Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/kMq9diBowv6nCvabulowQTpN1L8.roa
File:                     kMq9diBowv6nCvabulowQTpN1L8.roa (raw, json)
Hash identifier:          uU1YDBJdxC8e3v7LbcibWSN88T8Vo0X1lN/gu8i/NO4=
Subject key identifier:   90:CA:BD:76:20:68:C2:FE:A7:0A:F6:9B:BA:5A:30:41:3A:4D:D4:BF
Certificate issuer:       /CN=aa65af697df1f6cdaf4cbbd66de3d43bed869e90
Certificate serial:       018CC795328D678FEAFCB80C882E8B156CD3
Authority key identifier: AA:65:AF:69:7D:F1:F6:CD:AF:4C:BB:D6:6D:E3:D4:3B:ED:86:9E:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/kMq9diBowv6nCvabulowQTpN1L8.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208320
IP address blocks:        45.143.111.0/24 maxlen: 24
                          45.143.110.0/24 maxlen: 24
                          45.143.109.0/24 maxlen: 24
                          45.143.108.0/22 maxlen: 22
                          45.143.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:32:8d:67:8f:ea:fc:b8:0c:88:2e:8b:15:6c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa65af697df1f6cdaf4cbbd66de3d43bed869e90
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90cabd762068c2fea70af69bba5a30413a4dd4bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:69:83:bd:54:e7:1e:65:9c:2c:93:38:db:9c:
                    f6:2b:1a:9c:34:d9:2f:15:1c:cc:e8:5c:1c:ab:6e:
                    17:e4:a9:8d:3d:cb:82:d3:c7:73:b4:e1:55:2b:9c:
                    d8:40:4c:29:72:65:84:c7:b8:2b:60:9b:d6:1b:ce:
                    c8:23:84:f0:42:54:ef:ee:36:c6:33:6f:d3:1b:f1:
                    06:8a:c7:f0:aa:bf:a2:69:e0:99:a7:2a:57:de:0f:
                    9a:c7:af:a2:cb:e7:7b:43:07:54:c1:cd:ea:ea:c0:
                    12:91:a4:d2:1e:88:e5:bc:38:cc:34:82:a6:c3:41:
                    f2:db:de:a1:00:ae:20:19:84:74:08:d5:45:bd:bc:
                    d2:08:a6:f7:f8:d5:88:bf:c6:60:53:17:f0:38:32:
                    da:a3:66:20:d7:4e:23:8b:7d:93:6b:84:53:a6:86:
                    c9:78:66:0e:19:8e:8f:66:63:8d:1d:b6:81:e0:5b:
                    9f:50:6e:be:63:85:52:50:d9:13:fa:c9:9e:60:6b:
                    8e:fe:f5:8b:59:4f:5d:90:df:88:48:a4:6a:13:7b:
                    e9:64:f8:94:0c:a8:2a:4b:e0:d4:83:34:9a:ae:e2:
                    21:87:92:ef:26:36:da:22:27:06:39:a1:e5:83:52:
                    48:b0:98:24:df:f9:9e:3d:30:24:3b:79:48:c7:0f:
                    d7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CA:BD:76:20:68:C2:FE:A7:0A:F6:9B:BA:5A:30:41:3A:4D:D4:BF
            X509v3 Authority Key Identifier:
                keyid:AA:65:AF:69:7D:F1:F6:CD:AF:4C:BB:D6:6D:E3:D4:3B:ED:86:9E:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/kMq9diBowv6nCvabulowQTpN1L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:6b:12:d5:1c:78:46:2c:5a:2a:f7:1f:55:c3:d9:5c:92:21:
         34:d1:43:f1:e3:9a:da:86:78:76:63:7c:65:a1:c5:78:7a:23:
         e8:d6:d2:a7:fa:93:99:ae:1a:26:f7:2a:d4:e8:b2:ee:b6:fe:
         94:67:90:e0:d2:15:83:f7:96:90:6d:f7:77:1a:d7:6c:e6:a6:
         3d:f6:1a:ac:d6:92:8b:df:6f:24:fc:f7:a6:d9:e0:41:ba:c3:
         af:aa:89:73:32:38:ef:b7:a2:a9:d0:f7:95:8d:95:87:d1:5e:
         d4:e0:f1:b0:a9:c7:78:4b:6f:2a:ae:52:2f:ff:14:a2:2c:9f:
         06:51:c3:8a:f3:98:c9:f7:0c:85:68:20:ab:10:a4:25:d4:5e:
         ff:87:1f:30:e7:03:a1:c3:a5:c7:07:d6:df:ec:6c:37:92:7f:
         b0:da:c5:4b:4b:a8:e7:a9:d3:e1:0b:2b:8d:54:6f:21:09:8b:
         65:a8:b4:bf:fe:fc:40:f5:b7:7e:a7:40:19:f2:b2:04:39:94:
         e9:5d:f6:80:4c:bc:c3:78:70:b1:fa:16:d5:84:02:e0:c0:ad:
         70:48:65:c2:55:1e:43:ba:36:7d:59:34:62:f4:6a:aa:88:d3:
         4d:75:5c:be:1a:ce:31:3b:db:4f:78:de:a4:6d:b5:fb:c6:55:
         b0:31:65:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTKNZ4/q/LgMiC6LFWzTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjVhZjY5N2RmMWY2Y2RhZjRjYmJkNjZkZTNkNDNiZWQ4
NjllOTAwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNhYmQ3NjIwNjhjMmZlYTcwYWY2OWJiYTVhMzA0MTNhNGRkNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWmDvVTnHmWcLJM425z2KxqcNNkv
FRzM6Fwcq24X5KmNPcuC08dztOFVK5zYQEwpcmWEx7grYJvWG87II4TwQlTv7jbG
M2/TG/EGisfwqr+iaeCZpypX3g+ax6+iy+d7QwdUwc3q6sASkaTSHojlvDjMNIKm
w0Hy296hAK4gGYR0CNVFvbzSCKb3+NWIv8ZgUxfwODLao2Yg104ji32Ta4RTpobJ
eGYOGY6PZmONHbaB4FufUG6+Y4VSUNkT+smeYGuO/vWLWU9dkN+ISKRqE3vpZPiU
DKgqS+DUgzSaruIhh5LvJjbaIicGOaHlg1JIsJgk3/mePTAkO3lIxw/XYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDKvXYgaML+pwr2m7paMEE6TdS/MB8GA1UdIwQY
MBaAFKplr2l98fbNr0y71m3j1Dvthp6QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1XdmFYM3g5czJ2VEx2V2JlUFVPLTJHbnBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wNDAxOWMtYWQxNy00MjhkLWIzYTIt
MWJlMTNiYThkNDU2LzEva01xOWRpQm93djZuQ3ZhYnVsb3dRVHBOMUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wNDAxOWMtYWQxNy00MjhkLWIzYTItMWJlMTNiYThkNDU2
LzEvcW1XdmFYM3g5czJ2VEx2V2JlUFVPLTJHbnBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY9sMA0G
CSqGSIb3DQEBCwUAA4IBAQBtaxLVHHhGLFoq9x9Vw9lckiE00UPx45rahnh2Y3xl
ocV4eiPo1tKn+pOZrhom9yrU6LLutv6UZ5Dg0hWD95aQbfd3Gtds5qY99hqs1pKL
328k/Pem2eBBusOvqolzMjjvt6Kp0PeVjZWH0V7U4PGwqcd4S28qrlIv/xSiLJ8G
UcOK85jJ9wyFaCCrEKQl1F7/hx8w5wOhw6XHB9bf7Gw3kn+w2sVLS6jnqdPhCyuN
VG8hCYtlqLS//vxA9bd+p0AZ8rIEOZTpXfaATLzDeHCx+hbVhALgwK1wSGXCVR5D
ujZ9WTRi9GqqiNNNdVy+Gs4xO9tPeN6kbbX7xlWwMWWl
-----END CERTIFICATE-----