Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/ece5c7-2143-4db4-9857-052cf01d2048/1/qMVh3MmBW-5x18q2N1wXFpopTgM.roa
File:                     qMVh3MmBW-5x18q2N1wXFpopTgM.roa (raw, json)
Hash identifier:          PQtT5tx/edekggmnvi46ZZ9KahB7EPBY+tQD/QXkwJY=
Subject key identifier:   A8:C5:61:DC:C9:81:5B:EE:71:D7:CA:B6:37:5C:17:16:9A:29:4E:03
Certificate issuer:       /CN=bfce55d15eb119e52d6fafcd3973e2f6d4f223f2
Certificate serial:       0194AF2023295C8416385A490DB289FCB98F
Authority key identifier: BF:CE:55:D1:5E:B1:19:E5:2D:6F:AF:CD:39:73:E2:F6:D4:F2:23:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v85V0V6xGeUtb6_NOXPi9tTyI_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/ece5c7-2143-4db4-9857-052cf01d2048/1/qMVh3MmBW-5x18q2N1wXFpopTgM.roa
Signing time:             Tue 28 Jan 2025 22:55:06 +0000
ROA not before:           Tue 28 Jan 2025 22:55:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200031
IP address blocks:        45.159.164.0/22 maxlen: 24
                          91.195.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/ece5c7-2143-4db4-9857-052cf01d2048/1/v85V0V6xGeUtb6_NOXPi9tTyI_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/ece5c7-2143-4db4-9857-052cf01d2048/1/v85V0V6xGeUtb6_NOXPi9tTyI_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v85V0V6xGeUtb6_NOXPi9tTyI_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:af:20:23:29:5c:84:16:38:5a:49:0d:b2:89:fc:b9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfce55d15eb119e52d6fafcd3973e2f6d4f223f2
        Validity
            Not Before: Jan 28 22:55:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8c561dcc9815bee71d7cab6375c17169a294e03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:17:8d:d5:89:17:50:fe:75:f9:2a:df:15:23:
                    b4:9a:7e:0e:c8:94:20:37:4d:eb:e6:10:ce:0b:5c:
                    a6:a6:3d:74:17:f6:47:28:f3:97:3f:16:c3:e4:83:
                    c5:79:68:0f:10:2b:3c:31:6f:67:94:92:a7:f5:ce:
                    57:63:35:9b:65:7d:98:5d:b7:d6:66:56:ec:5c:e5:
                    34:2c:5a:b7:74:36:ce:0c:f5:2f:01:22:45:57:ab:
                    7a:b9:cb:0b:4c:d1:17:a2:9b:98:fc:85:d2:be:e7:
                    36:c8:1c:63:51:d3:1b:79:3a:89:b5:e6:9a:d9:61:
                    48:b7:cc:41:12:06:07:d8:ac:0f:14:be:da:b1:b9:
                    43:b6:3e:a9:a7:a9:65:6e:35:5f:a4:ce:da:29:ab:
                    d5:ce:c2:5d:9d:ed:66:13:31:1c:85:77:ba:5f:47:
                    45:25:1f:18:dd:10:e9:ee:22:49:45:99:3e:20:c4:
                    5e:7e:d9:f9:92:8e:27:33:04:a0:3f:43:00:94:a5:
                    cc:0f:65:7a:95:90:a7:72:86:6d:af:33:4f:f0:22:
                    49:db:62:c7:b9:3c:a5:aa:d8:77:ef:3d:34:43:da:
                    ca:86:3e:71:08:d8:d2:2b:67:7f:3a:3a:2d:d1:fc:
                    6a:95:c8:c7:5d:5b:15:83:db:9b:ee:36:db:05:9e:
                    b4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C5:61:DC:C9:81:5B:EE:71:D7:CA:B6:37:5C:17:16:9A:29:4E:03
            X509v3 Authority Key Identifier:
