Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/Zqp5x2-_Sqz4GRqykaz5aiXpkaM.roa
File:                     Zqp5x2-_Sqz4GRqykaz5aiXpkaM.roa (raw, json)
Hash identifier:          BmUZsVo6sVMqmntpxTmAVMPHIatz2tK57/mG2Oxn5uE=
Subject key identifier:   66:AA:79:C7:6F:BF:4A:AC:F8:19:1A:B2:91:AC:F9:6A:25:E9:91:A3
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F83A75F1F6C369608CEB91713F514
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/Zqp5x2-_Sqz4GRqykaz5aiXpkaM.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        45.86.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:83:a7:5f:1f:6c:36:96:08:ce:b9:17:13:f5:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66aa79c76fbf4aacf8191ab291acf96a25e991a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0f:dc:5a:3d:cb:f3:af:a2:f2:f0:eb:f2:72:
                    17:7d:25:88:32:2e:3e:10:e1:b3:9e:3f:69:f0:77:
                    b7:66:98:11:17:17:9c:0d:86:17:b4:11:85:d9:1f:
                    0b:0e:32:44:41:8c:e9:05:59:9f:84:f7:6a:e0:a4:
                    83:56:40:94:cd:73:80:dc:fb:71:4f:01:40:7e:c2:
                    5d:d6:f4:0d:5b:e0:fc:69:26:a2:c9:a0:1b:2d:de:
                    82:b2:ca:30:94:bb:0e:d7:9b:53:2d:67:45:83:37:
                    82:b6:28:7d:6d:9e:ae:f9:9b:20:97:a5:eb:85:ed:
                    49:de:a8:1d:84:41:39:84:74:55:69:22:fd:f8:c5:
                    46:42:be:c8:b1:c1:dd:70:e4:a4:e2:c4:e4:41:82:
                    e6:84:1a:96:e2:d5:3a:ae:1b:6b:c8:c2:67:81:a1:
                    12:5e:bf:58:e7:b9:be:00:5f:97:27:6b:7c:3e:72:
                    3c:4d:cd:f2:b4:2f:60:8e:87:f7:ae:04:b2:53:33:
                    01:a3:fb:8b:b6:c4:04:3d:af:47:73:62:0c:c2:57:
                    87:22:3c:dd:4c:50:a3:cd:e0:b9:29:3f:ad:90:c0:
                    04:b5:14:a5:39:0b:12:51:f3:9c:62:71:4d:6d:1e:
                    4c:f6:bd:b1:d1:41:7c:05:f8:1d:30:30:ba:2f:d5:
                    38:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:AA:79:C7:6F:BF:4A:AC:F8:19:1A:B2:91:AC:F9:6A:25:E9:91:A3
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/Zqp5x2-_Sqz4GRqykaz5aiXpkaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:59:e0:c1:bb:f1:56:c3:98:11:f4:d6:db:31:04:0b:9d:b0:
         3a:6c:9d:23:84:84:c8:55:40:60:8a:14:60:32:1b:47:f3:0c:
         19:64:ae:cb:c1:d3:e5:f2:bf:f7:d4:b0:a7:0a:32:b8:70:d0:
         1d:0d:e3:e1:f3:d7:bd:81:cb:69:73:04:80:52:5f:a9:21:8b:
         39:1c:04:5a:b5:c8:0a:89:fb:7f:38:41:48:03:6f:43:14:ef:
         d0:8a:c1:d1:69:37:e3:d2:81:85:12:5d:b2:bb:47:d1:82:d4:
         e6:d7:29:24:9f:70:32:30:1b:ac:75:9c:ea:4a:bf:8b:cb:de:
         d3:4e:f3:d0:1b:f1:97:ac:73:4f:f0:49:29:24:89:77:8f:62:
         20:ef:6a:92:ae:95:80:3c:df:04:5d:fc:b8:d0:7a:ae:8c:54:
         a0:7b:6a:a7:53:52:79:66:81:52:bf:5c:6d:1d:fd:88:54:ab:
         74:d1:49:9c:da:9b:58:4f:12:6f:cb:ee:60:e5:26:1c:87:f5:
         57:20:a3:8a:1d:5a:c4:3d:ac:ed:70:16:6f:f3:d2:d5:50:24:
         13:f3:ad:98:53:0b:54:5b:58:1f:94:b7:f7:c5:f7:d8:56:36:
         42:78:57:54:3b:62:50:12:55:bc:8a:e3:4a:31:b7:1a:60:2e:
         1e:06:82:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4OnXx9sNpYIzrkXE/UUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmFhNzljNzZmYmY0YWFjZjgxOTFhYjI5MWFjZjk2YTI1ZTk5MWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg/cWj3L86+i8vDr8nIXfSWIMi4+
EOGznj9p8He3ZpgRFxecDYYXtBGF2R8LDjJEQYzpBVmfhPdq4KSDVkCUzXOA3Ptx
TwFAfsJd1vQNW+D8aSaiyaAbLd6CssowlLsO15tTLWdFgzeCtih9bZ6u+Zsgl6Xr
he1J3qgdhEE5hHRVaSL9+MVGQr7IscHdcOSk4sTkQYLmhBqW4tU6rhtryMJngaES
Xr9Y57m+AF+XJ2t8PnI8Tc3ytC9gjof3rgSyUzMBo/uLtsQEPa9Hc2IMwleHIjzd
TFCjzeC5KT+tkMAEtRSlOQsSUfOcYnFNbR5M9r2x0UF8BfgdMDC6L9U44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaqecdvv0qs+BkaspGs+Wol6ZGjMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvWnFwNXgyLV9TcXo0R1JxeWthejVhaVhwa2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZUMA0G
CSqGSIb3DQEBCwUAA4IBAQAvWeDBu/FWw5gR9NbbMQQLnbA6bJ0jhITIVUBgihRg
MhtH8wwZZK7LwdPl8r/31LCnCjK4cNAdDePh89e9gctpcwSAUl+pIYs5HARatcgK
ift/OEFIA29DFO/QisHRaTfj0oGFEl2yu0fRgtTm1ykkn3AyMBusdZzqSr+Ly97T
TvPQG/GXrHNP8EkpJIl3j2Ig72qSrpWAPN8EXfy40HqujFSge2qnU1J5ZoFSv1xt
Hf2IVKt00Umc2ptYTxJvy+5g5SYch/VXIKOKHVrEPaztcBZv89LVUCQT862YUwtU
W1gflLf3xffYVjZCeFdUO2JQElW8iuNKMbcaYC4eBoIy
-----END CERTIFICATE-----