Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/_W0fXgoQ2ZC31ND433EInzHFE7k.roa
File:                     _W0fXgoQ2ZC31ND433EInzHFE7k.roa (raw, json)
Hash identifier:          4ZIpJwn1w8Wd4aW+UaVxHbDedWUhLA1aoP/nhf/jZV8=
Subject key identifier:   FD:6D:1F:5E:0A:10:D9:90:B7:D4:D0:F8:DF:71:08:9F:31:C5:13:B9
Certificate issuer:       /CN=099d3946413dd11161b46c7df6ad362a9938d5d4
Certificate serial:       0190F055F9FAD6C2BBED3C0F651F844425EE
Authority key identifier: 09:9D:39:46:41:3D:D1:11:61:B4:6C:7D:F6:AD:36:2A:99:38:D5:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZ05RkE90RFhtGx99q02Kpk41dQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/_W0fXgoQ2ZC31ND433EInzHFE7k.roa
Signing time:             Fri 26 Jul 2024 18:38:04 +0000
ROA not before:           Fri 26 Jul 2024 18:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208777
IP address blocks:        45.84.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/CZ05RkE90RFhtGx99q02Kpk41dQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/CZ05RkE90RFhtGx99q02Kpk41dQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZ05RkE90RFhtGx99q02Kpk41dQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f0:55:f9:fa:d6:c2:bb:ed:3c:0f:65:1f:84:44:25:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099d3946413dd11161b46c7df6ad362a9938d5d4
        Validity
            Not Before: Jul 26 18:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd6d1f5e0a10d990b7d4d0f8df71089f31c513b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:83:c2:af:97:27:f1:dd:eb:dc:1a:df:bd:ab:
                    5d:7c:b7:f0:37:eb:7b:72:ef:a8:4c:fc:ae:f0:a9:
                    13:54:79:ff:16:44:75:04:ac:96:f1:3a:04:60:bf:
                    a6:78:56:3e:e4:45:8e:12:73:be:f9:c1:05:79:6d:
                    51:9f:66:9d:91:0c:f2:32:17:29:92:fa:1d:5d:1f:
                    c6:c1:ba:c1:96:fc:8e:ea:2a:b8:84:3e:bd:ec:ca:
                    ef:e6:de:5c:d7:bc:52:38:40:7e:59:f8:bb:67:eb:
                    46:5f:3d:eb:c2:c1:c2:ef:a3:47:2d:57:5a:c5:bc:
                    27:f3:08:3d:75:89:a4:2b:e0:a6:87:13:e9:4a:f2:
                    c6:91:f7:19:a3:b1:28:32:29:33:de:81:a3:17:b8:
                    3c:a9:95:9e:3a:39:62:d9:09:e5:e2:b3:af:9c:ce:
                    e0:00:77:41:25:d3:7c:c0:5c:29:6e:24:22:34:94:
                    7a:09:c6:86:7f:32:d8:be:bf:3a:6f:12:60:0f:61:
                    db:f3:50:51:28:3b:02:11:c3:db:c4:b3:41:2d:c8:
                    f8:2d:34:69:75:30:fb:d0:e2:68:f4:d7:21:7e:87:
                    5c:7c:28:5c:86:42:45:08:b3:ae:b4:2e:4e:f5:43:
                    81:f8:da:fc:de:29:5f:cb:f2:ed:cc:33:d7:57:94:
                    9d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:6D:1F:5E:0A:10:D9:90:B7:D4:D0:F8:DF:71:08:9F:31:C5:13:B9
            X509v3 Authority Key Identifier:
