Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/panIjAvBsV-_40zHvazZIjwe7zE.roa
File:                     panIjAvBsV-_40zHvazZIjwe7zE.roa (raw, json)
Hash identifier:          YtEjj31rsqluegozN2pIiwUn4NHqrlKE+KnnZqJE6cE=
Subject key identifier:   A5:A9:C8:8C:0B:C1:B1:5F:BF:E3:4C:C7:BD:AC:D9:22:3C:1E:EF:31
Certificate issuer:       /CN=85add8eaaeb3a478d7e5df3e7ee1c323f166bf28
Certificate serial:       0190A1D3DB461C10DCDD9B2152C6F1521F31
Authority key identifier: 85:AD:D8:EA:AE:B3:A4:78:D7:E5:DF:3E:7E:E1:C3:23:F1:66:BF:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/panIjAvBsV-_40zHvazZIjwe7zE.roa
Signing time:             Thu 11 Jul 2024 12:45:34 +0000
ROA not before:           Thu 11 Jul 2024 12:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.84.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a1:d3:db:46:1c:10:dc:dd:9b:21:52:c6:f1:52:1f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85add8eaaeb3a478d7e5df3e7ee1c323f166bf28
        Validity
            Not Before: Jul 11 12:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5a9c88c0bc1b15fbfe34cc7bdacd9223c1eef31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:51:2a:ef:8a:9e:39:8d:09:83:b5:20:7f:77:
                    56:f1:6d:aa:41:4a:03:f2:3a:c9:ba:d0:48:40:0f:
                    19:52:5d:4d:27:16:6c:a3:cc:71:0e:03:99:e8:3a:
                    0a:fa:f8:21:39:f5:c4:13:6f:1d:42:f9:45:67:f2:
                    97:b7:f3:89:34:40:23:f6:91:9c:0d:67:b8:5b:83:
                    70:8d:4f:af:97:63:05:ad:ef:02:85:d5:d9:59:f0:
                    59:64:bf:8f:ba:1c:33:37:2e:60:58:1b:09:0a:af:
                    ab:5a:ad:de:a8:30:cb:c2:33:59:f1:96:55:13:36:
                    5d:a5:e0:31:d0:0d:f6:c1:b8:f9:64:80:42:ab:1e:
                    a9:a6:53:cc:15:4f:50:57:d7:c2:82:07:c1:0b:43:
                    d7:e6:ba:99:b4:39:d1:c4:16:16:44:0a:57:a5:ba:
                    5f:23:d7:b6:cb:a7:bf:dc:e0:e7:9d:0d:79:62:fa:
                    31:dc:03:1e:5d:ec:d8:5f:10:a3:3c:8d:9a:2e:aa:
                    59:93:6e:d6:62:68:1d:bd:d7:97:46:fa:ad:98:15:
                    26:53:81:c6:ac:92:6d:6b:6b:1a:68:86:14:d0:ce:
                    4b:40:01:b7:cc:c0:ad:56:be:e5:ca:1f:9b:31:3c:
                    59:7d:4c:71:4b:ea:18:49:0b:51:80:87:95:a7:86:
                    ce:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A9:C8:8C:0B:C1:B1:5F:BF:E3:4C:C7:BD:AC:D9:22:3C:1E:EF:31
            X509v3 Authority Key Identifier:
                keyid:85:AD:D8:EA:AE:B3:A4:78:D7:E5:DF:3E:7E:E1:C3:23:F1:66:BF:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/panIjAvBsV-_40zHvazZIjwe7zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:bd:ee:35:d3:b7:8f:82:64:f5:65:a6:b2:5b:52:cd:8d:97:
