Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/2QK0xoOoN7XnJgbQdE6HFwN-NoE.roa
File:                     2QK0xoOoN7XnJgbQdE6HFwN-NoE.roa (raw, json)
Hash identifier:          zyb9ckt9li3yERnSNGYLAEx/zQbWYoe5jjgmfxejwfA=
Subject key identifier:   D9:02:B4:C6:83:A8:37:B5:E7:26:06:D0:74:4E:87:17:03:7E:36:81
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018F0C7D9880D29D48144C894753733C7D75
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/2QK0xoOoN7XnJgbQdE6HFwN-NoE.roa
Signing time:             Tue 23 Apr 2024 19:45:08 +0000
ROA not before:           Tue 23 Apr 2024 19:45:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        45.13.179.0/24 maxlen: 24
                          45.145.17.0/24 maxlen: 24
                          80.91.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 01:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:7d:98:80:d2:9d:48:14:4c:89:47:53:73:3c:7d:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Apr 23 19:45:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d902b4c683a837b5e72606d0744e8717037e3681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:83:ba:80:f3:51:3f:88:ff:9f:1f:51:45:7d:
                    8f:5a:48:f2:97:52:3a:a9:7a:dd:86:07:e7:cf:c9:
                    f5:5c:c5:82:5d:0d:1b:63:c2:dd:64:1b:89:63:c3:
                    55:97:41:59:9b:81:e3:57:e5:1c:c9:84:8c:83:5e:
                    11:37:e4:d0:47:53:0a:ff:d4:8e:56:aa:1e:78:0c:
                    29:4b:3d:d2:75:9f:36:12:0a:7f:9e:f4:0e:11:ec:
                    e3:f7:a2:a5:6a:a9:8e:80:61:0f:a5:25:2f:85:e5:
                    f9:52:e2:f2:29:3a:9f:97:bd:c9:69:04:bc:87:17:
                    b9:60:bb:c9:8a:b4:3e:5e:2e:d3:de:13:d1:bf:b3:
                    96:48:fe:4f:79:64:10:bd:79:6d:4a:46:0f:72:d3:
                    c4:56:31:94:92:6f:9c:73:85:7e:30:c0:31:3c:37:
                    cc:7f:ba:21:49:49:a4:61:03:b4:33:34:b1:ef:cb:
                    e5:56:62:de:c2:86:71:57:34:94:43:45:6d:bf:5d:
                    35:e3:a5:83:94:ae:05:b1:a1:a6:0e:19:7c:48:de:
                    b0:d1:5e:d4:97:9d:60:90:2d:43:53:69:f1:81:90:
                    7c:af:81:53:11:69:8c:ae:24:55:79:db:85:1c:80:
                    8c:d0:4a:cf:cf:0e:0a:fd:6d:53:bd:e1:82:f5:96:
                    13:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:02:B4:C6:83:A8:37:B5:E7:26:06:D0:74:4E:87:17:03:7E:36:81
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/2QK0xoOoN7XnJgbQdE6HFwN-NoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.179.0/24
                  45.145.17.0/24
                  80.91.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:6c:8d:ad:60:72:66:9c:03:86:39:bb:d1:ee:63:e1:37:97:
         3b:08:3e:49:e7:aa:60:2b:6a:3d:10:c5:9f:20:57:46:02:a5:
         b1:bc:c8:61:99:dc:97:4b:50:74:82:c3:4e:ef:3f:6a:1b:ef:
         bf:8e:59:43:c4:ba:22:3f:ef:9f:f0:af:c2:14:d2:08:c9:9b:
         db:85:a6:fe:dc:36:29:df:6e:78:89:d0:d3:ad:f0:30:d3:2d:
         d4:a3:76:4e:57:fe:14:81:9d:04:6e:7c:7e:c7:99:ff:c9:fb:
         52:bc:17:ec:24:f6:ba:7f:d1:3c:c4:a8:79:5d:df:db:bd:d9:
         1e:ba:cc:e5:f5:d7:1b:81:0e:61:90:27:34:c0:76:2a:61:d0:
         4a:9d:ea:e9:75:ec:e1:8d:0d:40:41:c8:1e:13:ae:e0:6f:de:
         ce:77:0c:40:60:4b:6b:f8:de:f1:f4:c8:7f:87:68:0a:ad:66:
         aa:20:c0:1a:1b:77:3d:2e:4b:b4:43:39:36:e6:e9:42:5e:53:
         c1:c2:ac:fd:39:c0:b0:ad:b9:ac:13:07:77:e4:5b:bc:8a:6f:
         8e:12:17:c3:a3:71:4f:1d:d4:96:e0:c7:c1:25:11:94:75:b5:
         95:a7:bd:e0:3e:c4:03:56:80:48:8d:df:af:da:56:a3:19:c7:
         d8:1f:f2:5e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8MfZiA0p1IFEyJR1NzPH11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwNDIzMTk0NTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTAyYjRjNjgzYTgzN2I1ZTcyNjA2ZDA3NDRlODcxNzAzN2UzNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4O6gPNRP4j/nx9RRX2PWkjyl1I6
qXrdhgfnz8n1XMWCXQ0bY8LdZBuJY8NVl0FZm4HjV+UcyYSMg14RN+TQR1MK/9SO
VqoeeAwpSz3SdZ82Egp/nvQOEezj96KlaqmOgGEPpSUvheX5UuLyKTqfl73JaQS8
hxe5YLvJirQ+Xi7T3hPRv7OWSP5PeWQQvXltSkYPctPEVjGUkm+cc4V+MMAxPDfM
f7ohSUmkYQO0MzSx78vlVmLewoZxVzSUQ0Vtv10146WDlK4FsaGmDhl8SN6w0V7U
l51gkC1DU2nxgZB8r4FTEWmMriRVeduFHICM0ErPzw4K/W1TveGC9ZYTKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNkCtMaDqDe15yYG0HROhxcDfjaBMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvMlFLMHhvT29ON1huSmdiUWRFNkhGd04tTm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQ2zAwQA
LZERAwQAUFvdMA0GCSqGSIb3DQEBCwUAA4IBAQDQbI2tYHJmnAOGObvR7mPhN5c7
CD5J56pgK2o9EMWfIFdGAqWxvMhhmdyXS1B0gsNO7z9qG++/jllDxLoiP++f8K/C
FNIIyZvbhab+3DYp3254idDTrfAw0y3Uo3ZOV/4UgZ0Ebnx+x5n/yftSvBfsJPa6
f9E8xKh5Xd/bvdkeuszl9dcbgQ5hkCc0wHYqYdBKnerpdezhjQ1AQcgeE67gb97O
dwxAYEtr+N7x9Mh/h2gKrWaqIMAaG3c9Lku0Qzk25ulCXlPBwqz9OcCwrbmsEwd3
5Fu8im+OEhfDo3FPHdSW4MfBJRGUdbWVp73gPsQDVoBIjd+v2lajGcfYH/Je
-----END CERTIFICATE-----