Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/2zzQ-i3SrG2BnQEAImE8qb809Ig.roa
File:                     2zzQ-i3SrG2BnQEAImE8qb809Ig.roa (raw, json)
Hash identifier:          E9DWI/xMAYDMMemAzml/jZsBZr77mJ8cfoQJWlvhNY4=
Subject key identifier:   DB:3C:D0:FA:2D:D2:AC:6D:81:9D:01:00:22:61:3C:A9:BF:34:F4:88
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       018DA75A7D41ACB484A9595D299C493DBE1D
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/2zzQ-i3SrG2BnQEAImE8qb809Ig.roa
Signing time:             Wed 14 Feb 2024 11:22:21 +0000
ROA not before:           Wed 14 Feb 2024 11:22:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134450
IP address blocks:        45.83.186.0/23 maxlen: 23
                          45.86.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:5a:7d:41:ac:b4:84:a9:59:5d:29:9c:49:3d:be:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Feb 14 11:22:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db3cd0fa2dd2ac6d819d010022613ca9bf34f488
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:a7:d6:f8:f0:26:1a:99:f2:bb:fb:87:da:
                    0d:65:9f:7a:74:95:3d:3d:bd:a2:89:59:0f:4f:4c:
                    1d:54:26:83:61:23:c7:15:4a:b4:24:ff:e7:03:a9:
                    b0:df:b3:92:eb:61:af:1c:53:2a:60:3b:85:42:9d:
                    02:11:41:9b:d0:04:dc:29:af:01:05:e1:96:42:f0:
                    15:e3:07:95:7b:f1:0f:10:35:1f:c9:6b:22:d3:5b:
                    c2:05:06:4f:b6:b3:0f:a1:a6:fe:d5:fc:74:9c:68:
                    e6:47:a8:04:12:46:e9:fa:47:98:67:d8:76:2f:ed:
                    32:26:b0:98:59:a9:01:da:14:6f:a1:ec:fa:00:f8:
                    14:0e:b9:05:4d:70:64:ae:f7:65:6a:24:08:94:4d:
                    bd:41:39:2f:82:42:eb:a1:a7:f5:6d:96:1a:dd:83:
                    45:11:c2:ea:78:ec:6c:5a:c6:56:c4:8e:d4:cc:f0:
                    c9:1a:ae:60:e5:5e:18:9e:59:d7:38:51:20:07:99:
                    80:cf:a5:2c:c0:c9:78:1c:a1:56:71:08:78:0e:df:
                    64:a3:75:55:6f:58:0a:d7:73:fb:1c:84:c7:04:62:
                    07:a9:c7:ff:18:2e:9f:82:c6:9b:06:86:5d:82:42:
                    6a:3f:1d:50:e5:88:a4:d9:85:4f:45:78:95:a9:49:
                    d6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3C:D0:FA:2D:D2:AC:6D:81:9D:01:00:22:61:3C:A9:BF:34:F4:88
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/2zzQ-i3SrG2BnQEAImE8qb809Ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.186.0/23
                  45.86.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:d2:77:c4:cb:f4:43:bb:1a:a1:b9:ba:ac:c5:c5:fc:80:a2:
         d6:29:54:8a:5d:72:83:5a:2f:de:36:bc:37:66:dc:22:ca:05:
         a6:1f:d5:95:f2:be:0c:fb:e8:c8:7a:fe:5c:74:4c:26:41:85:
         b2:b7:43:6b:10:26:1a:6b:b1:31:08:5e:07:d9:79:2d:3e:08:
         ae:8d:bd:1b:c1:d6:4c:28:af:93:8d:dc:7d:c7:1d:bc:6b:14:
         f7:77:89:c6:b0:ca:fd:e1:0d:c1:f3:cb:c1:c1:e1:30:cb:e5:
         a0:d6:9e:53:22:84:bb:2b:64:9d:fb:2a:52:16:84:e9:65:c8:
         17:4b:ab:1e:7e:a8:01:b1:9e:99:c9:4b:ce:35:c1:9a:74:5b:
         df:d5:f5:3f:cb:70:c2:9c:4c:2b:3e:b5:bc:1b:09:bc:05:9e:
         c6:9e:65:e5:36:43:48:a7:86:02:71:69:55:a5:e3:dc:95:f4:
         b8:25:34:69:2a:41:92:48:85:5d:81:96:c1:5d:33:0e:11:28:
         55:db:99:cc:30:c2:bc:13:c5:9d:1a:a5:dd:45:2e:ad:a2:82:
         cc:7f:b8:e2:c5:c6:6b:5e:01:48:78:ee:f2:35:d5:e4:74:cf:
         ef:21:36:77:58:67:de:ec:f5:9d:b9:4a:b4:a1:3a:c8:27:b2:
         98:85:88:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2nWn1BrLSEqVldKZxJPb4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjQwMjE0MTEyMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNjZDBmYTJkZDJhYzZkODE5ZDAxMDAyMjYxM2NhOWJmMzRmNDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPmn1vjwJhqZ8rv7h9oNZZ96dJU9
Pb2iiVkPT0wdVCaDYSPHFUq0JP/nA6mw37OS62GvHFMqYDuFQp0CEUGb0ATcKa8B
BeGWQvAV4weVe/EPEDUfyWsi01vCBQZPtrMPoab+1fx0nGjmR6gEEkbp+keYZ9h2
L+0yJrCYWakB2hRvoez6APgUDrkFTXBkrvdlaiQIlE29QTkvgkLroaf1bZYa3YNF
EcLqeOxsWsZWxI7UzPDJGq5g5V4YnlnXOFEgB5mAz6UswMl4HKFWcQh4Dt9ko3VV
b1gK13P7HITHBGIHqcf/GC6fgsabBoZdgkJqPx1Q5Yik2YVPRXiVqUnWBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNs80Pot0qxtgZ0BACJhPKm/NPSIMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvMnp6US1pM1NyRzJCblFFQUltRThxYjgwOUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVO6AwQC
LVYcMA0GCSqGSIb3DQEBCwUAA4IBAQAg0nfEy/RDuxqhubqsxcX8gKLWKVSKXXKD
Wi/eNrw3ZtwiygWmH9WV8r4M++jIev5cdEwmQYWyt0NrECYaa7ExCF4H2XktPgiu
jb0bwdZMKK+Tjdx9xx28axT3d4nGsMr94Q3B88vBweEwy+Wg1p5TIoS7K2Sd+ypS
FoTpZcgXS6sefqgBsZ6ZyUvONcGadFvf1fU/y3DCnEwrPrW8Gwm8BZ7GnmXlNkNI
p4YCcWlVpePclfS4JTRpKkGSSIVdgZbBXTMOEShV25nMMMK8E8WdGqXdRS6tooLM
f7jixcZrXgFIeO7yNdXkdM/vITZ3WGfe7PWduUq0oTrIJ7KYhYgH
-----END CERTIFICATE-----