Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/653fc6-6f78-45f4-a4dc-f04dd817cbf9/1/g08iHmm6sXlXjDUy0PY4H34qkAE.roa
File:                     g08iHmm6sXlXjDUy0PY4H34qkAE.roa (raw, json)
Hash identifier:          9lYva97NwegnjQ/qFMMK53KMc2IK/aUtfkDXS/0P7Gk=
Subject key identifier:   83:4F:22:1E:69:BA:B1:79:57:8C:35:32:D0:F6:38:1F:7E:2A:90:01
Certificate issuer:       /CN=33f35fc2b5d49828c26e07ca629c012cc1120ab6
Certificate serial:       018FED23A801267D6A56544E322573B931DD
Authority key identifier: 33:F3:5F:C2:B5:D4:98:28:C2:6E:07:CA:62:9C:01:2C:C1:12:0A:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_NfwrXUmCjCbgfKYpwBLMESCrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/653fc6-6f78-45f4-a4dc-f04dd817cbf9/1/g08iHmm6sXlXjDUy0PY4H34qkAE.roa
Signing time:             Thu 06 Jun 2024 10:41:27 +0000
ROA not before:           Thu 06 Jun 2024 10:41:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        45.93.180.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/653fc6-6f78-45f4-a4dc-f04dd817cbf9/1/M_NfwrXUmCjCbgfKYpwBLMESCrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/653fc6-6f78-45f4-a4dc-f04dd817cbf9/1/M_NfwrXUmCjCbgfKYpwBLMESCrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_NfwrXUmCjCbgfKYpwBLMESCrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:23:a8:01:26:7d:6a:56:54:4e:32:25:73:b9:31:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33f35fc2b5d49828c26e07ca629c012cc1120ab6
        Validity
            Not Before: Jun  6 10:41:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=834f221e69bab179578c3532d0f6381f7e2a9001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8e:9f:02:7c:c2:5e:a0:0c:6c:31:ff:fe:f8:
                    4b:55:fc:c6:01:ea:7a:52:02:73:fe:87:e4:5f:9f:
                    39:4c:5d:a6:4a:92:b5:8e:12:89:9d:e5:cd:12:a8:
                    e3:b5:3a:dc:80:10:0b:e1:4f:e8:9b:00:be:be:50:
                    70:d8:39:f2:20:3c:3d:3a:e3:81:8f:b7:b3:b5:86:
                    4c:76:de:e1:06:f0:58:f8:db:04:e8:bf:44:b0:4a:
                    92:82:37:01:28:5d:4e:b6:26:fc:71:ba:df:e9:a8:
                    e7:b0:e4:80:ab:bd:05:0d:c5:92:74:d4:cd:a5:6f:
                    61:84:2b:86:70:8d:70:82:e2:87:b9:99:3c:80:cc:
                    f9:f6:5c:1b:1d:b5:f0:7f:8b:ad:59:6f:12:81:74:
                    c1:6e:79:3f:ae:2b:ee:0f:0d:c2:70:aa:63:20:3d:
                    16:6f:bf:43:d3:c3:71:09:dc:2f:46:1f:ea:68:c0:
                    1a:1d:93:08:52:57:d2:a6:02:cb:1b:be:df:e4:4a:
                    3c:1c:2b:6e:46:6a:07:3f:5c:5c:c5:e1:b4:f5:38:
                    8d:6a:8f:f0:98:68:f8:ce:58:81:b5:ae:bb:7b:a4:
                    3e:21:70:d4:7c:46:b4:32:39:b8:7f:2e:a4:38:fd:
                    59:3d:5b:b0:0b:7e:51:d7:69:0a:92:ab:5b:53:40:
                    5e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:4F:22:1E:69:BA:B1:79:57:8C:35:32:D0:F6:38:1F:7E:2A:90:01
            X509v3 Authority Key Identifier:
                keyid:33:F3:5F:C2:B5:D4:98:28:C2:6E:07:CA:62:9C:01:2C:C1:12:0A:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_NfwrXUmCjCbgfKYpwBLMESCrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/653fc6-6f78-45f4-a4dc-f04dd817cbf9/1/g08iHmm6sXlXjDUy0PY4H34qkAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/653fc6-6f78-45f4-a4dc-f04dd817cbf9/1/M_NfwrXUmCjCbgfKYpwBLMESCrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:55:57:a3:e3:5a:9c:56:31:e7:f1:f5:f1:b3:37:83:32:b9:
         fb:3e:2e:f8:61:d6:c9:c1:aa:6e:3d:31:5d:1b:8d:ff:b8:df:
         db:1c:1d:dc:8e:84:41:69:19:f9:54:21:10:0a:c1:62:59:0b:
         f3:38:74:dc:3c:a9:8d:20:b5:5e:dd:de:7d:24:52:d0:20:e0:
         1e:eb:57:63:b0:9d:8e:9a:62:a1:fe:3c:21:4f:2c:bc:ad:21:
         86:76:0e:a5:28:eb:52:72:87:6d:af:8e:3f:e6:c2:cc:87:71:
         6c:96:89:ae:f2:fd:aa:f8:d2:c0:ff:7a:12:db:95:91:46:55:
         ef:91:80:cf:b4:a2:e7:3e:98:bd:f9:c9:64:d3:ca:22:40:c0:
         3b:00:b6:3b:df:26:0e:c4:fc:c6:75:7c:c9:09:b2:a9:ee:b1:
         f1:a9:aa:c5:24:4a:23:4e:80:aa:9f:a1:75:b7:8a:13:fb:f4:
         9c:c3:88:6c:f2:cb:2b:2c:40:3c:d6:05:fb:20:26:69:87:19:
         58:8e:3a:12:77:48:d8:09:01:02:db:65:bb:f4:a6:d2:e6:17:
         2c:c5:23:61:2d:3e:19:a1:8f:1d:43:9b:00:7d:c5:7c:25:e9:
         9c:7d:1f:16:2a:3c:0e:cd:a4:0e:3c:79:17:c7:be:d8:72:4e:
         17:ee:d2:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/tI6gBJn1qVlROMiVzuTHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZjM1ZmMyYjVkNDk4MjhjMjZlMDdjYTYyOWMwMTJjYzEx
MjBhYjYwHhcNMjQwNjA2MTA0MTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzRmMjIxZTY5YmFiMTc5NTc4YzM1MzJkMGY2MzgxZjdlMmE5MDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo6fAnzCXqAMbDH//vhLVfzGAep6
UgJz/ofkX585TF2mSpK1jhKJneXNEqjjtTrcgBAL4U/omwC+vlBw2DnyIDw9OuOB
j7eztYZMdt7hBvBY+NsE6L9EsEqSgjcBKF1Otib8cbrf6ajnsOSAq70FDcWSdNTN
pW9hhCuGcI1wguKHuZk8gMz59lwbHbXwf4utWW8SgXTBbnk/rivuDw3CcKpjID0W
b79D08NxCdwvRh/qaMAaHZMIUlfSpgLLG77f5Eo8HCtuRmoHP1xcxeG09TiNao/w
mGj4zliBta67e6Q+IXDUfEa0Mjm4fy6kOP1ZPVuwC35R12kKkqtbU0BeywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINPIh5purF5V4w1MtD2OB9+KpABMB8GA1UdIwQY
MBaAFDPzX8K11Jgowm4HymKcASzBEgq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV9OZndyWFVtQ2pDYmdmS1lwd0JMTUVTQ3JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82NTNmYzYtNmY3OC00NWY0LWE0ZGMt
ZjA0ZGQ4MTdjYmY5LzEvZzA4aUhtbTZzWGxYakRVeTBQWTRIMzRxa0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82NTNmYzYtNmY3OC00NWY0LWE0ZGMtZjA0ZGQ4MTdjYmY5
LzEvTV9OZndyWFVtQ2pDYmdmS1lwd0JMTUVTQ3JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV20MA0G
CSqGSIb3DQEBCwUAA4IBAQASVVej41qcVjHn8fXxszeDMrn7Pi74YdbJwapuPTFd
G43/uN/bHB3cjoRBaRn5VCEQCsFiWQvzOHTcPKmNILVe3d59JFLQIOAe61djsJ2O
mmKh/jwhTyy8rSGGdg6lKOtScodtr44/5sLMh3Fslomu8v2q+NLA/3oS25WRRlXv
kYDPtKLnPpi9+clk08oiQMA7ALY73yYOxPzGdXzJCbKp7rHxqarFJEojToCqn6F1
t4oT+/Scw4hs8ssrLEA81gX7ICZphxlYjjoSd0jYCQEC22W79KbS5hcsxSNhLT4Z
oY8dQ5sAfcV8JemcfR8WKjwOzaQOPHkXx77Yck4X7tK8
-----END CERTIFICATE-----