Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/vXE8u8P-8u_-MbMt8pt0ylu3UT4.roa
File:                     vXE8u8P-8u_-MbMt8pt0ylu3UT4.roa (raw, json)
Hash identifier:          FpYxPqAmaIsF0CD6eiLGMgY19R22GIm67/1axzP/kOI=
Subject key identifier:   BD:71:3C:BB:C3:FE:F2:EF:FE:31:B3:2D:F2:9B:74:CA:5B:B7:51:3E
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DACE9D984791CDE10D654819125A3
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/vXE8u8P-8u_-MbMt8pt0ylu3UT4.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208482
IP address blocks:        45.84.98.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ac:e9:d9:84:79:1c:de:10:d6:54:81:91:25:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd713cbbc3fef2effe31b32df29b74ca5bb7513e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b2:93:17:ff:55:47:e1:77:9f:eb:0b:e8:29:
                    c9:59:dc:f3:eb:16:44:2e:81:76:e3:92:b7:1d:67:
                    a2:52:16:c7:05:ac:cf:e6:d7:c9:8b:15:e0:aa:7d:
                    ef:b9:10:7f:da:58:21:98:32:d3:b0:10:8d:aa:35:
                    14:a9:89:9c:5c:95:58:7f:2f:ec:3a:11:2e:df:8e:
                    52:18:02:77:f1:01:c5:6e:3b:1d:46:2d:07:7d:01:
                    2f:1a:c1:09:54:aa:71:61:18:e9:9b:52:b4:4f:2f:
                    17:fd:66:f0:2d:05:83:b4:d8:6c:2e:39:cc:c6:c6:
                    46:6e:11:dc:99:cb:1b:b3:26:89:cd:d2:2a:c6:36:
                    56:22:2f:8d:2d:4d:b7:cc:6a:0e:ad:93:15:d1:38:
                    3e:3a:f7:fd:43:56:d7:48:b8:fe:0a:09:3e:ef:01:
                    a6:65:0d:d0:18:9d:7b:d3:f9:99:78:89:a9:f5:80:
                    f7:08:e2:f8:da:c1:75:91:3f:9f:41:34:a1:25:fe:
                    96:c7:48:58:3b:d8:3d:5e:73:66:8a:43:3d:8f:94:
                    a8:a3:15:f7:c5:2f:b5:14:92:60:ab:40:bc:c0:e7:
                    f6:53:a1:e6:d6:e4:ce:03:03:8d:01:c4:03:74:06:
                    c3:2b:84:ee:63:92:40:1c:9b:f4:1a:b7:c1:18:45:
                    4f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:71:3C:BB:C3:FE:F2:EF:FE:31:B3:2D:F2:9B:74:CA:5B:B7:51:3E
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/vXE8u8P-8u_-MbMt8pt0ylu3UT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:bc:0c:a7:c6:af:f6:a1:51:35:38:91:43:94:29:55:60:31:
         4d:65:cc:1e:c2:41:3d:47:9e:8a:08:44:cc:0e:e7:ce:7f:55:
         7d:66:13:b5:8d:10:a8:00:11:01:9a:e4:50:d1:4a:58:5c:cf:
         77:58:ad:fd:66:c1:0c:a3:aa:f0:1b:9e:03:dc:65:ef:57:2d:
         fb:0d:13:51:ef:cf:b5:16:5d:ab:5a:92:46:ed:91:a2:52:87:
         47:7f:a5:08:c6:c8:a2:d3:33:51:28:0b:fa:e0:3b:1f:2a:81:
         c7:d6:51:9a:9a:47:21:96:05:5c:d0:f7:34:e5:dc:16:53:f4:
         45:2a:b8:18:2d:1f:67:9d:1f:89:17:22:71:c5:3d:62:e3:36:
         59:40:f8:d7:a1:f3:10:96:2d:c3:85:d3:58:ac:83:ce:25:9a:
         c4:a3:cd:f6:40:8d:a9:64:05:26:44:e4:53:71:15:00:ed:ed:
         21:40:ed:87:42:a3:9b:4a:1e:a9:b4:6e:62:e6:42:15:2a:63:
         84:98:3e:74:ce:7f:12:fd:0d:12:7e:c9:86:85:c5:f9:33:10:
         13:d2:39:48:4c:37:a7:57:e5:ad:af:75:6a:88:12:9f:35:67:
         c2:3d:b0:81:e5:e1:b6:ff:f9:79:56:d7:cf:23:02:f6:d8:4b:
         d1:8b:d4:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTazp2YR5HN4Q1lSBkSWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDcxM2NiYmMzZmVmMmVmZmUzMWIzMmRmMjliNzRjYTViYjc1MTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurKTF/9VR+F3n+sL6CnJWdzz6xZE
LoF245K3HWeiUhbHBazP5tfJixXgqn3vuRB/2lghmDLTsBCNqjUUqYmcXJVYfy/s
OhEu345SGAJ38QHFbjsdRi0HfQEvGsEJVKpxYRjpm1K0Ty8X/WbwLQWDtNhsLjnM
xsZGbhHcmcsbsyaJzdIqxjZWIi+NLU23zGoOrZMV0Tg+Ovf9Q1bXSLj+Cgk+7wGm
ZQ3QGJ170/mZeImp9YD3COL42sF1kT+fQTShJf6Wx0hYO9g9XnNmikM9j5SooxX3
xS+1FJJgq0C8wOf2U6Hm1uTOAwONAcQDdAbDK4TuY5JAHJv0GrfBGEVPAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1xPLvD/vLv/jGzLfKbdMpbt1E+MB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvdlhFOHU4UC04dV8tTWJNdDhwdDB5bHUzVVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVRiMA0G
CSqGSIb3DQEBCwUAA4IBAQCfvAynxq/2oVE1OJFDlClVYDFNZcwewkE9R56KCETM
DufOf1V9ZhO1jRCoABEBmuRQ0UpYXM93WK39ZsEMo6rwG54D3GXvVy37DRNR78+1
Fl2rWpJG7ZGiUodHf6UIxsii0zNRKAv64DsfKoHH1lGamkchlgVc0Pc05dwWU/RF
KrgYLR9nnR+JFyJxxT1i4zZZQPjXofMQli3DhdNYrIPOJZrEo832QI2pZAUmRORT
cRUA7e0hQO2HQqObSh6ptG5i5kIVKmOEmD50zn8S/Q0SfsmGhcX5MxAT0jlITDen
V+Wtr3VqiBKfNWfCPbCB5eG2//l5VtfPIwL22EvRi9Sk
-----END CERTIFICATE-----