Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/ShWT_KulWadt0mQwvcR7AMy-HEc.roa
File:                     ShWT_KulWadt0mQwvcR7AMy-HEc.roa (raw, json)
Hash identifier:          8IOhWJ319ZWm5MmDKe4ZfA85BDyWLDHoFubMZwcKh5U=
Subject key identifier:   4A:15:93:FC:AB:A5:59:A7:6D:D2:64:30:BD:C4:7B:00:CC:BE:1C:47
Certificate issuer:       /CN=a2ca37ded1b70c81b74a430f9b4d7acc62805ed8
Certificate serial:       019026379322E3C6BC9D3DD314974ECEC7A1
Authority key identifier: A2:CA:37:DE:D1:B7:0C:81:B7:4A:43:0F:9B:4D:7A:CC:62:80:5E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/ShWT_KulWadt0mQwvcR7AMy-HEc.roa
Signing time:             Mon 17 Jun 2024 12:41:34 +0000
ROA not before:           Mon 17 Jun 2024 12:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199799
IP address blocks:        185.45.96.0/24 maxlen: 24
                          2a04:a180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:37:93:22:e3:c6:bc:9d:3d:d3:14:97:4e:ce:c7:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ca37ded1b70c81b74a430f9b4d7acc62805ed8
        Validity
            Not Before: Jun 17 12:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a1593fcaba559a76dd26430bdc47b00ccbe1c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:74:93:a2:2b:68:7f:8a:fe:97:a7:91:46:f2:
                    82:ce:50:0d:93:93:16:36:18:a6:22:05:8b:c1:d2:
                    01:8b:80:63:48:99:32:93:9c:40:d6:e3:3f:d1:33:
                    e7:49:a9:7b:cd:ab:32:a8:2a:90:95:2c:05:29:3a:
                    fe:ed:3f:f3:49:d9:5e:b9:ec:6d:62:ed:6b:d1:c2:
                    ae:aa:43:5c:69:17:83:89:d3:be:51:49:f3:13:99:
                    29:69:00:d1:f5:ad:0c:a2:58:3c:20:d5:c3:d6:a2:
                    57:67:1f:78:55:9e:4b:6a:94:24:2f:14:ea:ec:fa:
                    30:7e:ed:ee:20:b2:83:a5:c9:84:f2:e4:c3:76:a7:
                    df:9a:09:86:68:eb:f1:ab:97:9f:38:25:e0:02:3f:
                    77:77:1a:c4:e5:00:0f:bc:2a:3d:60:bc:5b:c4:60:
                    38:0a:8c:94:51:d5:40:b9:6b:14:5f:ab:89:42:7a:
                    ed:a2:28:e2:fe:3d:2a:d8:b4:c3:ce:c5:00:32:13:
                    d0:f3:13:22:d8:3d:bd:69:e3:89:e1:14:f7:cc:ad:
                    38:ce:e5:7d:ca:14:60:2a:95:88:25:56:83:15:da:
                    59:d0:ae:ff:78:c8:da:bd:e7:da:6b:74:5c:c2:56:
                    b8:21:c7:af:cd:93:f5:fb:7b:ee:bf:3e:95:16:ee:
                    b7:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:15:93:FC:AB:A5:59:A7:6D:D2:64:30:BD:C4:7B:00:CC:BE:1C:47
            X509v3 Authority Key Identifier:
                keyid:A2:CA:37:DE:D1:B7:0C:81:B7:4A:43:0F:9B:4D:7A:CC:62:80:5E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/ShWT_KulWadt0mQwvcR7AMy-HEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.96.0/24
