Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/RP2FXRguXJzd2q4fpS2fHhW_0dM.roa
File:                     RP2FXRguXJzd2q4fpS2fHhW_0dM.roa (raw, json)
Hash identifier:          hT5W7SAEWvkekzlVAsbQVFMouol9uwtyQ9oRHPahWt4=
Subject key identifier:   44:FD:85:5D:18:2E:5C:9C:DD:DA:AE:1F:A5:2D:9F:1E:15:BF:D1:D3
Certificate issuer:       /CN=110aaf9016a68752fc9132149b91e8fab16e24be
Certificate serial:       018CC727486D03E844C1B19EDA9FBAE5DFFC
Authority key identifier: 11:0A:AF:90:16:A6:87:52:FC:91:32:14:9B:91:E8:FA:B1:6E:24:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EQqvkBamh1L8kTIUm5Ho-rFuJL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/RP2FXRguXJzd2q4fpS2fHhW_0dM.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47755
IP address blocks:        45.90.164.0/22 maxlen: 24
                          2a0e:2c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/EQqvkBamh1L8kTIUm5Ho-rFuJL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/EQqvkBamh1L8kTIUm5Ho-rFuJL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EQqvkBamh1L8kTIUm5Ho-rFuJL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:6d:03:e8:44:c1:b1:9e:da:9f:ba:e5:df:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=110aaf9016a68752fc9132149b91e8fab16e24be
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44fd855d182e5c9cdddaae1fa52d9f1e15bfd1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ca:2f:fd:8d:76:b7:e7:3e:8f:d0:d4:66:6e:
                    a4:3d:71:37:e6:97:80:1e:bb:ab:94:59:4b:ee:d8:
                    0a:f7:c3:bf:e1:99:4b:f0:5b:1f:c6:7a:4e:ea:54:
                    a3:0e:c8:c5:93:ef:0f:09:a9:23:7e:b2:00:f6:37:
                    84:a4:c8:3c:b7:df:02:d7:4b:df:16:c5:d4:23:e7:
                    de:ff:20:18:66:57:1b:aa:97:a5:c0:4a:d5:4c:63:
                    84:75:7e:bf:53:f6:2a:6d:78:48:ed:7d:33:32:06:
                    05:03:cd:dd:02:f3:89:3b:d5:c1:32:77:31:d3:93:
                    83:26:02:19:de:87:0f:99:e7:7f:5f:7e:a7:0c:b1:
                    36:9e:41:fc:0a:d3:ae:57:de:9e:99:44:3e:e7:c0:
                    d6:ce:d7:dc:84:af:c3:ec:d8:71:42:93:4e:82:28:
                    73:b1:85:e4:d0:fe:49:f5:6d:46:77:00:e0:d5:50:
                    76:3c:ce:d5:e5:71:92:8e:7b:e0:2e:32:fc:f7:16:
                    9c:80:12:36:34:30:6e:f0:20:51:66:cf:17:43:63:
                    25:0b:55:3b:9b:7b:dd:90:d5:a1:e8:ba:31:1c:2a:
                    ba:13:26:3e:fe:89:c9:ab:78:61:34:03:ec:08:a1:
                    ca:f9:51:81:76:a0:d1:f1:76:2c:8f:6e:54:aa:34:
                    b7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:FD:85:5D:18:2E:5C:9C:DD:DA:AE:1F:A5:2D:9F:1E:15:BF:D1:D3
            X509v3 Authority Key Identifier:
