Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/229d3d-c0ea-4e11-9509-5eb4a55f0119/1/kQiKrZ4CPYno7W0d17hgYHghh9w.roa
File:                     kQiKrZ4CPYno7W0d17hgYHghh9w.roa (raw, json)
Hash identifier:          +YR/MUlS8+m0I2hgbjVsHaU3qqxEJoU4d3Yyij82Gf4=
Subject key identifier:   91:08:8A:AD:9E:02:3D:89:E8:ED:6D:1D:D7:B8:60:60:78:21:87:DC
Certificate issuer:       /CN=11ab177e4a4ffeeb9ea1fd35766c3b8a87311de8
Certificate serial:       018E1E9513D35D501B633CA4C22891528EB5
Authority key identifier: 11:AB:17:7E:4A:4F:FE:EB:9E:A1:FD:35:76:6C:3B:8A:87:31:1D:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EasXfkpP_uueof01dmw7iocxHeg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/229d3d-c0ea-4e11-9509-5eb4a55f0119/1/kQiKrZ4CPYno7W0d17hgYHghh9w.roa
Signing time:             Fri 08 Mar 2024 15:01:10 +0000
ROA not before:           Fri 08 Mar 2024 15:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209429
IP address blocks:        45.66.72.0/22 maxlen: 22
                          2a09:6540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/229d3d-c0ea-4e11-9509-5eb4a55f0119/1/EasXfkpP_uueof01dmw7iocxHeg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/229d3d-c0ea-4e11-9509-5eb4a55f0119/1/EasXfkpP_uueof01dmw7iocxHeg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EasXfkpP_uueof01dmw7iocxHeg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:95:13:d3:5d:50:1b:63:3c:a4:c2:28:91:52:8e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11ab177e4a4ffeeb9ea1fd35766c3b8a87311de8
        Validity
            Not Before: Mar  8 15:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91088aad9e023d89e8ed6d1dd7b86060782187dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8b:01:a8:3f:a1:25:03:a3:12:66:20:72:c3:
                    0d:64:30:45:5f:d1:4b:22:00:03:fa:66:98:ac:5f:
                    d2:52:83:47:d3:ea:06:93:f4:07:11:43:63:7f:2b:
                    d5:1c:8f:8c:a1:d7:4d:bb:b5:69:fa:54:9f:39:ae:
                    ea:65:2d:e0:2a:30:b2:ae:33:6b:7a:b7:9f:21:29:
                    78:6b:ba:43:6f:35:e5:a9:57:6f:3e:5e:91:ac:8b:
                    85:c6:ca:db:35:cd:9f:a4:2c:98:30:6f:39:5b:a8:
                    78:43:1a:6d:f0:8a:e6:86:b0:5b:20:a9:84:c0:4f:
                    ff:62:e0:17:9a:79:06:57:5d:e7:14:93:6f:57:07:
                    d8:80:46:75:77:0d:52:72:3a:05:17:ad:62:cb:27:
                    a4:69:e7:c1:99:cc:89:d5:85:db:f1:68:28:97:39:
                    37:8f:60:bf:e6:78:0c:ee:d0:ec:96:dc:3a:36:fd:
                    aa:49:33:ee:43:0f:12:75:3c:4c:04:99:04:b7:08:
                    33:87:f2:cf:6a:dd:e0:ee:f4:b5:b8:17:dc:49:34:
                    98:17:d0:50:ec:f5:6e:96:e4:d5:9e:1b:e7:8e:48:
                    ef:b5:db:8c:67:44:15:c6:74:fc:cd:f3:7c:a2:6b:
                    8a:9a:d3:f1:07:23:75:db:99:e9:d8:4e:a6:ad:31:
                    65:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:08:8A:AD:9E:02:3D:89:E8:ED:6D:1D:D7:B8:60:60:78:21:87:DC
            X509v3 Authority Key Identifier:
