Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/qvIsipyhqiB-KHh1ZwqUpeZWPRY.roa
File:                     qvIsipyhqiB-KHh1ZwqUpeZWPRY.roa (raw, json)
Hash identifier:          Yb9IH+MN+FEsbv/n6ACStl9UwGmbQDp6cuGdQ1yj7fI=
Subject key identifier:   AA:F2:2C:8A:9C:A1:AA:20:7E:28:78:75:67:0A:94:A5:E6:56:3D:16
Certificate issuer:       /CN=91d7ecf17142b3b0935f8e37b8f7d9c253f0ee19
Certificate serial:       018CCA2B7664C705A81DDDEA7CD17E9D051B
Authority key identifier: 91:D7:EC:F1:71:42:B3:B0:93:5F:8E:37:B8:F7:D9:C2:53:F0:EE:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/qvIsipyhqiB-KHh1ZwqUpeZWPRY.roa
Signing time:             Tue 02 Jan 2024 12:34:55 +0000
ROA not before:           Tue 02 Jan 2024 12:34:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61157
IP address blocks:        45.84.74.0/23 maxlen: 23
                          2a0e:a680:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:76:64:c7:05:a8:1d:dd:ea:7c:d1:7e:9d:05:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d7ecf17142b3b0935f8e37b8f7d9c253f0ee19
        Validity
            Not Before: Jan  2 12:34:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaf22c8a9ca1aa207e287875670a94a5e6563d16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7e:d8:3f:76:5b:1c:17:e4:7e:20:53:f8:ba:
                    b3:01:20:e8:3e:f9:33:69:2d:f0:72:17:a1:dc:88:
                    7e:33:d5:b6:f4:ac:98:40:a6:f4:63:d2:ca:29:58:
                    1a:6f:cf:d5:ba:7d:39:71:18:fc:30:17:cb:bf:96:
                    68:72:f9:a0:07:e4:33:e2:e1:6a:06:74:45:0a:e9:
                    a6:38:b6:c4:f0:5d:15:f5:cd:3c:47:b5:46:c6:b4:
                    81:73:75:e3:eb:13:f5:ca:2a:47:a4:b6:0b:4b:70:
                    90:ce:ca:a2:d8:46:53:bf:51:78:19:80:91:d9:69:
                    6f:04:5e:bd:5c:48:00:05:72:e8:4a:82:7c:2b:42:
                    f8:22:5a:89:46:5a:10:2d:94:d1:be:2b:cf:13:d1:
                    1c:e9:97:eb:f5:4e:1f:2e:09:fd:e2:95:bc:90:85:
                    94:28:66:ff:fa:71:55:0c:6a:95:cc:33:bb:7e:60:
                    78:a1:b9:f6:83:57:1f:e1:71:5a:62:26:4c:ba:bf:
                    f6:f2:67:af:66:65:eb:a1:41:54:28:e1:e9:72:c1:
                    60:c2:00:4f:27:62:87:64:64:d8:92:ad:d2:f7:8a:
                    0a:f6:f8:de:d5:26:c5:4a:c2:28:45:1e:93:b0:71:
                    69:dc:a1:bb:1c:7c:f2:09:1d:4b:d4:3a:29:95:3b:
                    34:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F2:2C:8A:9C:A1:AA:20:7E:28:78:75:67:0A:94:A5:E6:56:3D:16
            X509v3 Authority Key Identifier:
                keyid:91:D7:EC:F1:71:42:B3:B0:93:5F:8E:37:B8:F7:D9:C2:53:F0:EE:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/qvIsipyhqiB-KHh1ZwqUpeZWPRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.74.0/23
