Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/2HSiRCVRROrOcEAAqDbXvkyrWKc.roa
File:                     2HSiRCVRROrOcEAAqDbXvkyrWKc.roa (raw, json)
Hash identifier:          ojFJJAIKbZ6SrKutOqNsG0fy9V6QfAg4wsSink+BljM=
Subject key identifier:   D8:74:A2:44:25:51:44:EA:CE:70:40:00:A8:36:D7:BE:4C:AB:58:A7
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       019081C04184395E71571B3A09A8AB64EDB0
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/2HSiRCVRROrOcEAAqDbXvkyrWKc.roa
Signing time:             Fri 05 Jul 2024 07:16:18 +0000
ROA not before:           Fri 05 Jul 2024 07:16:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        45.90.248.0/22 maxlen: 22
                          212.60.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:81:c0:41:84:39:5e:71:57:1b:3a:09:a8:ab:64:ed:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Jul  5 07:16:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d874a244255144eace704000a836d7be4cab58a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1a:b1:cf:c9:28:93:25:78:f3:7d:52:83:88:
                    2d:3e:ba:3a:00:70:b4:10:27:df:86:1f:58:b0:e8:
                    37:7e:c3:bf:92:1b:a2:a4:f3:95:a6:24:12:59:b0:
                    e0:45:ef:3d:46:9c:14:b9:76:77:f9:3b:40:37:d2:
                    c7:48:08:35:ca:1d:ce:dd:56:80:6f:0d:4a:79:3e:
                    05:1a:1c:e6:a8:62:c5:0b:36:90:95:f2:ba:80:90:
                    67:27:10:f4:98:95:cb:6c:ba:72:f7:75:ba:b9:5c:
                    e9:31:87:15:8c:78:ff:b3:3e:70:44:7e:87:ef:18:
                    76:91:55:6a:a9:67:e6:ec:3a:f9:d5:80:81:16:cc:
                    e8:6d:02:b7:d8:4f:22:7c:a5:4a:48:4f:06:01:16:
                    6c:9b:08:86:d1:41:5f:de:3e:c4:27:e9:7c:ab:17:
                    c5:24:39:22:18:82:d0:57:73:7e:39:32:12:0a:fc:
                    84:74:2f:ad:ab:bc:a8:fb:91:fe:b2:fb:dd:46:73:
                    2d:ef:f8:52:f2:75:c6:07:c3:80:95:f9:f5:22:b4:
                    c1:7d:37:67:d2:49:a8:b1:da:54:5c:87:d6:d3:72:
                    22:24:2a:11:96:b1:f2:62:38:73:d3:29:27:29:47:
                    41:ba:75:3b:1d:6a:b0:d3:86:0e:9d:d3:54:a3:e6:
                    db:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:74:A2:44:25:51:44:EA:CE:70:40:00:A8:36:D7:BE:4C:AB:58:A7
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/2HSiRCVRROrOcEAAqDbXvkyrWKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.248.0/22
                  212.60.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:53:2f:21:e7:9a:5d:db:df:75:c4:6f:86:2b:94:7f:e4:23:
         c4:8d:06:00:7a:48:34:99:89:c6:c1:82:05:64:31:89:b4:23:
         3b:42:1b:cb:ce:a6:e4:0a:5b:ad:d1:c0:36:60:c8:c1:96:2f:
         a1:eb:13:0f:c1:67:76:d0:0a:8a:d4:df:42:ec:e3:e2:7a:79:
         e7:e7:d2:b1:71:cf:af:2b:c2:73:8a:15:a0:fa:fe:6a:a9:33:
         21:51:ff:8a:18:cc:99:2f:88:ff:e3:53:e3:53:58:21:95:f6:
         1f:97:30:07:28:90:a4:f9:20:cb:d3:8c:04:31:b4:c8:73:ac:
         d0:e6:c6:a8:23:71:41:9f:81:01:a9:ad:a8:e4:c0:59:2e:c1:
         49:34:73:b9:42:6e:c0:b6:9b:42:19:ef:d2:1a:09:be:cb:7d:
         a9:01:27:a2:4a:58:55:79:30:f5:4c:46:36:fb:e9:fc:c6:87:
         6b:f8:d2:05:b2:e2:f7:f6:f5:ff:90:a0:fe:4c:d0:7a:81:dc:
         9c:de:55:5d:71:36:11:b6:f5:6e:a5:02:6f:95:0c:14:91:cb:
         5a:87:85:d8:69:aa:b5:ce:86:19:fc:c0:e3:37:f0:5b:fd:bb:
         6f:f9:01:b0:66:59:3c:38:bc:c6:83:53:02:dd:8c:4a:66:65:
         cf:11:c6:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCBwEGEOV5xVxs6CairZO2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjQwNzA1MDcxNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODc0YTI0NDI1NTE0NGVhY2U3MDQwMDBhODM2ZDdiZTRjYWI1OGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxqxz8kokyV4831Sg4gtPro6AHC0
ECffhh9YsOg3fsO/khuipPOVpiQSWbDgRe89RpwUuXZ3+TtAN9LHSAg1yh3O3VaA
bw1KeT4FGhzmqGLFCzaQlfK6gJBnJxD0mJXLbLpy93W6uVzpMYcVjHj/sz5wRH6H
7xh2kVVqqWfm7Dr51YCBFszobQK32E8ifKVKSE8GARZsmwiG0UFf3j7EJ+l8qxfF
JDkiGILQV3N+OTISCvyEdC+tq7yo+5H+svvdRnMt7/hS8nXGB8OAlfn1IrTBfTdn
0kmosdpUXIfW03IiJCoRlrHyYjhz0yknKUdBunU7HWqw04YOndNUo+bbJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNh0okQlUUTqznBAAKg2175Mq1inMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvMkhTaVJDVlJST3JPY0VBQXFEYlh2a3lyV0tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVr4AwQC
1DwAMA0GCSqGSIb3DQEBCwUAA4IBAQAwUy8h55pd2991xG+GK5R/5CPEjQYAekg0
mYnGwYIFZDGJtCM7QhvLzqbkClut0cA2YMjBli+h6xMPwWd20AqK1N9C7OPiennn
59Kxcc+vK8JzihWg+v5qqTMhUf+KGMyZL4j/41PjU1ghlfYflzAHKJCk+SDL04wE
MbTIc6zQ5saoI3FBn4EBqa2o5MBZLsFJNHO5Qm7AtptCGe/SGgm+y32pASeiSlhV
eTD1TEY2++n8xodr+NIFsuL39vX/kKD+TNB6gdyc3lVdcTYRtvVupQJvlQwUkcta
h4XYaaq1zoYZ/MDjN/Bb/btv+QGwZlk8OLzGg1MC3YxKZmXPEcbp
-----END CERTIFICATE-----