Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/bA15-9Jfu26bNaXLmUXBr9lHnss.roa
File:                     bA15-9Jfu26bNaXLmUXBr9lHnss.roa (raw, json)
Hash identifier:          hEkqhHF5nNImb+sIoajIYh9OHF4fAwG1cpwQfOOxIuA=
Subject key identifier:   6C:0D:79:FB:D2:5F:BB:6E:9B:35:A5:CB:99:45:C1:AF:D9:47:9E:CB
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948ED520170EAF0D7D1682C9BEA434
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/bA15-9Jfu26bNaXLmUXBr9lHnss.roa
Signing time:             Tue 02 Jan 2024 00:30:51 +0000
ROA not before:           Tue 02 Jan 2024 00:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206238
IP address blocks:        45.83.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8e:d5:20:17:0e:af:0d:7d:16:82:c9:be:a4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c0d79fbd25fbb6e9b35a5cb9945c1afd9479ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:94:82:f9:a9:9b:57:96:3b:cb:a6:68:8b:4d:
                    c2:9a:26:19:61:40:fc:cd:66:17:2a:ba:7d:99:6f:
                    7c:b4:92:8d:dd:6b:b7:4a:40:34:39:c1:b5:26:ef:
                    7a:e7:7d:71:07:55:fc:8b:87:d1:37:a9:c7:d4:97:
                    c3:44:46:b7:18:1e:37:1e:09:d1:3c:85:39:7f:0b:
                    46:e1:f6:88:29:25:89:be:82:7b:e7:d4:f4:d2:b1:
                    bb:fd:4a:41:4e:54:82:9e:9d:dc:3a:99:ee:42:9b:
                    41:96:f8:0a:f6:f7:0d:c2:08:3d:1d:59:39:0c:dc:
                    72:b6:e7:54:69:dd:78:78:a8:38:39:83:99:fe:3b:
                    d7:5e:68:e0:09:cb:c2:27:9d:80:17:12:84:d8:91:
                    94:e2:43:39:76:92:e1:41:ac:09:3e:13:6d:4a:62:
                    c6:29:2d:0e:c9:2e:87:19:87:3a:6a:55:0e:55:e9:
                    5c:a4:4c:17:49:bd:e6:8b:d5:2b:14:51:00:e3:62:
                    78:2a:3c:5d:b5:d6:52:e7:39:05:8e:47:34:7e:c6:
                    b4:13:cc:40:64:83:66:f1:e6:3f:b0:8e:de:94:df:
                    c7:8b:5e:93:85:a1:dd:c8:97:7c:70:5c:74:9f:17:
                    8c:f1:7c:e5:76:4a:2e:87:2e:e8:22:46:b6:db:9c:
                    55:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:0D:79:FB:D2:5F:BB:6E:9B:35:A5:CB:99:45:C1:AF:D9:47:9E:CB
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/bA15-9Jfu26bNaXLmUXBr9lHnss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:d2:97:6a:4b:63:db:99:8c:d3:91:90:73:ea:c9:c3:4a:b0:
         04:6a:89:1e:cb:99:5d:22:7d:ed:db:23:b8:67:74:ba:91:1b:
         b2:54:b0:67:fa:74:32:cc:8c:b9:03:91:48:8a:02:fa:a6:24:
         d3:4e:12:92:66:f9:dc:93:bd:a9:61:ba:14:61:94:59:5f:4f:
         1b:c2:f7:78:f7:ca:36:e7:9c:b3:b7:fd:5c:48:f7:26:c6:8f:
         ef:8b:a4:54:c6:06:f8:8b:11:0a:fc:0f:df:98:41:2f:a5:2d:
         06:9d:c9:25:7b:ab:f9:30:05:eb:5d:5d:21:63:9e:68:cc:0b:
         05:ba:5b:8f:3f:5f:cc:84:9c:ac:d2:dc:ee:2b:64:5b:a2:a3:
         9a:5f:c8:fd:c1:73:ce:90:5b:8b:09:3a:93:36:c8:24:4d:91:
         fa:25:3a:b4:65:08:72:b1:67:82:c2:68:fb:47:fd:96:e4:cc:
         6f:65:57:a7:27:d5:4e:2a:d4:e7:dc:c1:ba:8b:89:5e:5f:2e:
         be:14:07:1b:e4:eb:82:d8:fb:b7:dc:09:48:71:97:f5:57:7a:
         65:3c:9d:fd:ce:dc:3e:f7:1c:66:80:d0:bf:3f:fc:83:f3:a8:
         30:da:4c:53:d7:a8:17:f7:7d:39:bc:5b:78:16:91:13:a4:6d:
         80:1a:20:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlI7VIBcOrw19FoLJvqQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzBkNzlmYmQyNWZiYjZlOWIzNWE1Y2I5OTQ1YzFhZmQ5NDc5ZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JSC+ambV5Y7y6Zoi03CmiYZYUD8
zWYXKrp9mW98tJKN3Wu3SkA0OcG1Ju96531xB1X8i4fRN6nH1JfDREa3GB43HgnR
PIU5fwtG4faIKSWJvoJ759T00rG7/UpBTlSCnp3cOpnuQptBlvgK9vcNwgg9HVk5
DNxytudUad14eKg4OYOZ/jvXXmjgCcvCJ52AFxKE2JGU4kM5dpLhQawJPhNtSmLG
KS0OyS6HGYc6alUOVelcpEwXSb3mi9UrFFEA42J4KjxdtdZS5zkFjkc0fsa0E8xA
ZINm8eY/sI7elN/Hi16ThaHdyJd8cFx0nxeM8Xzldkouhy7oIka225xVxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwNefvSX7tumzWly5lFwa/ZR57LMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvYkExNS05SmZ1MjZiTmFYTG1VWEJyOWxIbnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVPwMA0G
CSqGSIb3DQEBCwUAA4IBAQAt0pdqS2PbmYzTkZBz6snDSrAEaokey5ldIn3t2yO4
Z3S6kRuyVLBn+nQyzIy5A5FIigL6piTTThKSZvnck72pYboUYZRZX08bwvd498o2
55yzt/1cSPcmxo/vi6RUxgb4ixEK/A/fmEEvpS0Gnckle6v5MAXrXV0hY55ozAsF
uluPP1/MhJys0tzuK2RboqOaX8j9wXPOkFuLCTqTNsgkTZH6JTq0ZQhysWeCwmj7
R/2W5MxvZVenJ9VOKtTn3MG6i4leXy6+FAcb5OuC2Pu33AlIcZf1V3plPJ39ztw+
9xxmgNC/P/yD86gw2kxT16gX9305vFt4FpETpG2AGiAT
-----END CERTIFICATE-----