Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/xsoAaKp53xWw-e-Wm8CILOU8Rzc.roa
File:                     xsoAaKp53xWw-e-Wm8CILOU8Rzc.roa (raw, json)
Hash identifier:          +dge3ZwIO8m/UTNnzTLIOC2ax5vYcGLhApSyAoCBAPc=
Subject key identifier:   C6:CA:00:68:AA:79:DF:15:B0:F9:EF:96:9B:C0:88:2C:E5:3C:47:37
Certificate issuer:       /CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
Certificate serial:       018CCA2B615CCC1E065CFF29D776129BF69C
Authority key identifier: B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/xsoAaKp53xWw-e-Wm8CILOU8Rzc.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        45.156.28.0/24 maxlen: 24
                          45.94.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:61:5c:cc:1e:06:5c:ff:29:d7:76:12:9b:f6:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6ca0068aa79df15b0f9ef969bc0882ce53c4737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4e:4b:af:50:e4:58:da:94:cc:34:50:1c:7f:
                    be:09:18:75:a7:f3:20:2b:fa:79:67:21:84:03:0f:
                    f8:55:a2:ea:e2:29:3e:3d:c9:89:71:98:b7:27:c5:
                    51:27:04:c5:2d:a0:e6:d3:ff:f3:e1:19:af:95:96:
                    23:ff:45:07:c5:87:fd:4f:00:fc:20:ea:d2:83:06:
                    58:b3:ab:cc:21:52:ec:9e:f5:bd:60:2d:a9:a8:72:
                    92:19:00:c5:79:37:81:9e:eb:61:76:b1:dc:7b:71:
                    a5:93:39:d3:b7:c2:96:78:73:73:53:b9:50:c4:6d:
                    e2:2c:5e:aa:3e:b8:3f:f8:3f:92:82:cd:00:4a:a1:
                    20:64:93:1b:eb:4b:1a:22:e6:48:c2:af:dd:bd:f8:
                    66:2c:a2:50:25:ad:3c:72:e9:65:54:3a:75:fc:63:
                    07:05:0b:26:12:88:9b:9b:e6:12:0b:91:10:f5:19:
                    74:21:93:cc:4c:5f:4b:a4:0a:8b:8d:a6:07:e2:94:
                    2c:d3:dd:e7:78:e0:86:2b:ee:57:3d:62:e9:a0:bf:
                    c2:e4:07:99:5a:59:4f:62:a5:3a:8c:ac:e4:82:74:
                    7a:c8:17:1c:a3:45:7b:4b:0b:19:8c:1d:90:77:1c:
                    c0:fc:59:c8:0f:b5:6b:44:fe:f9:55:39:3e:9d:92:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:CA:00:68:AA:79:DF:15:B0:F9:EF:96:9B:C0:88:2C:E5:3C:47:37
            X509v3 Authority Key Identifier:
                keyid:B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/xsoAaKp53xWw-e-Wm8CILOU8Rzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.6.0/24
                  45.156.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:bd:01:e7:10:3b:09:00:b9:aa:87:5a:15:0b:97:58:d5:d8:
         c4:59:8a:87:65:cb:8b:d2:23:8e:ac:fc:b8:72:0c:73:4c:be:
         e1:ad:8e:55:bb:73:4c:83:b3:7b:31:3a:f7:66:36:53:b0:26:
         38:55:07:04:17:e3:7f:ad:bf:d9:17:2d:7e:88:95:f8:b6:c5:
         e7:b5:83:4b:03:ef:6c:bf:c0:f5:52:d5:e6:58:28:4e:18:e7:
         98:6c:8c:cf:5a:63:16:62:1c:da:5c:e0:93:47:a9:81:e8:60:
         a5:c6:4e:34:f5:52:ef:74:33:c9:43:bf:1d:d7:1f:bf:de:ce:
         cb:d9:ea:85:a3:41:d4:19:6c:3a:88:56:72:f7:57:5d:ee:50:
         97:70:c1:8d:c2:af:11:29:f9:46:87:75:b5:17:da:27:65:d5:
         29:a9:c7:55:81:41:8e:96:7a:61:c7:4f:fc:f7:2f:d2:c9:04:
         d9:cd:e4:f6:a7:6b:22:7f:b8:02:74:1e:44:03:1d:f4:d0:7c:
         76:c3:5e:c7:1e:f4:8d:fe:ac:49:1e:21:b3:0d:74:a1:cc:ea:
         34:92:b4:16:53:aa:6e:b8:53:78:e5:29:92:1e:e7:2c:ef:aa:
         f0:ba:37:c9:86:09:9f:ee:a5:04:00:a1:3a:f5:c6:88:c4:2c:
         fc:58:c5:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK2FczB4GXP8p13YSm/acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYzBiZGFmYWRlYTc4ZGNlMzEyZjg2MmRkZjQyYjFiZDRj
NGY2NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmNhMDA2OGFhNzlkZjE1YjBmOWVmOTY5YmMwODgyY2U1M2M0NzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE5Lr1DkWNqUzDRQHH++CRh1p/Mg
K/p5ZyGEAw/4VaLq4ik+PcmJcZi3J8VRJwTFLaDm0//z4RmvlZYj/0UHxYf9TwD8
IOrSgwZYs6vMIVLsnvW9YC2pqHKSGQDFeTeBnuthdrHce3GlkznTt8KWeHNzU7lQ
xG3iLF6qPrg/+D+Sgs0ASqEgZJMb60saIuZIwq/dvfhmLKJQJa08cullVDp1/GMH
BQsmEoibm+YSC5EQ9Rl0IZPMTF9LpAqLjaYH4pQs093neOCGK+5XPWLpoL/C5AeZ
WllPYqU6jKzkgnR6yBcco0V7SwsZjB2QdxzA/FnID7VrRP75VTk+nZKJOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMbKAGiqed8VsPnvlpvAiCzlPEc3MB8GA1UdIwQY
MBaAFLLAva+t6njc4xL4Yt30KxvUxPZFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMt
ZmNjMzM2ZWVkOGQ3LzEveHNvQWFLcDUzeFd3LWUtV204Q0lMT1U4UnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMtZmNjMzM2ZWVkOGQ3
LzEvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV4GAwQA
LZwcMA0GCSqGSIb3DQEBCwUAA4IBAQCXvQHnEDsJALmqh1oVC5dY1djEWYqHZcuL
0iOOrPy4cgxzTL7hrY5Vu3NMg7N7MTr3ZjZTsCY4VQcEF+N/rb/ZFy1+iJX4tsXn
tYNLA+9sv8D1UtXmWChOGOeYbIzPWmMWYhzaXOCTR6mB6GClxk409VLvdDPJQ78d
1x+/3s7L2eqFo0HUGWw6iFZy91dd7lCXcMGNwq8RKflGh3W1F9onZdUpqcdVgUGO
lnphx0/89y/SyQTZzeT2p2sif7gCdB5EAx300Hx2w17HHvSN/qxJHiGzDXShzOo0
krQWU6puuFN45SmSHucs76rwujfJhgmf7qUEAKE69caIxCz8WMXv
-----END CERTIFICATE-----