                keyid:11:AB:17:7E:4A:4F:FE:EB:9E:A1:FD:35:76:6C:3B:8A:87:31:1D:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EasXfkpP_uueof01dmw7iocxHeg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/229d3d-c0ea-4e11-9509-5eb4a55f0119/1/kQiKrZ4CPYno7W0d17hgYHghh9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/229d3d-c0ea-4e11-9509-5eb4a55f0119/1/EasXfkpP_uueof01dmw7iocxHeg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.72.0/22
                IPv6:
                  2a09:6540::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:43:71:a0:1a:a0:e4:4c:bd:b1:64:7f:f7:56:4d:16:fd:7c:
         9f:e2:a7:74:bc:e8:c0:a1:f7:c1:a3:20:93:23:59:0f:ef:47:
         cf:ca:c8:d8:b6:30:0d:07:28:bb:70:c7:5b:90:04:66:3c:13:
         69:53:74:a5:cc:98:af:fb:ce:50:dd:72:ca:cf:fd:76:10:cc:
         bd:1c:6d:e2:4e:94:9d:8d:ed:37:6f:e0:cf:2a:63:61:cc:59:
         40:14:9d:5f:2e:04:cb:eb:a6:39:e4:c9:e5:90:a7:c5:2b:79:
         d2:dc:9e:64:20:50:ca:d2:e0:00:f7:be:26:db:9d:d1:f6:df:
         7f:3f:cd:1a:1d:2b:5d:6f:d9:0c:49:3c:35:98:17:8d:5e:12:
         eb:4f:73:0d:7f:a0:31:52:7d:75:1a:04:78:12:d1:63:c8:57:
         c1:07:24:c7:a3:6e:89:00:91:c1:c7:2c:bf:31:e4:37:20:32:
         35:3a:e4:a1:a4:0f:18:fc:d6:f1:f4:02:dd:d2:d2:95:13:9d:
         fd:ef:5a:dd:78:18:7c:92:34:41:3b:31:d0:cd:62:00:3c:c5:
         b7:4b:1d:ef:1c:2d:47:07:d8:aa:78:8f:54:b9:b1:c3:ea:61:
         8d:07:bc:9b:6f:c8:4d:12:49:13:0a:2d:c4:0c:38:bb:71:61:
         b4:d6:dd:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4elRPTXVAbYzykwiiRUo61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYWIxNzdlNGE0ZmZlZWI5ZWExZmQzNTc2NmMzYjhhODcz
MTFkZTgwHhcNMjQwMzA4MTUwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA4OGFhZDllMDIzZDg5ZThlZDZkMWRkN2I4NjA2MDc4MjE4N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYsBqD+hJQOjEmYgcsMNZDBFX9FL
IgAD+maYrF/SUoNH0+oGk/QHEUNjfyvVHI+ModdNu7Vp+lSfOa7qZS3gKjCyrjNr
erefISl4a7pDbzXlqVdvPl6RrIuFxsrbNc2fpCyYMG85W6h4Qxpt8IrmhrBbIKmE
wE//YuAXmnkGV13nFJNvVwfYgEZ1dw1ScjoFF61iyyekaefBmcyJ1YXb8Wgolzk3
j2C/5ngM7tDsltw6Nv2qSTPuQw8SdTxMBJkEtwgzh/LPat3g7vS1uBfcSTSYF9BQ
7PVuluTVnhvnjkjvtduMZ0QVxnT8zfN8omuKmtPxByN125np2E6mrTFlFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJEIiq2eAj2J6O1tHde4YGB4IYfcMB8GA1UdIwQY
MBaAFBGrF35KT/7rnqH9NXZsO4qHMR3oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFzWGZrcFBfdXVlb2YwMWRtdzdpb2N4SGVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yMjlkM2QtYzBlYS00ZTExLTk1MDkt
NWViNGE1NWYwMTE5LzEva1FpS3JaNENQWW5vN1cwZDE3aGdZSGdoaDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yMjlkM2QtYzBlYS00ZTExLTk1MDktNWViNGE1NWYwMTE5
LzEvRWFzWGZrcFBfdXVlb2YwMWRtdzdpb2N4SGVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUJIMA0E
AgACMAcDBQMqCWVAMA0GCSqGSIb3DQEBCwUAA4IBAQCNQ3GgGqDkTL2xZH/3Vk0W
/Xyf4qd0vOjAoffBoyCTI1kP70fPysjYtjANByi7cMdbkARmPBNpU3SlzJiv+85Q
3XLKz/12EMy9HG3iTpSdje03b+DPKmNhzFlAFJ1fLgTL66Y55MnlkKfFK3nS3J5k
IFDK0uAA974m253R9t9/P80aHStdb9kMSTw1mBeNXhLrT3MNf6AxUn11GgR4EtFj
yFfBByTHo26JAJHBxyy/MeQ3IDI1OuShpA8Y/Nbx9ALd0tKVE53971rdeBh8kjRB
OzHQzWIAPMW3Sx3vHC1HB9iqeI9UubHD6mGNB7ybb8hNEkkTCi3EDDi7cWG01t0k
-----END CERTIFICATE-----