                IPv6:
                  2a04:a180::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:14:8d:47:65:04:49:a2:ad:d4:48:de:9b:d2:52:fb:81:54:
         36:9c:2f:d0:8f:cd:88:82:cd:be:a7:b0:d7:35:ad:59:7b:b3:
         ae:1d:4c:8c:73:4a:6a:d0:1a:e3:91:8d:82:92:18:68:6b:fb:
         ec:72:07:02:af:8d:0a:a7:3d:50:dc:0b:36:ec:e0:8a:59:65:
         53:44:7e:b3:b6:15:b3:bf:90:c3:ca:b0:4e:b4:c0:90:ba:e1:
         30:23:67:ba:86:30:8d:02:f0:84:87:86:a6:20:e3:eb:f4:d5:
         55:9a:a8:24:bd:e6:78:d2:9d:95:e5:bf:de:f9:58:47:5e:bf:
         4a:3c:20:b5:e0:14:b1:20:58:ed:d0:ac:76:14:81:5e:01:35:
         c0:6d:21:f2:60:0f:5c:22:f0:d4:f6:b9:2d:06:8d:6c:37:39:
         95:72:4b:f0:52:aa:4d:2d:82:9d:06:81:26:bc:66:dc:a3:f7:
         14:65:84:55:91:3e:94:31:1b:03:6d:98:2e:9f:e5:e3:50:0b:
         af:b6:38:73:6e:91:d8:6c:72:41:66:7f:85:9d:6f:b3:52:11:
         81:39:33:db:2b:8e:d4:90:e6:3a:f4:c3:cb:52:8d:94:eb:70:
         34:8b:cc:33:05:07:f9:7e:2a:3d:de:50:4f:f1:f0:59:a3:09:
         a5:26:f2:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAmN5Mi48a8nT3TFJdOzsehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyY2EzN2RlZDFiNzBjODFiNzRhNDMwZjliNGQ3YWNjNjI4
MDVlZDgwHhcNMjQwNjE3MTI0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE1OTNmY2FiYTU1OWE3NmRkMjY0MzBiZGM0N2IwMGNjYmUxYzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XSToitof4r+l6eRRvKCzlANk5MW
NhimIgWLwdIBi4BjSJkyk5xA1uM/0TPnSal7zasyqCqQlSwFKTr+7T/zSdleuext
Yu1r0cKuqkNcaReDidO+UUnzE5kpaQDR9a0Molg8INXD1qJXZx94VZ5LapQkLxTq
7Powfu3uILKDpcmE8uTDdqffmgmGaOvxq5efOCXgAj93dxrE5QAPvCo9YLxbxGA4
CoyUUdVAuWsUX6uJQnrtoiji/j0q2LTDzsUAMhPQ8xMi2D29aeOJ4RT3zK04zuV9
yhRgKpWIJVaDFdpZ0K7/eMjavefaa3Rcwla4IcevzZP1+3vuvz6VFu63swIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEoVk/yrpVmnbdJkML3EewDMvhxHMB8GA1UdIwQY
MBaAFKLKN97RtwyBt0pDD5tNesxigF7YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3NvMzN0RzNESUczU2tNUG0wMTZ6R0tBWHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iMmFjZTctNDhkYi00ZjdkLTkxN2Yt
MzA2MTg5ZDVjMDQ5LzEvU2hXVF9LdWxXYWR0MG1Rd3ZjUjdBTXktSEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iMmFjZTctNDhkYi00ZjdkLTkxN2YtMzA2MTg5ZDVjMDQ5
LzEvb3NvMzN0RzNESUczU2tNUG0wMTZ6R0tBWHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuS1gMA0E
AgACMAcDBQAqBKGAMA0GCSqGSIb3DQEBCwUAA4IBAQBhFI1HZQRJoq3USN6b0lL7
gVQ2nC/Qj82Igs2+p7DXNa1Ze7OuHUyMc0pq0BrjkY2Ckhhoa/vscgcCr40Kpz1Q
3As27OCKWWVTRH6zthWzv5DDyrBOtMCQuuEwI2e6hjCNAvCEh4amIOPr9NVVmqgk
veZ40p2V5b/e+VhHXr9KPCC14BSxIFjt0Kx2FIFeATXAbSHyYA9cIvDU9rktBo1s
NzmVckvwUqpNLYKdBoEmvGbco/cUZYRVkT6UMRsDbZgun+XjUAuvtjhzbpHYbHJB
Zn+FnW+zUhGBOTPbK47UkOY69MPLUo2U63A0i8wzBQf5fio93lBP8fBZowmlJvIS
-----END CERTIFICATE-----