:cb:7e:a0:cc:
                    58:c9:34:9a:fd:7c:59:2f:68:bb:27:c8:42:f4:31:
                    22:25:2b:98:c5:56:a1:8e:e7:aa:4f:a5:28:c2:b0:
                    d1:be:12:dc:33:28:80:dd:62:1c:b3:2b:38:22:ef:
                    1b:ac:2c:fb:c7:1a:26:d2:0f:6b:c4:75:ca:55:7d:
                    0f:c5:ba:74:80:29:c2:d4:3d:a1:81:fe:2d:7a:7f:
                    b5:43:5c:55:81:4f:36:ba:13:8d:c2:86:f1:04:d8:
                    98:e3:8c:f0:2c:fe:b2:cb:c3:61:29:6d:89:3f:03:
                    64:6c:7d:ad:fe:18:75:35:45:1f:de:32:ec:a4:23:
                    3c:2c:22:f5:ef:35:c7:18:1a:75:ac:b7:da:6c:4a:
                    7d:69:89:db:d6:9b:30:41:24:29:67:6f:44:ca:00:
                    b8:cf:6f:9a:2e:98:74:b2:c3:dc:64:6b:08:c2:fd:
                    80:c8:02:74:da:18:14:ff:06:ce:74:54:10:55:5b:
                    e9:a2:25:c3:dc:94:a5:3c:34:03:2c:5a:3c:2f:c9:
                    26:5f:64:bc:df:ab:a0:ac:11:e5:53:9e:ef:2f:4c:
                    14:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:B6:10:61:FB:F6:DF:46:00:B0:77:3C:EC:CE:D4:03:59:2A:57:BD
            X509v3 Authority Key Identifier:
                keyid:AC:91:F2:30:A0:E2:EE:DA:38:10:52:2E:74:A6:98:20:07:13:E6:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJHyMKDi7to4EFIudKaYIAcT5iA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/b463a6-282f-45f0-b4ba-cdf92fbe8f0b/1/RrYQYfv230YAsHc87M7UA1kqV70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/b463a6-282f-45f0-b4ba-cdf92fbe8f0b/1/rJHyMKDi7to4EFIudKaYIAcT5iA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:66:93:06:22:dd:fb:7d:a7:99:8b:51:8a:71:34:43:53:44:
         40:76:08:8b:59:dd:59:ad:2b:7b:7f:8c:7b:fe:67:d9:4c:97:
         9b:b3:fd:bd:23:c1:99:87:d3:74:12:a3:33:4d:45:aa:a3:cb:
         86:05:7e:f0:30:7b:1f:f3:e9:a6:a9:58:db:5d:63:1b:fc:09:
         3d:90:f8:e9:61:ef:68:24:79:a8:66:dc:e7:ab:37:d1:dc:aa:
         f2:3f:9b:15:f3:a0:2b:bc:24:12:7a:ce:cd:80:48:98:b1:50:
         24:83:40:eb:53:1f:25:0c:bb:d8:52:88:02:3b:25:63:fe:a0:
         b9:38:37:93:02:7e:1b:9d:86:9e:fb:d1:fb:65:4b:f9:4b:41:
         8f:8a:15:52:df:5e:78:2e:6c:4d:91:a9:91:59:b2:79:6e:c1:
         97:8c:12:a4:62:13:c9:16:88:fb:f4:68:6e:ee:b5:1a:bc:ae:
         72:f3:7a:5e:da:c6:77:a0:25:db:75:45:e7:fe:c3:c4:9e:dd:
         17:cc:09:50:45:08:8d:da:cc:be:7d:c0:b7:bd:0f:da:81:fc:
         ec:06:a6:09:86:4d:ae:20:5f:0a:c5:fd:59:42:07:65:db:d8:
         1c:c2:21:74:4e:71:9c:f8:b4:c4:37:0a:22:a0:21:ee:9f:cf:
         bc:8c:54:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3leJZ262wFybaHgVAltlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOTFmMjMwYTBlMmVlZGEzODEwNTIyZTc0YTY5ODIwMDcx
M2U2MjAwHhcNMjQwMTAyMDYzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmI2MTA2MWZiZjZkZjQ2MDBiMDc3M2NlY2NlZDQwMzU5MmE1N2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCq92W6aUoXc399ZAW6m7Jvjpa6l
2y1Jg2P+7X0CxDIxmY5P8XHa7Mt+oMxYyTSa/XxZL2i7J8hC9DEiJSuYxVahjueq
T6UowrDRvhLcMyiA3WIcsys4Iu8brCz7xxom0g9rxHXKVX0Pxbp0gCnC1D2hgf4t
en+1Q1xVgU82uhONwobxBNiY44zwLP6yy8NhKW2JPwNkbH2t/hh1NUUf3jLspCM8
LCL17zXHGBp1rLfabEp9aYnb1pswQSQpZ29EygC4z2+aLph0ssPcZGsIwv2AyAJ0
2hgU/wbOdFQQVVvpoiXD3JSlPDQDLFo8L8kmX2S836ugrBHlU57vL0wUlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEa2EGH79t9GALB3POzO1ANZKle9MB8GA1UdIwQY
MBaAFKyR8jCg4u7aOBBSLnSmmCAHE+YgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpIeU1LRGk3dG80RUZJdWRLYVlJQWNUNWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9iNDYzYTYtMjgyZi00NWYwLWI0YmEt
Y2RmOTJmYmU4ZjBiLzEvUnJZUVlmdjIzMFlBc0hjODdNN1VBMWtxVjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9iNDYzYTYtMjgyZi00NWYwLWI0YmEtY2RmOTJmYmU4ZjBi
LzEvckpIeU1LRGk3dG80RUZJdWRLYVlJQWNUNWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYMUMA0G
CSqGSIb3DQEBCwUAA4IBAQAoZpMGIt37faeZi1GKcTRDU0RAdgiLWd1ZrSt7f4x7
/mfZTJebs/29I8GZh9N0EqMzTUWqo8uGBX7wMHsf8+mmqVjbXWMb/Ak9kPjpYe9o
JHmoZtznqzfR3KryP5sV86ArvCQSes7NgEiYsVAkg0DrUx8lDLvYUogCOyVj/qC5
ODeTAn4bnYae+9H7ZUv5S0GPihVS3154LmxNkamRWbJ5bsGXjBKkYhPJFoj79Ghu
7rUavK5y83pe2sZ3oCXbdUXn/sPEnt0XzAlQRQiN2sy+fcC3vQ/agfzsBqYJhk2u
IF8Kxf1ZQgdl29gcwiF0TnGc+LTENwoioCHun8+8jFQb
-----END CERTIFICATE-----