Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/LqUDjXqRP4A8vbaMCAdib7o-6IQ.roa
File:                     LqUDjXqRP4A8vbaMCAdib7o-6IQ.roa (raw, json)
Hash identifier:          RLFvFn2DFW7NCdlSXMUQxNQqRRrg8bhHVQCAVaR/y68=
Subject key identifier:   2E:A5:03:8D:7A:91:3F:80:3C:BD:B6:8C:08:07:62:6F:BA:3E:E8:84
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD149FF3ED00E371E6CD7D91D15A50
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/LqUDjXqRP4A8vbaMCAdib7o-6IQ.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52202
IP address blocks:        45.86.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:14:9f:f3:ed:00:e3:71:e6:cd:7d:91:d1:5a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ea5038d7a913f803cbdb68c0807626fba3ee884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:59:a7:e7:6f:b2:9c:f9:e1:65:c4:74:e0:
                    00:38:ff:80:1e:35:81:4d:58:ba:82:ba:fc:08:3a:
                    26:5d:f2:34:11:a7:93:19:d6:63:f7:61:f5:f7:8e:
                    5b:81:dd:f9:1f:5d:5f:8d:b5:3a:99:76:18:12:1a:
                    3d:63:ed:f2:8a:a1:71:ad:f5:a6:69:2a:24:ef:54:
                    e4:a8:38:5f:e9:64:e5:4c:a9:d9:7d:d1:a7:20:55:
                    5c:1f:8b:1a:ec:48:c6:7e:1a:39:a4:22:90:74:aa:
                    a5:00:be:21:65:47:40:4c:9a:17:67:bc:e4:65:8f:
                    45:3e:b5:e2:f0:58:19:9f:80:da:d9:96:b1:18:f7:
                    7c:b7:f8:6d:6b:90:35:a6:d5:1f:24:65:0c:69:79:
                    57:4e:3b:c4:56:2c:ef:72:3f:43:71:a4:a5:95:21:
                    b8:f5:96:d6:bc:d5:bf:1b:ba:bc:36:3a:02:3d:14:
                    7a:5e:d1:ea:9d:3e:90:4e:62:5a:3c:41:e9:ef:9e:
                    83:1c:a8:d1:8f:85:bb:85:b2:ea:9e:64:bf:c5:9d:
                    61:51:51:f8:80:21:6e:67:e0:7e:47:67:67:d8:f9:
                    38:75:06:4d:9c:ef:ef:ad:cc:74:24:4a:6d:c6:3d:
                    45:2c:e4:cc:76:9c:2e:ec:39:78:36:b6:39:26:1d:
                    80:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A5:03:8D:7A:91:3F:80:3C:BD:B6:8C:08:07:62:6F:BA:3E:E8:84
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/LqUDjXqRP4A8vbaMCAdib7o-6IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:79:2d:48:0d:16:41:22:1d:a1:42:be:4b:ab:bb:83:2a:12:
         4a:db:fb:27:e2:a4:b5:3a:88:a4:e9:78:51:c2:c4:f6:d9:63:
         1c:5e:27:94:1c:0c:a3:8a:5e:81:d3:7f:23:83:20:4e:c7:26:
         4a:52:5e:73:45:26:a5:93:b7:7c:a8:4b:f4:12:14:27:b8:75:
         18:3f:45:01:05:3d:79:d1:0d:82:69:24:66:0b:16:08:66:ae:
         17:f7:ec:92:76:2b:fb:9b:40:74:27:41:c8:0d:35:d5:4f:d4:
         2b:2e:15:09:2e:bf:94:dc:18:1d:07:01:d3:d9:db:03:c1:82:
         9d:2d:59:46:9e:5e:5c:b4:62:cf:f3:ff:72:12:eb:83:37:58:
         62:06:f9:81:b4:70:7a:e4:00:5b:7e:a1:81:de:d8:16:15:41:
         19:0f:cf:64:3d:fb:c6:4c:c3:86:1a:c1:8e:e7:de:2d:61:a4:
         c4:44:e9:19:a8:bb:a3:37:ba:c1:59:00:3c:5e:24:ec:2b:c1:
         1f:06:0f:2d:e0:87:71:51:fc:85:1e:a5:d6:9e:ee:96:98:58:
         e2:cd:68:ff:b8:bc:2f:d7:fc:54:c9:c9:4a:44:2a:b8:75:3f:
         8c:74:f4:1e:e9:b3:13:44:73:14:2a:52:da:d5:e6:68:83:c0:
         3a:b7:f1:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RSf8+0A43HmzX2R0VpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWE1MDM4ZDdhOTEzZjgwM2NiZGI2OGMwODA3NjI2ZmJhM2VlODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH5Zp+dvspz54WXEdOAAOP+AHjWB
TVi6grr8CDomXfI0EaeTGdZj92H1945bgd35H11fjbU6mXYYEho9Y+3yiqFxrfWm
aSok71TkqDhf6WTlTKnZfdGnIFVcH4sa7EjGfho5pCKQdKqlAL4hZUdATJoXZ7zk
ZY9FPrXi8FgZn4Da2ZaxGPd8t/hta5A1ptUfJGUMaXlXTjvEVizvcj9DcaSllSG4
9ZbWvNW/G7q8NjoCPRR6XtHqnT6QTmJaPEHp756DHKjRj4W7hbLqnmS/xZ1hUVH4
gCFuZ+B+R2dn2Pk4dQZNnO/vrcx0JEptxj1FLOTMdpwu7Dl4NrY5Jh2AfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6lA416kT+APL22jAgHYm+6PuiEMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvTHFVRGpYcVJQNEE4dmJhTUNBZGliN28tNklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVbxMA0G
CSqGSIb3DQEBCwUAA4IBAQCbeS1IDRZBIh2hQr5Lq7uDKhJK2/sn4qS1Ooik6XhR
wsT22WMcXieUHAyjil6B038jgyBOxyZKUl5zRSalk7d8qEv0EhQnuHUYP0UBBT15
0Q2CaSRmCxYIZq4X9+ySdiv7m0B0J0HIDTXVT9QrLhUJLr+U3BgdBwHT2dsDwYKd
LVlGnl5ctGLP8/9yEuuDN1hiBvmBtHB65ABbfqGB3tgWFUEZD89kPfvGTMOGGsGO
594tYaTEROkZqLujN7rBWQA8XiTsK8EfBg8t4IdxUfyFHqXWnu6WmFjizWj/uLwv
1/xUyclKRCq4dT+MdPQe6bMTRHMUKlLa1eZog8A6t/FU
-----END CERTIFICATE-----