Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/a71a5c-1746-43c4-a67f-a8f76bd26a27/1/sTkATklgSOu2C1kf9Hshk6E5hh0.roa
File:                     sTkATklgSOu2C1kf9Hshk6E5hh0.roa (raw, json)
Hash identifier:          RRJHljOw31v6UbTEAdu+iK+txwpEvxNKHTzo8GZ5KXw=
Subject key identifier:   B1:39:00:4E:49:60:48:EB:B6:0B:59:1F:F4:7B:21:93:A1:39:86:1D
Certificate issuer:       /CN=736b294f965dad640f9e353bf38f9af1191479ea
Certificate serial:       018CC492E9DE22DC2CA7C55A6BBB70CF328D
Authority key identifier: 73:6B:29:4F:96:5D:AD:64:0F:9E:35:3B:F3:8F:9A:F1:19:14:79:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c2spT5ZdrWQPnjU784-a8RkUeeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/a71a5c-1746-43c4-a67f-a8f76bd26a27/1/sTkATklgSOu2C1kf9Hshk6E5hh0.roa
Signing time:             Mon 01 Jan 2024 10:30:11 +0000
ROA not before:           Mon 01 Jan 2024 10:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209900
IP address blocks:        45.65.88.0/22 maxlen: 23
                          2a09:fe00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/a71a5c-1746-43c4-a67f-a8f76bd26a27/1/c2spT5ZdrWQPnjU784-a8RkUeeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/a71a5c-1746-43c4-a67f-a8f76bd26a27/1/c2spT5ZdrWQPnjU784-a8RkUeeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c2spT5ZdrWQPnjU784-a8RkUeeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e9:de:22:dc:2c:a7:c5:5a:6b:bb:70:cf:32:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=736b294f965dad640f9e353bf38f9af1191479ea
        Validity
            Not Before: Jan  1 10:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b139004e496048ebb60b591ff47b2193a139861d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:98:07:8d:b9:36:f3:9e:48:5d:b3:fe:91:83:
                    b3:68:8c:7e:0b:a2:62:07:49:e0:46:51:db:b4:94:
                    16:7d:44:31:1d:4e:1e:d2:f6:dc:c3:aa:7d:b4:d7:
                    cb:e4:c9:2b:78:ec:15:af:b2:8d:ff:c9:1c:23:b6:
                    c1:86:e2:1e:b6:f7:17:24:78:f8:48:8f:ae:cd:25:
                    57:3a:69:99:ac:c1:8e:9b:74:7a:71:05:27:ba:ca:
                    03:75:19:cf:f9:97:3c:77:72:d9:73:88:34:6e:b2:
                    e1:65:78:94:43:98:32:fa:6e:60:ad:8a:03:cc:5d:
                    95:13:b5:44:e3:b3:6f:07:1e:37:d5:fb:e3:c2:86:
                    76:c7:b2:21:5d:5d:01:69:34:b9:f3:bd:8f:e2:4f:
                    73:83:31:b6:97:e8:2c:d0:2d:64:73:12:e3:fd:fa:
                    59:da:e6:6b:16:4e:20:0a:cf:01:74:a4:9a:df:2b:
                    66:5b:39:41:92:a4:94:2c:9b:55:9b:35:d2:5c:6c:
                    d7:dd:d8:f6:60:f1:76:79:cf:d0:9e:67:1e:fa:7b:
                    13:dc:9b:1d:20:73:b4:ba:02:f6:3d:9b:05:c7:ed:
                    07:0f:ae:65:08:98:30:7a:5e:23:de:f7:7c:57:32:
                    a9:3b:10:de:80:79:52:62:e3:41:10:45:18:b2:25:
                    71:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:39:00:4E:49:60:48:EB:B6:0B:59:1F:F4:7B:21:93:A1:39:86:1D
            X509v3 Authority Key Identifier:
                keyid:73:6B:29:4F:96:5D:AD:64:0F:9E:35:3B:F3:8F:9A:F1:19:14:79:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2spT5ZdrWQPnjU784-a8RkUeeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/a71a5c-1746-43c4-a67f-a8f76bd26a27/1/sTkATklgSOu2C1kf9Hshk6E5hh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/a71a5c-1746-43c4-a67f-a8f76bd26a27/1/c2spT5ZdrWQPnjU784-a8RkUeeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.88.0/22
                IPv6:
                  2a09:fe00::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:ad:42:34:bf:14:87:01:7f:3b:5e:02:7e:c1:ad:f2:96:af:
         98:62:dc:2b:ec:cc:6f:ad:47:c5:23:b0:46:b5:f9:2f:48:6c:
         39:d0:a1:9a:43:74:ec:d9:8b:19:f8:12:64:42:39:a1:87:db:
         bf:95:a3:ae:60:a0:1d:e5:0d:fe:e5:8a:cc:3f:0f:b1:32:d0:
         96:f7:94:d5:2d:8a:03:ca:be:c2:ee:7c:6b:b4:9f:b9:1c:7e:
         45:b0:07:a1:f2:d5:e9:2f:f9:cc:2f:ff:3c:57:67:e4:b9:58:
         c5:73:53:80:2a:aa:01:8e:e6:5c:2b:bd:eb:2b:95:a3:e1:8a:
         60:21:09:8d:7d:89:ec:74:ad:26:aa:64:26:9f:6d:60:0b:dd:
         be:6e:f2:30:cf:a5:14:c5:48:c6:28:e6:6d:dd:9e:45:40:e5:
         08:18:13:22:9c:ea:ac:10:61:69:d0:c2:2b:ee:af:7d:93:63:
         a7:70:75:2b:8e:4a:ae:f1:fe:0a:e5:53:65:c6:d0:8d:02:1e:
         af:fa:bb:2f:48:7e:5f:8e:d3:bd:3b:3a:ba:fc:da:0e:cf:3f:
         ea:31:60:e2:9e:30:ce:0f:f5:52:4f:74:e3:52:aa:85:ff:73:
         14:5f:44:f5:70:ab:d3:61:60:60:1b:57:8a:2c:b8:2c:83:0f:
         81:a8:b3:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkuneItwsp8Vaa7twzzKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNmIyOTRmOTY1ZGFkNjQwZjllMzUzYmYzOGY5YWYxMTkx
NDc5ZWEwHhcNMjQwMTAxMTAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTM5MDA0ZTQ5NjA0OGViYjYwYjU5MWZmNDdiMjE5M2ExMzk4NjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5gHjbk2855IXbP+kYOzaIx+C6Ji
B0ngRlHbtJQWfUQxHU4e0vbcw6p9tNfL5MkreOwVr7KN/8kcI7bBhuIetvcXJHj4
SI+uzSVXOmmZrMGOm3R6cQUnusoDdRnP+Zc8d3LZc4g0brLhZXiUQ5gy+m5grYoD
zF2VE7VE47NvBx431fvjwoZ2x7IhXV0BaTS5872P4k9zgzG2l+gs0C1kcxLj/fpZ
2uZrFk4gCs8BdKSa3ytmWzlBkqSULJtVmzXSXGzX3dj2YPF2ec/Qnmce+nsT3Jsd
IHO0ugL2PZsFx+0HD65lCJgwel4j3vd8VzKpOxDegHlSYuNBEEUYsiVx8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLE5AE5JYEjrtgtZH/R7IZOhOYYdMB8GA1UdIwQY
MBaAFHNrKU+WXa1kD541O/OPmvEZFHnqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzJzcFQ1WmRyV1FQbmpVNzg0LWE4UmtVZWVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9hNzFhNWMtMTc0Ni00M2M0LWE2N2Yt
YThmNzZiZDI2YTI3LzEvc1RrQVRrbGdTT3UyQzFrZjlIc2hrNkU1aGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9hNzFhNWMtMTc0Ni00M2M0LWE2N2YtYThmNzZiZDI2YTI3
LzEvYzJzcFQ1WmRyV1FQbmpVNzg0LWE4UmtVZWVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUFYMA0E
AgACMAcDBQMqCf4AMA0GCSqGSIb3DQEBCwUAA4IBAQCGrUI0vxSHAX87XgJ+wa3y
lq+YYtwr7MxvrUfFI7BGtfkvSGw50KGaQ3Ts2YsZ+BJkQjmhh9u/laOuYKAd5Q3+
5YrMPw+xMtCW95TVLYoDyr7C7nxrtJ+5HH5FsAeh8tXpL/nML/88V2fkuVjFc1OA
KqoBjuZcK73rK5Wj4YpgIQmNfYnsdK0mqmQmn21gC92+bvIwz6UUxUjGKOZt3Z5F
QOUIGBMinOqsEGFp0MIr7q99k2OncHUrjkqu8f4K5VNlxtCNAh6v+rsvSH5fjtO9
Ozq6/NoOzz/qMWDinjDOD/VST3TjUqqF/3MUX0T1cKvTYWBgG1eKLLgsgw+BqLNd
-----END CERTIFICATE-----