                IPv6:
                  2a0e:a680:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:81:62:34:da:cf:c4:b1:aa:2e:aa:08:84:52:dc:41:c5:9e:
         5b:05:a9:51:cd:84:50:3f:61:1f:59:1a:1d:68:a9:81:83:32:
         4e:b9:a7:0e:dd:34:16:e9:87:45:07:a2:0f:be:7e:19:d5:68:
         7a:c4:a5:3b:7e:d3:dd:b3:24:1d:eb:c8:49:59:19:ae:ae:85:
         c1:5f:69:5d:93:ce:74:f9:2d:10:ea:28:85:08:88:d6:78:d6:
         df:e2:15:f6:0d:56:eb:c0:06:4c:7d:52:f2:6b:de:db:47:4b:
         17:61:e0:30:f8:01:74:6b:28:82:43:00:77:e8:6d:fc:37:f5:
         88:3a:97:dd:c6:1b:d4:3d:c0:87:ad:f1:3b:d0:6e:59:d2:11:
         28:c5:c8:a7:04:55:bc:5d:84:76:7c:a8:2e:a7:38:10:9d:29:
         2c:dc:fd:a7:d2:82:76:cb:ec:4d:94:f8:9d:18:6f:cf:12:7c:
         87:d3:c5:fe:7e:6d:1a:57:77:75:3f:dd:38:26:82:fb:4e:e3:
         59:8a:d7:94:03:eb:49:ce:ba:14:d7:97:04:ef:cf:44:38:e5:
         e1:dc:b8:b6:56:eb:d5:8a:70:7b:6c:c9:41:bb:6e:b6:a6:4b:
         16:fe:5d:32:f3:50:30:55:a3:e5:b2:17:df:9b:86:86:54:31:
         8f:09:6e:1c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK3ZkxwWoHd3qfNF+nQUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDdlY2YxNzE0MmIzYjA5MzVmOGUzN2I4ZjdkOWMyNTNm
MGVlMTkwHhcNMjQwMTAyMTIzNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWYyMmM4YTljYTFhYTIwN2UyODc4NzU2NzBhOTRhNWU2NTYzZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu37YP3ZbHBfkfiBT+LqzASDoPvkz
aS3wcheh3Ih+M9W29KyYQKb0Y9LKKVgab8/Vun05cRj8MBfLv5ZocvmgB+Qz4uFq
BnRFCummOLbE8F0V9c08R7VGxrSBc3Xj6xP1yipHpLYLS3CQzsqi2EZTv1F4GYCR
2WlvBF69XEgABXLoSoJ8K0L4IlqJRloQLZTRvivPE9Ec6Zfr9U4fLgn94pW8kIWU
KGb/+nFVDGqVzDO7fmB4obn2g1cf4XFaYiZMur/28mevZmXroUFUKOHpcsFgwgBP
J2KHZGTYkq3S94oK9vje1SbFSsIoRR6TsHFp3KG7HHzyCR1L1DoplTs08QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKryLIqcoaogfih4dWcKlKXmVj0WMB8GA1UdIwQY
MBaAFJHX7PFxQrOwk1+ON7j32cJT8O4ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RmczhYRkNzN0NUWDQ0M3VQZlp3bFB3N2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9iMDhlNmUtMDgyMi00MjI0LTk1NGIt
YTZiMWFkMzRlMDhjLzEvcXZJc2lweWhxaUItS0hoMVp3cVVwZVpXUFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9iMDhlNmUtMDgyMi00MjI0LTk1NGItYTZiMWFkMzRlMDhj
LzEva2RmczhYRkNzN0NUWDQ0M3VQZlp3bFB3N2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBLVRKMA8E
AgACMAkDBwAqDqaAAAEwDQYJKoZIhvcNAQELBQADggEBAASBYjTaz8Sxqi6qCIRS
3EHFnlsFqVHNhFA/YR9ZGh1oqYGDMk65pw7dNBbph0UHog++fhnVaHrEpTt+092z
JB3ryElZGa6uhcFfaV2TznT5LRDqKIUIiNZ41t/iFfYNVuvABkx9UvJr3ttHSxdh
4DD4AXRrKIJDAHfobfw39Yg6l93GG9Q9wIet8TvQblnSESjFyKcEVbxdhHZ8qC6n
OBCdKSzc/afSgnbL7E2U+J0Yb88SfIfTxf5+bRpXd3U/3TgmgvtO41mK15QD60nO
uhTXlwTvz0Q45eHcuLZW69WKcHtsyUG7bramSxb+XTLzUDBVo+WyF9+bhoZUMY8J
bhw=
-----END CERTIFICATE-----