                keyid:11:0A:AF:90:16:A6:87:52:FC:91:32:14:9B:91:E8:FA:B1:6E:24:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EQqvkBamh1L8kTIUm5Ho-rFuJL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/RP2FXRguXJzd2q4fpS2fHhW_0dM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/EQqvkBamh1L8kTIUm5Ho-rFuJL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.164.0/22
                IPv6:
                  2a0e:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         bc:fb:a9:5a:31:d0:46:e0:ba:17:e1:3b:5c:1e:ed:26:3b:40:
         1f:cd:e3:08:32:b2:0f:9c:e8:43:5d:c9:87:17:f7:01:04:38:
         b8:3b:75:c1:9a:68:84:58:15:15:c1:95:d7:54:18:3d:a2:e0:
         51:ff:90:68:38:c9:3b:9e:fb:ba:84:4f:5e:97:fb:ea:d2:e3:
         4e:14:70:27:38:aa:14:9c:d5:38:81:f9:a3:94:bf:0d:c4:9d:
         a0:b1:85:fe:5b:0f:c6:37:63:64:ab:cf:69:15:f9:fa:4d:6d:
         8d:27:cb:c2:ab:0d:9b:8b:48:d5:72:57:46:4b:57:25:39:e2:
         f9:b4:be:aa:84:e0:72:c0:da:fa:eb:0f:ae:d3:ac:90:ca:6e:
         b6:da:06:31:94:5e:a1:28:cd:0e:f5:20:48:d5:96:e4:7e:ad:
         f0:74:f4:58:bd:39:7b:ac:1f:c6:64:7b:78:89:33:22:8a:32:
         a3:5d:be:a2:52:2e:d0:02:f5:c6:fa:b5:24:2f:1d:84:07:05:
         4d:a4:dc:d4:67:df:21:fb:aa:57:67:16:c1:49:70:1f:00:51:
         f7:35:3d:ab:59:d0:b6:2c:3e:c0:b9:88:03:c5:05:52:c9:ad:
         d4:54:d1:e3:4a:73:58:52:5c:7a:a5:46:c6:e8:91:af:02:bc:
         0d:91:e0:c7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJ0htA+hEwbGe2p+65d/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMGFhZjkwMTZhNjg3NTJmYzkxMzIxNDliOTFlOGZhYjE2
ZTI0YmUwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGZkODU1ZDE4MmU1YzljZGRkYWFlMWZhNTJkOWYxZTE1YmZkMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMov/Y12t+c+j9DUZm6kPXE35peA
HrurlFlL7tgK98O/4ZlL8FsfxnpO6lSjDsjFk+8PCakjfrIA9jeEpMg8t98C10vf
FsXUI+fe/yAYZlcbqpelwErVTGOEdX6/U/YqbXhI7X0zMgYFA83dAvOJO9XBMncx
05ODJgIZ3ocPmed/X36nDLE2nkH8CtOuV96emUQ+58DWztfchK/D7NhxQpNOgihz
sYXk0P5J9W1GdwDg1VB2PM7V5XGSjnvgLjL89xacgBI2NDBu8CBRZs8XQ2MlC1U7
m3vdkNWh6LoxHCq6EyY+/onJq3hhNAPsCKHK+VGBdqDR8XYsj25UqjS3JwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFET9hV0YLlyc3dquH6Utnx4Vv9HTMB8GA1UdIwQY
MBaAFBEKr5AWpodS/JEyFJuR6PqxbiS+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVFxdmtCYW1oMUw4a1RJVW01SG8tckZ1Skw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9lNDExZTgtMGRjNi00NmUyLWIzYTct
ZDBkZWJjZmZmZDc2LzEvUlAyRlhSZ3VYSnpkMnE0ZnBTMmZIaFdfMGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9lNDExZTgtMGRjNi00NmUyLWIzYTctZDBkZWJjZmZmZDc2
LzEvRVFxdmtCYW1oMUw4a1RJVW01SG8tckZ1Skw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVqkMA0E
AgACMAcDBQMqDgLAMA0GCSqGSIb3DQEBCwUAA4IBAQC8+6laMdBG4LoX4TtcHu0m
O0AfzeMIMrIPnOhDXcmHF/cBBDi4O3XBmmiEWBUVwZXXVBg9ouBR/5BoOMk7nvu6
hE9el/vq0uNOFHAnOKoUnNU4gfmjlL8NxJ2gsYX+Ww/GN2Nkq89pFfn6TW2NJ8vC
qw2bi0jVcldGS1clOeL5tL6qhOBywNr66w+u06yQym622gYxlF6hKM0O9SBI1Zbk
fq3wdPRYvTl7rB/GZHt4iTMiijKjXb6iUi7QAvXG+rUkLx2EBwVNpNzUZ98h+6pX
ZxbBSXAfAFH3NT2rWdC2LD7AuYgDxQVSya3UVNHjSnNYUlx6pUbG6JGvArwNkeDH
-----END CERTIFICATE-----