Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/DR9neCuYo1plJyMD8Bhf0z2QBNc.roa
File:                     DR9neCuYo1plJyMD8Bhf0z2QBNc.roa (raw, json)
Hash identifier:          Xgp3SGWDuclIDuZkVTnJ/1pymw5hHbez0X1WSf3Suu0=
Subject key identifier:   0D:1F:67:78:2B:98:A3:5A:65:27:23:03:F0:18:5F:D3:3D:90:04:D7
Certificate issuer:       /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial:       018CC6B9101E4BA8CD7DC3A16E6E465F2F87
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/DR9neCuYo1plJyMD8Bhf0z2QBNc.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47787
IP address blocks:        45.94.244.0/22 maxlen: 32
                          45.95.48.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:10:1e:4b:a8:cd:7d:c3:a1:6e:6e:46:5f:2f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d1f67782b98a35a65272303f0185fd33d9004d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9f:7f:c1:8f:25:f6:63:70:7e:5b:ef:bd:37:
                    00:31:92:55:58:32:a3:39:08:68:0a:23:46:a3:f4:
                    d2:41:55:a9:37:a0:14:09:16:f1:c2:99:e3:f4:9c:
                    69:73:cc:b0:46:dc:8b:2b:3b:f4:eb:27:7f:dc:f8:
                    ec:dd:b4:b1:42:e1:e9:3f:23:8c:68:90:ee:50:67:
                    a3:3a:4b:cb:89:ba:e2:11:2a:61:28:52:04:35:d7:
                    15:ff:39:54:48:d0:2e:5a:2f:cc:69:25:ee:94:22:
                    cd:d3:fe:49:50:c5:04:cd:30:55:6c:ab:96:4c:0d:
                    e3:d1:8a:51:91:cd:cf:75:81:9b:02:4d:3d:b0:cb:
                    ad:5d:d7:98:8b:d2:43:fb:06:11:3d:4f:21:dc:ec:
                    46:11:ca:49:61:ca:9f:3c:49:31:9a:e3:e0:b4:72:
                    3b:6f:fa:9a:71:7c:be:f9:a9:eb:60:80:1e:8d:4d:
                    7b:f7:b8:4a:97:cb:4b:15:06:11:0f:e9:c1:44:e3:
                    e9:6e:88:be:28:e2:ba:5a:82:a8:5e:e2:bb:ca:18:
                    64:e8:7f:d1:0b:9f:01:85:c8:dd:04:64:67:d3:60:
                    f8:d8:97:b8:b8:04:ad:f7:81:df:06:4f:0a:cb:43:
                    41:d0:38:14:1a:cf:1c:fc:0a:e9:12:6c:58:3a:42:
                    a3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1F:67:78:2B:98:A3:5A:65:27:23:03:F0:18:5F:D3:3D:90:04:D7
            X509v3 Authority Key Identifier:
                keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/DR9neCuYo1plJyMD8Bhf0z2QBNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.244.0/22
                  45.95.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:a6:89:1a:54:eb:e7:d5:3d:36:5b:06:f1:f7:c4:ae:34:45:
         c0:19:2b:ae:8e:2c:75:2f:e6:2a:e4:63:20:13:b2:b4:b2:e7:
         0e:0f:25:37:44:eb:2a:a8:82:43:81:56:5d:ef:cb:ec:3f:98:
         ee:46:e5:6c:d7:5a:fc:3f:da:04:5c:30:d0:3e:84:72:9f:84:
         c0:52:91:15:97:95:aa:64:a1:37:4b:8d:5a:c9:1e:34:ec:ca:
         5e:b6:bb:c2:c7:71:03:74:b4:d6:8d:d1:d0:15:93:b5:fd:ab:
         c3:06:e3:02:5f:c1:d8:dd:b1:dd:87:ce:26:f0:03:6a:3e:a4:
         3e:4b:dd:73:c6:4e:d4:0b:9e:e0:37:19:21:18:91:50:99:24:
         c7:d5:86:26:10:a6:66:c3:74:cd:1f:f5:a9:60:03:ec:6a:0b:
         b4:29:81:65:d6:37:a0:9f:4b:a9:96:c4:bf:d2:d7:1f:cf:10:
         60:23:eb:8d:ab:f8:20:72:96:b0:23:c7:7e:30:be:a2:c9:5c:
         44:3b:5b:a4:27:04:1c:fe:98:b0:51:01:dc:3a:c5:bc:8e:5b:
         ef:9f:33:48:35:2f:05:fb:65:9b:b8:04:4d:50:00:aa:5e:4b:
         98:85:23:8f:70:f4:19:a1:16:64:13:8b:1b:89:a1:55:5c:0a:
         34:01:fa:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuRAeS6jNfcOhbm5GXy+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFmNjc3ODJiOThhMzVhNjUyNzIzMDNmMDE4NWZkMzNkOTAwNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZ9/wY8l9mNwflvvvTcAMZJVWDKj
OQhoCiNGo/TSQVWpN6AUCRbxwpnj9Jxpc8ywRtyLKzv06yd/3Pjs3bSxQuHpPyOM
aJDuUGejOkvLibriESphKFIENdcV/zlUSNAuWi/MaSXulCLN0/5JUMUEzTBVbKuW
TA3j0YpRkc3PdYGbAk09sMutXdeYi9JD+wYRPU8h3OxGEcpJYcqfPEkxmuPgtHI7
b/qacXy++anrYIAejU1797hKl8tLFQYRD+nBROPpboi+KOK6WoKoXuK7yhhk6H/R
C58BhcjdBGRn02D42Je4uASt94HfBk8Ky0NB0DgUGs8c/ArpEmxYOkKjaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA0fZ3grmKNaZScjA/AYX9M9kATXMB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvRFI5bmVDdVlvMXBsSnlNRDhCaGYwejJRQk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLV70AwQC
LV8wMA0GCSqGSIb3DQEBCwUAA4IBAQBZpokaVOvn1T02Wwbx98SuNEXAGSuujix1
L+Yq5GMgE7K0sucODyU3ROsqqIJDgVZd78vsP5juRuVs11r8P9oEXDDQPoRyn4TA
UpEVl5WqZKE3S41ayR407MpetrvCx3EDdLTWjdHQFZO1/avDBuMCX8HY3bHdh84m
8ANqPqQ+S91zxk7UC57gNxkhGJFQmSTH1YYmEKZmw3TNH/WpYAPsagu0KYFl1jeg
n0uplsS/0tcfzxBgI+uNq/ggcpawI8d+ML6iyVxEO1ukJwQc/piwUQHcOsW8jlvv
nzNINS8F+2WbuARNUACqXkuYhSOPcPQZoRZkE4sbiaFVXAo0AfrL
-----END CERTIFICATE-----