Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/kRQ6f8Urs8RBqDgi8Da6tSN3aAc.roa
File:                     kRQ6f8Urs8RBqDgi8Da6tSN3aAc.roa (raw, json)
Hash identifier:          z7QmoB/xYXcMsvl1mKdajDJJ6I8pmKlJcRm8qtlCs+Y=
Subject key identifier:   91:14:3A:7F:C5:2B:B3:C4:41:A8:38:22:F0:36:BA:B5:23:77:68:07
Certificate issuer:       /CN=0c477abf0a27ede886fbc42413d7a89c226b11fa
Certificate serial:       018CC86FFC3F367241C1D1A983B444537840
Authority key identifier: 0C:47:7A:BF:0A:27:ED:E8:86:FB:C4:24:13:D7:A8:9C:22:6B:11:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DEd6vwon7eiG-8QkE9eonCJrEfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/kRQ6f8Urs8RBqDgi8Da6tSN3aAc.roa
Signing time:             Tue 02 Jan 2024 04:30:31 +0000
ROA not before:           Tue 02 Jan 2024 04:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213078
IP address blocks:        45.87.208.0/22 maxlen: 22
                          2a06:bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/DEd6vwon7eiG-8QkE9eonCJrEfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/DEd6vwon7eiG-8QkE9eonCJrEfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DEd6vwon7eiG-8QkE9eonCJrEfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:fc:3f:36:72:41:c1:d1:a9:83:b4:44:53:78:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c477abf0a27ede886fbc42413d7a89c226b11fa
        Validity
            Not Before: Jan  2 04:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91143a7fc52bb3c441a83822f036bab523776807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3a:9b:7e:83:b1:83:5b:ae:45:99:f6:ed:c2:
                    d4:4c:3e:4d:7a:bc:ee:9a:d1:b3:ea:0c:3a:da:01:
                    59:9a:cd:1d:18:d9:1b:66:6a:1e:79:19:75:b8:da:
                    b9:c5:21:b6:b6:58:84:5c:97:e6:89:a1:4c:54:35:
                    6d:bb:6b:31:79:f4:a3:a2:b4:a5:6e:f3:95:5d:b5:
                    78:8f:5c:22:29:61:e5:ce:6a:31:c7:36:d4:0d:02:
                    8a:1c:82:76:e9:b6:48:01:0b:40:67:5b:f8:6d:93:
                    5e:9e:e5:90:83:4e:e5:34:30:13:32:75:37:b2:1e:
                    1c:85:f0:12:17:cd:5f:a6:95:b6:7a:6a:67:e5:2a:
                    90:4a:e7:4a:c0:f7:08:e7:37:e0:a0:10:b0:d3:9d:
                    1f:76:88:d8:97:86:2b:37:14:df:7c:b1:86:52:b9:
                    84:ba:b5:e7:c9:d3:bb:5c:c4:c4:3f:3d:35:e5:11:
                    70:de:f8:e3:49:9f:c5:c1:45:60:fa:fb:d9:42:1a:
                    ca:f0:81:00:90:96:71:c9:6a:1c:e4:6d:29:af:4f:
                    31:aa:ae:db:19:10:42:c6:6c:56:ee:cf:aa:a0:50:
                    e6:73:2b:a3:9d:1b:33:f9:2a:2e:38:bc:13:bc:b3:
                    70:49:e0:5f:9d:c1:19:96:79:19:e8:92:4e:af:c1:
                    6a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:14:3A:7F:C5:2B:B3:C4:41:A8:38:22:F0:36:BA:B5:23:77:68:07
            X509v3 Authority Key Identifier:
                keyid:0C:47:7A:BF:0A:27:ED:E8:86:FB:C4:24:13:D7:A8:9C:22:6B:11:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DEd6vwon7eiG-8QkE9eonCJrEfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/kRQ6f8Urs8RBqDgi8Da6tSN3aAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/DEd6vwon7eiG-8QkE9eonCJrEfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.208.0/22
                IPv6:
                  2a06:bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:92:cd:f8:b0:18:79:c6:3f:1f:fc:de:38:be:45:85:43:19:
         74:13:81:54:d1:98:6c:bb:e6:eb:2a:1d:cc:4d:f9:d1:18:4b:
         dd:33:c0:94:28:7b:c3:50:ef:46:fe:0d:66:64:d5:88:06:9e:
         fa:28:96:ae:df:76:d5:8c:d1:05:3e:65:f5:68:55:63:eb:25:
         11:af:56:bc:26:30:9d:7d:3d:f8:b6:39:89:b8:12:29:6b:e6:
         d3:ff:95:a4:88:dc:5f:5d:ea:a0:07:81:e9:e2:b0:8c:fb:75:
         dc:2a:3d:f4:b2:74:97:d9:d9:24:9b:a0:ff:3b:7a:b5:b3:45:
         3f:a3:8d:6d:8b:cd:56:87:83:76:52:03:79:4c:ce:0d:b2:83:
         a6:3e:7b:57:bb:a4:b7:e3:9d:dc:5d:1a:51:1f:90:2c:35:84:
         08:bf:6a:d8:d8:87:b0:d8:a0:7a:7b:50:46:6f:b4:65:87:36:
         87:78:77:c5:16:02:7c:ee:32:24:8a:b2:be:78:91:1f:1d:7e:
         05:96:59:be:5c:68:b0:22:6a:56:19:fb:d3:5c:69:02:f7:ab:
         f5:ba:a4:9e:ae:6e:2f:80:73:98:f6:a4:a9:63:0e:be:a8:df:
         92:74:7c:89:a2:5a:17:a5:fa:c4:c3:19:5e:79:be:36:10:93:
         7f:c0:08:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb/w/NnJBwdGpg7REU3hAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNDc3YWJmMGEyN2VkZTg4NmZiYzQyNDEzZDdhODljMjI2
YjExZmEwHhcNMjQwMTAyMDQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTE0M2E3ZmM1MmJiM2M0NDFhODM4MjJmMDM2YmFiNTIzNzc2ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjqbfoOxg1uuRZn27cLUTD5Nerzu
mtGz6gw62gFZms0dGNkbZmoeeRl1uNq5xSG2tliEXJfmiaFMVDVtu2sxefSjorSl
bvOVXbV4j1wiKWHlzmoxxzbUDQKKHIJ26bZIAQtAZ1v4bZNenuWQg07lNDATMnU3
sh4chfASF81fppW2empn5SqQSudKwPcI5zfgoBCw050fdojYl4YrNxTffLGGUrmE
urXnydO7XMTEPz015RFw3vjjSZ/FwUVg+vvZQhrK8IEAkJZxyWoc5G0pr08xqq7b
GRBCxmxW7s+qoFDmcyujnRsz+SouOLwTvLNwSeBfncEZlnkZ6JJOr8Fq2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJEUOn/FK7PEQag4IvA2urUjd2gHMB8GA1UdIwQY
MBaAFAxHer8KJ+3ohvvEJBPXqJwiaxH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREVkNnZ3b243ZWlHLThRa0U5ZW9uQ0pyRWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC81NTZkM2QtMDQyMi00NjEyLWEyMTct
MThmNGY2NmE1MGEwLzEva1JRNmY4VXJzOFJCcURnaThEYTZ0U04zYUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC81NTZkM2QtMDQyMi00NjEyLWEyMTctMThmNGY2NmE1MGEw
LzEvREVkNnZ3b243ZWlHLThRa0U5ZW9uQ0pyRWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVfQMA0E
AgACMAcDBQMqBgvAMA0GCSqGSIb3DQEBCwUAA4IBAQCkks34sBh5xj8f/N44vkWF
Qxl0E4FU0Zhsu+brKh3MTfnRGEvdM8CUKHvDUO9G/g1mZNWIBp76KJau33bVjNEF
PmX1aFVj6yURr1a8JjCdfT34tjmJuBIpa+bT/5WkiNxfXeqgB4Hp4rCM+3XcKj30
snSX2dkkm6D/O3q1s0U/o41ti81Wh4N2UgN5TM4NsoOmPntXu6S3453cXRpRH5As
NYQIv2rY2Iew2KB6e1BGb7RlhzaHeHfFFgJ87jIkirK+eJEfHX4Fllm+XGiwImpW
GfvTXGkC96v1uqSerm4vgHOY9qSpYw6+qN+SdHyJoloXpfrEwxleeb42EJN/wAgw
-----END CERTIFICATE-----