         8d:cf:10:fa:a7:65:f1:90:ae:9c:04:bf:ec:89:67:72:98:33:
         0e:02:00:8a:e0:50:d2:70:22:a3:6d:e6:cd:82:ff:9b:d7:ab:
         1f:c3:b5:a5:40:d8:e4:3d:24:56:f1:14:0d:20:1a:d1:f4:f6:
         06:fd:4e:87:f6:b5:62:7d:0b:84:92:6a:51:26:92:9d:ea:b5:
         97:65:ba:ba:41:a6:71:4e:e6:ff:de:34:0e:46:6b:42:8d:6f:
         0a:08:1b:8e:f7:e6:28:e2:03:24:25:ae:0c:e7:1d:79:87:14:
         85:4f:f3:76:6f:de:85:db:2a:41:f0:ee:cb:ed:70:3c:fa:cc:
         49:52:d7:24:64:4b:7c:39:09:87:65:0f:66:d9:71:df:bb:8b:
         70:ef:45:0d:09:6c:b4:42:59:75:2a:f5:00:a9:39:5b:13:30:
         15:89:59:7a:cf:5e:cf:a8:85:bb:92:c3:0f:bd:b8:22:33:53:
         6b:2b:11:03:d0:b1:73:99:c9:41:90:49:ae:6e:1a:6e:a0:45:
         06:fc:0a:40:e4:bb:6a:7b:0e:e6:cc:53:7f:56:1c:98:e2:c8:
         66:95:53:bd:1c:5c:3a:1e:9e:82:09:9f:c9:a8:5d:ac:b9:9c:
         d7:4b:51:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCh09tGHBDc3ZshUsbxUh8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YWRkOGVhYWViM2E0NzhkN2U1ZGYzZTdlZTFjMzIzZjE2
NmJmMjgwHhcNMjQwNzExMTI0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWE5Yzg4YzBiYzFiMTVmYmZlMzRjYzdiZGFjZDkyMjNjMWVlZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFEq74qeOY0Jg7Ugf3dW8W2qQUoD
8jrJutBIQA8ZUl1NJxZso8xxDgOZ6DoK+vghOfXEE28dQvlFZ/KXt/OJNEAj9pGc
DWe4W4NwjU+vl2MFre8ChdXZWfBZZL+PuhwzNy5gWBsJCq+rWq3eqDDLwjNZ8ZZV
EzZdpeAx0A32wbj5ZIBCqx6pplPMFU9QV9fCggfBC0PX5rqZtDnRxBYWRApXpbpf
I9e2y6e/3ODnnQ15Yvox3AMeXezYXxCjPI2aLqpZk27WYmgdvdeXRvqtmBUmU4HG
rJJta2saaIYU0M5LQAG3zMCtVr7lyh+bMTxZfUxxS+oYSQtRgIeVp4bOZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWpyIwLwbFfv+NMx72s2SI8Hu8xMB8GA1UdIwQY
MBaAFIWt2Oqus6R41+XfPn7hwyPxZr8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGEzWTZxNnpwSGpYNWQ4LWZ1SERJX0ZtdnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kNDRkZDAtMDViNy00NDI3LWEwODIt
MWI3ZWMzOGU5ZjQ0LzEvcGFuSWpBdkJzVi1fNDB6SHZhelpJandlN3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kNDRkZDAtMDViNy00NDI3LWEwODItMWI3ZWMzOGU5ZjQ0
LzEvaGEzWTZxNnpwSGpYNWQ4LWZ1SERJX0ZtdnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTuMA0G
CSqGSIb3DQEBCwUAA4IBAQCHve4107ePgmT1ZaayW1LNjZeNzxD6p2XxkK6cBL/s
iWdymDMOAgCK4FDScCKjbebNgv+b16sfw7WlQNjkPSRW8RQNIBrR9PYG/U6H9rVi
fQuEkmpRJpKd6rWXZbq6QaZxTub/3jQORmtCjW8KCBuO9+Yo4gMkJa4M5x15hxSF
T/N2b96F2ypB8O7L7XA8+sxJUtckZEt8OQmHZQ9m2XHfu4tw70UNCWy0Qll1KvUA
qTlbEzAViVl6z17PqIW7ksMPvbgiM1NrKxED0LFzmclBkEmubhpuoEUG/ApA5Ltq
ew7mzFN/VhyY4shmlVO9HFw6Hp6CCZ/JqF2suZzXS1El
-----END CERTIFICATE-----