                keyid:09:9D:39:46:41:3D:D1:11:61:B4:6C:7D:F6:AD:36:2A:99:38:D5:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZ05RkE90RFhtGx99q02Kpk41dQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/_W0fXgoQ2ZC31ND433EInzHFE7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/CZ05RkE90RFhtGx99q02Kpk41dQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:89:f6:55:03:d5:42:c9:ad:2c:94:67:cd:02:0c:95:f3:f1:
         ef:ce:48:61:be:8a:83:3b:de:8a:76:16:26:41:d8:f6:c5:97:
         61:ec:06:67:17:5c:c9:2c:f0:a9:c4:5b:25:66:21:05:fd:09:
         76:3e:5e:e6:cb:45:fe:1b:e0:74:56:83:4c:89:e9:9a:b4:27:
         1b:ea:2b:d3:b5:c1:cc:ee:a1:da:49:0f:59:a5:84:c2:97:1b:
         80:73:2f:ea:d1:74:fd:4d:75:c3:27:7a:58:ad:dd:2d:f8:53:
         b8:0f:2f:f1:d1:83:89:ae:64:eb:bc:9d:4e:73:ce:dd:03:8e:
         1f:be:cf:34:f0:29:07:d4:71:66:92:ec:cb:5c:ad:5b:61:e3:
         e2:09:45:9f:a9:0e:20:00:3e:de:89:73:77:67:d9:16:e7:8e:
         79:90:08:b1:72:e3:7d:36:11:0d:a0:fa:c7:f9:fa:55:ab:39:
         ca:80:70:b4:42:cc:be:19:9e:ff:61:b9:4a:69:a4:54:50:db:
         fd:9c:a9:12:c9:7a:0c:12:57:c0:60:14:0a:d4:e4:7e:67:d0:
         0c:1e:d7:b3:82:15:7d:ad:75:a7:00:31:69:7a:f8:50:94:43:
         3d:35:20:84:41:84:a2:ea:13:0a:3d:7f:f0:cd:20:b9:63:97:
         8d:30:e9:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDwVfn61sK77TwPZR+ERCXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWQzOTQ2NDEzZGQxMTE2MWI0NmM3ZGY2YWQzNjJhOTkz
OGQ1ZDQwHhcNMjQwNzI2MTgzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZkMWY1ZTBhMTBkOTkwYjdkNGQwZjhkZjcxMDg5ZjMxYzUxM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIPCr5cn8d3r3BrfvatdfLfwN+t7
cu+oTPyu8KkTVHn/FkR1BKyW8ToEYL+meFY+5EWOEnO++cEFeW1Rn2adkQzyMhcp
kvodXR/GwbrBlvyO6iq4hD697Mrv5t5c17xSOEB+Wfi7Z+tGXz3rwsHC76NHLVda
xbwn8wg9dYmkK+CmhxPpSvLGkfcZo7EoMikz3oGjF7g8qZWeOjli2Qnl4rOvnM7g
AHdBJdN8wFwpbiQiNJR6CcaGfzLYvr86bxJgD2Hb81BRKDsCEcPbxLNBLcj4LTRp
dTD70OJo9NchfodcfChchkJFCLOutC5O9UOB+Nr83ilfy/LtzDPXV5Sd+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1tH14KENmQt9TQ+N9xCJ8xxRO5MB8GA1UdIwQY
MBaAFAmdOUZBPdERYbRsffatNiqZONXUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1owNVJrRTkwUkZodEd4OTlxMDJLcGs0MWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84NTY0NDMtYjhmYi00NzhlLTg3Yzkt
Y2Y1MmFhOWQ2Y2NjLzEvX1cwZlhnb1EyWkMzMU5ENDMzRUluekhGRTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84NTY0NDMtYjhmYi00NzhlLTg3YzktY2Y1MmFhOWQ2Y2Nj
LzEvQ1owNVJrRTkwUkZodEd4OTlxMDJLcGs0MWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVRUMA0G
CSqGSIb3DQEBCwUAA4IBAQAtifZVA9VCya0slGfNAgyV8/HvzkhhvoqDO96KdhYm
Qdj2xZdh7AZnF1zJLPCpxFslZiEF/Ql2Pl7my0X+G+B0VoNMiematCcb6ivTtcHM
7qHaSQ9ZpYTClxuAcy/q0XT9TXXDJ3pYrd0t+FO4Dy/x0YOJrmTrvJ1Oc87dA44f
vs808CkH1HFmkuzLXK1bYePiCUWfqQ4gAD7eiXN3Z9kW5455kAixcuN9NhENoPrH
+fpVqznKgHC0Qsy+GZ7/YblKaaRUUNv9nKkSyXoMElfAYBQK1OR+Z9AMHtezghV9
rXWnADFpevhQlEM9NSCEQYSi6hMKPX/wzSC5Y5eNMOn6
-----END CERTIFICATE-----