                keyid:BF:CE:55:D1:5E:B1:19:E5:2D:6F:AF:CD:39:73:E2:F6:D4:F2:23:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v85V0V6xGeUtb6_NOXPi9tTyI_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/ece5c7-2143-4db4-9857-052cf01d2048/1/qMVh3MmBW-5x18q2N1wXFpopTgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/ece5c7-2143-4db4-9857-052cf01d2048/1/v85V0V6xGeUtb6_NOXPi9tTyI_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.164.0/22
                  91.195.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:d0:3c:08:ee:b2:09:f9:93:0b:a5:d2:28:23:00:54:61:ba:
         6d:ea:d5:34:50:ea:8b:00:cf:9f:31:bf:fa:c5:0d:1e:96:15:
         08:4b:07:92:f8:ac:81:2e:c5:f9:de:cd:94:f3:c1:6e:ed:f7:
         95:99:49:ba:1f:9a:e4:8b:49:48:b6:f2:b9:40:c0:81:af:a7:
         98:5a:bd:36:b2:77:55:0f:60:44:4f:3c:12:ea:1e:a1:89:ad:
         a8:a9:df:92:f0:20:f9:93:2c:ba:a2:f5:a8:92:ac:da:0e:68:
         26:36:2a:65:69:f1:24:2d:b4:1a:ba:cc:10:c6:39:b1:19:06:
         eb:74:5b:b5:8d:80:5f:1a:ca:4c:03:d5:fd:0b:a1:0b:d2:01:
         09:74:d4:8a:10:db:9d:cd:cb:e0:34:5b:c3:64:4e:94:21:dc:
         61:c0:fd:80:5c:7b:2f:93:e9:ae:b5:2f:8a:83:6d:ad:ec:29:
         aa:ad:59:72:bf:0f:23:af:fc:41:ed:9e:18:85:60:cc:57:12:
         89:d9:67:95:80:ea:89:7c:9f:b8:c8:91:02:2a:9d:19:40:81:
         a9:1f:87:eb:7a:49:ea:ad:37:bb:73:59:d7:cd:a1:c5:03:ea:
         0b:77:d0:3d:0c:54:00:29:6e:bc:60:a1:64:af:fb:71:20:80:
         d1:1b:c6:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSvICMpXIQWOFpJDbKJ/LmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmY2U1NWQxNWViMTE5ZTUyZDZmYWZjZDM5NzNlMmY2ZDRm
MjIzZjIwHhcNMjUwMTI4MjI1NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGM1NjFkY2M5ODE1YmVlNzFkN2NhYjYzNzVjMTcxNjlhMjk0ZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhheN1YkXUP51+SrfFSO0mn4OyJQg
N03r5hDOC1ympj10F/ZHKPOXPxbD5IPFeWgPECs8MW9nlJKn9c5XYzWbZX2YXbfW
ZlbsXOU0LFq3dDbODPUvASJFV6t6ucsLTNEXopuY/IXSvuc2yBxjUdMbeTqJteaa
2WFIt8xBEgYH2KwPFL7asblDtj6pp6llbjVfpM7aKavVzsJdne1mEzEchXe6X0dF
JR8Y3RDp7iJJRZk+IMReftn5ko4nMwSgP0MAlKXMD2V6lZCncoZtrzNP8CJJ22LH
uTylqth37z00Q9rKhj5xCNjSK2d/Ojot0fxqlcjHXVsVg9ub7jbbBZ60MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKjFYdzJgVvucdfKtjdcFxaaKU4DMB8GA1UdIwQY
MBaAFL/OVdFesRnlLW+vzTlz4vbU8iPyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjg1VjBWNnhHZVV0YjZfTk9YUGk5dFR5SV9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9lY2U1YzctMjE0My00ZGI0LTk4NTct
MDUyY2YwMWQyMDQ4LzEvcU1WaDNNbUJXLTV4MThxMk4xd1hGcG9wVGdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9lY2U1YzctMjE0My00ZGI0LTk4NTctMDUyY2YwMWQyMDQ4
LzEvdjg1VjBWNnhHZVV0YjZfTk9YUGk5dFR5SV9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZ+kAwQB
W8M4MA0GCSqGSIb3DQEBCwUAA4IBAQCQ0DwI7rIJ+ZMLpdIoIwBUYbpt6tU0UOqL
AM+fMb/6xQ0elhUISweS+KyBLsX53s2U88Fu7feVmUm6H5rki0lItvK5QMCBr6eY
Wr02sndVD2BETzwS6h6hia2oqd+S8CD5kyy6ovWokqzaDmgmNiplafEkLbQauswQ
xjmxGQbrdFu1jYBfGspMA9X9C6EL0gEJdNSKENudzcvgNFvDZE6UIdxhwP2AXHsv
k+mutS+Kg22t7CmqrVlyvw8jr/xB7Z4YhWDMVxKJ2WeVgOqJfJ+4yJECKp0ZQIGp
H4freknqrTe7c1nXzaHFA+oLd9A9DFQAKW68YKFkr/txIIDRG8aZ
-----END CERTIFICATE-----