Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/Ibs4dsroX5uKEjC2Zy73-DIiiDc.roa
File:                     Ibs4dsroX5uKEjC2Zy73-DIiiDc.roa (raw, json)
Hash identifier:          No1cpwqIVYTaV1VN8t9UTUT+tLys0QFYLD6LK6VhmnU=
Subject key identifier:   21:BB:38:76:CA:E8:5F:9B:8A:12:30:B6:67:2E:F7:F8:32:22:88:37
Certificate issuer:       /CN=2b69c92bc09bf6b8da6533dd7a7b0b1a57e65ea4
Certificate serial:       018CC8DEA1EDB0073B2C8EAC6E0110FDF8B4
Authority key identifier: 2B:69:C9:2B:C0:9B:F6:B8:DA:65:33:DD:7A:7B:0B:1A:57:E6:5E:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2nJK8Cb9rjaZTPdensLGlfmXqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/Ibs4dsroX5uKEjC2Zy73-DIiiDc.roa
Signing time:             Tue 02 Jan 2024 06:31:22 +0000
ROA not before:           Tue 02 Jan 2024 06:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51324
IP address blocks:        45.93.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/K2nJK8Cb9rjaZTPdensLGlfmXqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/K2nJK8Cb9rjaZTPdensLGlfmXqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2nJK8Cb9rjaZTPdensLGlfmXqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a1:ed:b0:07:3b:2c:8e:ac:6e:01:10:fd:f8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b69c92bc09bf6b8da6533dd7a7b0b1a57e65ea4
        Validity
            Not Before: Jan  2 06:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21bb3876cae85f9b8a1230b6672ef7f832228837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5b:5f:2d:c8:33:d1:16:b0:68:46:04:1d:21:
                    99:b2:bf:5a:b2:25:29:85:fb:27:56:7e:81:02:79:
                    0c:37:d2:63:ce:5a:9c:37:67:9e:79:b4:ed:f8:8b:
                    34:10:42:82:c7:a4:6b:9b:47:73:27:e5:b4:bc:6d:
                    1a:a6:f0:df:17:af:bb:f0:81:38:26:08:8a:a2:4b:
                    76:7b:ed:0e:ca:88:bd:96:a1:16:30:0d:0e:4b:4e:
                    4e:3e:f8:56:0d:07:19:79:51:47:2c:50:d5:da:b8:
                    72:7a:56:6a:7c:51:94:2a:3b:c1:88:12:34:69:4e:
                    d2:53:d8:37:08:78:d0:4b:a4:ee:99:90:e7:55:35:
                    a3:3a:f5:2d:05:ec:b6:e6:1e:53:ce:af:7b:de:0c:
                    b0:0e:a9:cb:41:27:87:58:10:cd:24:19:a6:9f:58:
                    ad:52:80:db:7a:32:aa:37:ba:9f:57:ba:d9:96:c5:
                    cd:1c:77:45:b9:93:f8:be:01:10:37:db:41:3e:67:
                    e3:d1:95:82:0b:39:22:61:bb:a8:ae:6a:5c:bc:ab:
                    43:94:1b:0a:f1:be:66:c2:aa:74:12:19:cc:b6:68:
                    57:68:a5:aa:d7:fe:9a:f7:59:ea:01:01:dd:2d:78:
                    0d:aa:3c:c7:49:bf:ea:24:6f:6f:3d:66:33:0c:cb:
                    89:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BB:38:76:CA:E8:5F:9B:8A:12:30:B6:67:2E:F7:F8:32:22:88:37
            X509v3 Authority Key Identifier:
                keyid:2B:69:C9:2B:C0:9B:F6:B8:DA:65:33:DD:7A:7B:0B:1A:57:E6:5E:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2nJK8Cb9rjaZTPdensLGlfmXqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/Ibs4dsroX5uKEjC2Zy73-DIiiDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/K2nJK8Cb9rjaZTPdensLGlfmXqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:61:62:3c:e3:c4:e8:f0:ff:6f:a2:05:95:00:85:e5:11:ff:
         c4:41:3f:76:b3:d0:84:05:64:67:ff:42:ca:30:ff:4e:d7:46:
         0f:f7:b8:51:62:6d:49:ae:e0:0d:91:20:29:4f:53:c2:34:43:
         fd:b1:ac:52:0b:a0:cb:38:cd:b0:86:ff:b3:f9:c3:cf:01:c4:
         51:58:2c:b5:01:2f:8d:5a:21:76:56:e1:92:4e:7f:21:5c:58:
         99:30:e9:0e:7d:47:44:f9:80:01:76:88:64:8c:c1:49:13:d5:
         6f:c4:89:78:ac:5b:9e:e7:88:4f:76:fe:6a:85:21:3b:1d:3c:
         8c:aa:48:19:f3:01:11:a5:9e:16:59:a6:5d:49:61:9c:05:03:
         90:f6:20:78:3f:71:71:67:9c:13:d8:8b:37:08:ff:71:27:ad:
         a5:5d:82:27:87:2a:0b:2c:c2:28:8f:a0:f9:4a:fd:fe:bd:f9:
         70:67:af:9f:0e:cd:82:f2:e7:2f:fc:4e:86:9b:d7:f5:00:75:
         73:1e:d0:54:48:28:5c:1a:7c:31:1c:6a:20:42:e7:78:ef:83:
         e7:65:c2:d8:72:cf:4a:18:8b:67:23:5a:95:0a:71:fa:a7:0c:
         a4:0f:71:63:b6:12:a7:03:c2:39:26:ff:86:a6:72:99:78:1a:
         36:a7:3e:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qHtsAc7LI6sbgEQ/fi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjljOTJiYzA5YmY2YjhkYTY1MzNkZDdhN2IwYjFhNTdl
NjVlYTQwHhcNMjQwMTAyMDYzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJiMzg3NmNhZTg1ZjliOGExMjMwYjY2NzJlZjdmODMyMjI4ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFtfLcgz0RawaEYEHSGZsr9asiUp
hfsnVn6BAnkMN9JjzlqcN2eeebTt+Is0EEKCx6Rrm0dzJ+W0vG0apvDfF6+78IE4
JgiKokt2e+0Oyoi9lqEWMA0OS05OPvhWDQcZeVFHLFDV2rhyelZqfFGUKjvBiBI0
aU7SU9g3CHjQS6TumZDnVTWjOvUtBey25h5Tzq973gywDqnLQSeHWBDNJBmmn1it
UoDbejKqN7qfV7rZlsXNHHdFuZP4vgEQN9tBPmfj0ZWCCzkiYbuormpcvKtDlBsK
8b5mwqp0EhnMtmhXaKWq1/6a91nqAQHdLXgNqjzHSb/qJG9vPWYzDMuJhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCG7OHbK6F+bihIwtmcu9/gyIog3MB8GA1UdIwQY
MBaAFCtpySvAm/a42mUz3Xp7CxpX5l6kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJuSks4Q2I5cmphWlRQZGVuc0xHbGZtWHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC81YjNmZmUtOWY5ZC00MTg5LWE4Y2Et
MDg0YWFiYTBmNTg4LzEvSWJzNGRzcm9YNXVLRWpDMlp5NzMtRElpaURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC81YjNmZmUtOWY5ZC00MTg5LWE4Y2EtMDg0YWFiYTBmNTg4
LzEvSzJuSks4Q2I5cmphWlRQZGVuc0xHbGZtWHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV28MA0G
CSqGSIb3DQEBCwUAA4IBAQBcYWI848To8P9vogWVAIXlEf/EQT92s9CEBWRn/0LK
MP9O10YP97hRYm1JruANkSApT1PCNEP9saxSC6DLOM2whv+z+cPPAcRRWCy1AS+N
WiF2VuGSTn8hXFiZMOkOfUdE+YABdohkjMFJE9VvxIl4rFue54hPdv5qhSE7HTyM
qkgZ8wERpZ4WWaZdSWGcBQOQ9iB4P3FxZ5wT2Is3CP9xJ62lXYInhyoLLMIoj6D5
Sv3+vflwZ6+fDs2C8ucv/E6Gm9f1AHVzHtBUSChcGnwxHGogQud474PnZcLYcs9K
GItnI1qVCnH6pwykD3FjthKnA8I5Jv+GpnKZeBo2pz70
-----END CERTIFICATE-----