Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/858910-c501-459c-a313-7ac680ed5dd7/1/wj7qcgvaOj7XAjHwTJVgr8YuEQM.roa
File:                     wj7qcgvaOj7XAjHwTJVgr8YuEQM.roa (raw, json)
Hash identifier:          kzYX1MhM/iHHWKpoUpOzMyMiwwKNm1eu/VNqqAd7WeM=
Subject key identifier:   C2:3E:EA:72:0B:DA:3A:3E:D7:02:31:F0:4C:95:60:AF:C6:2E:11:03
Certificate issuer:       /CN=d485b6e9d89fb010369971ed88857205985d4918
Certificate serial:       018CC86F62CD1F5FB7410E85E738255CC746
Authority key identifier: D4:85:B6:E9:D8:9F:B0:10:36:99:71:ED:88:85:72:05:98:5D:49:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IW26difsBA2mXHtiIVyBZhdSRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/858910-c501-459c-a313-7ac680ed5dd7/1/wj7qcgvaOj7XAjHwTJVgr8YuEQM.roa
Signing time:             Tue 02 Jan 2024 04:29:52 +0000
ROA not before:           Tue 02 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208725
IP address blocks:        45.87.76.0/22 maxlen: 22
                          2a0e:f780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/858910-c501-459c-a313-7ac680ed5dd7/1/1IW26difsBA2mXHtiIVyBZhdSRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/858910-c501-459c-a313-7ac680ed5dd7/1/1IW26difsBA2mXHtiIVyBZhdSRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IW26difsBA2mXHtiIVyBZhdSRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:62:cd:1f:5f:b7:41:0e:85:e7:38:25:5c:c7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d485b6e9d89fb010369971ed88857205985d4918
        Validity
            Not Before: Jan  2 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c23eea720bda3a3ed70231f04c9560afc62e1103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:42:55:ba:a9:2e:4f:cc:df:1f:30:30:2f:fc:
                    22:51:fe:1d:02:a8:d2:ee:23:6f:9a:41:9e:4d:6e:
                    c5:32:91:9e:95:e2:b0:ce:14:1c:32:94:02:92:ab:
                    da:e5:66:71:2c:79:53:e6:58:4e:c8:1e:25:b5:74:
                    17:40:e3:b8:0f:d6:08:8a:e5:cf:2c:37:a5:e5:6f:
                    b8:d2:2b:86:a1:42:76:1a:63:b1:d4:ca:c6:d8:0d:
                    16:23:76:1a:d8:f4:38:7b:54:cb:72:7e:45:33:42:
                    2b:3a:8d:66:3a:8f:a7:f1:69:33:2d:bf:e3:85:9e:
                    ae:e7:48:d9:6c:89:c5:8c:57:1f:75:8f:4b:e8:9b:
                    c7:d9:ee:a2:39:cb:c6:85:42:57:b6:87:3f:f7:89:
                    a2:77:36:dc:ea:a7:9a:d5:08:f3:4c:b0:3c:4a:d1:
                    53:f2:53:8c:27:ad:77:e4:22:66:ee:29:fd:b6:29:
                    76:7e:05:20:f4:6e:1f:2a:df:2b:c0:17:41:fb:66:
                    d9:60:60:d1:19:84:27:2f:3d:b2:4c:1c:9b:3c:e5:
                    d1:6b:41:a9:a0:7b:13:d7:9e:b2:ce:96:b6:c4:7a:
                    4d:7d:6d:33:e0:c8:48:be:3e:22:be:d3:86:35:44:
                    c9:9e:76:c4:d2:a5:54:89:c7:75:98:96:f1:85:d3:
                    08:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:3E:EA:72:0B:DA:3A:3E:D7:02:31:F0:4C:95:60:AF:C6:2E:11:03
            X509v3 Authority Key Identifier:
                keyid:D4:85:B6:E9:D8:9F:B0:10:36:99:71:ED:88:85:72:05:98:5D:49:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IW26difsBA2mXHtiIVyBZhdSRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/858910-c501-459c-a313-7ac680ed5dd7/1/wj7qcgvaOj7XAjHwTJVgr8YuEQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/858910-c501-459c-a313-7ac680ed5dd7/1/1IW26difsBA2mXHtiIVyBZhdSRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.76.0/22
                IPv6:
                  2a0e:f780::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:d8:c6:e8:7b:bb:e9:a6:28:9f:c0:00:17:cf:7f:e8:31:53:
         a3:95:ea:66:0e:b4:0b:43:d4:54:e5:44:d6:37:4e:27:60:12:
         2c:fe:6c:96:d2:5d:e8:fa:ee:59:c9:6b:4b:fd:13:a1:38:00:
         5f:b1:2c:40:e7:bd:05:93:78:0a:a3:fa:09:8d:dd:15:b5:37:
         85:0c:62:a9:65:65:92:a6:f3:b1:42:66:00:a7:e9:0b:d1:40:
         5e:5d:c9:55:ab:47:e6:1e:81:3d:9b:2c:3d:7c:97:39:7c:fb:
         cf:db:e7:8f:59:dc:b2:a4:cb:1c:f3:b1:e1:70:0f:dd:8b:0d:
         09:72:23:0d:3e:64:6c:cf:ae:ae:42:4e:bb:0c:d1:11:20:a4:
         32:6e:8f:a5:3b:6a:95:68:9d:5a:5f:45:52:f1:b6:e2:cb:a8:
         04:36:d4:2e:3e:9c:d2:70:0b:f4:c6:3f:56:35:62:aa:d0:3d:
         54:89:7b:54:37:1d:08:b4:1b:1c:25:e5:cc:83:2d:7c:13:5c:
         7d:48:56:f8:88:57:47:4d:ce:74:e5:db:4d:f0:29:6d:b7:ac:
         2b:0b:c1:bf:22:ab:d6:2d:c4:76:0e:43:81:ff:c1:fc:26:05:
         d1:44:44:9c:94:c8:49:60:3d:81:8a:a7:98:96:59:9f:9d:bf:
         21:af:66:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb2LNH1+3QQ6F5zglXMdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODViNmU5ZDg5ZmIwMTAzNjk5NzFlZDg4ODU3MjA1OTg1
ZDQ5MTgwHhcNMjQwMTAyMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjNlZWE3MjBiZGEzYTNlZDcwMjMxZjA0Yzk1NjBhZmM2MmUxMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0JVuqkuT8zfHzAwL/wiUf4dAqjS
7iNvmkGeTW7FMpGeleKwzhQcMpQCkqva5WZxLHlT5lhOyB4ltXQXQOO4D9YIiuXP
LDel5W+40iuGoUJ2GmOx1MrG2A0WI3Ya2PQ4e1TLcn5FM0IrOo1mOo+n8WkzLb/j
hZ6u50jZbInFjFcfdY9L6JvH2e6iOcvGhUJXtoc/94midzbc6qea1QjzTLA8StFT
8lOMJ6135CJm7in9til2fgUg9G4fKt8rwBdB+2bZYGDRGYQnLz2yTBybPOXRa0Gp
oHsT156yzpa2xHpNfW0z4MhIvj4ivtOGNUTJnnbE0qVUicd1mJbxhdMIqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMI+6nIL2jo+1wIx8EyVYK/GLhEDMB8GA1UdIwQY
MBaAFNSFtunYn7AQNplx7YiFcgWYXUkYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlXMjZkaWZzQkEybVhIdGlJVnlCWmhkU1JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84NTg5MTAtYzUwMS00NTljLWEzMTMt
N2FjNjgwZWQ1ZGQ3LzEvd2o3cWNndmFPajdYQWpId1RKVmdyOFl1RVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84NTg5MTAtYzUwMS00NTljLWEzMTMtN2FjNjgwZWQ1ZGQ3
LzEvMUlXMjZkaWZzQkEybVhIdGlJVnlCWmhkU1JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVdMMA0E
AgACMAcDBQMqDveAMA0GCSqGSIb3DQEBCwUAA4IBAQCf2Mboe7vppiifwAAXz3/o
MVOjlepmDrQLQ9RU5UTWN04nYBIs/myW0l3o+u5ZyWtL/ROhOABfsSxA570Fk3gK
o/oJjd0VtTeFDGKpZWWSpvOxQmYAp+kL0UBeXclVq0fmHoE9myw9fJc5fPvP2+eP
WdyypMsc87HhcA/diw0JciMNPmRsz66uQk67DNERIKQybo+lO2qVaJ1aX0VS8bbi
y6gENtQuPpzScAv0xj9WNWKq0D1UiXtUNx0ItBscJeXMgy18E1x9SFb4iFdHTc50
5dtN8Cltt6wrC8G/IqvWLcR2DkOB/8H8JgXRRESclMhJYD2BiqeYllmfnb8hr2aR
-----END CERTIFICATE-----