Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/cOtBqzGxmAHtYOr3K3pqBS9RnRs.roa
File:                     cOtBqzGxmAHtYOr3K3pqBS9RnRs.roa (raw, json)
Hash identifier:          b7ro3tjm6AY4fnAw5/nEMUtwEHGx+RoV3bWKcJfDWL8=
Subject key identifier:   70:EB:41:AB:31:B1:98:01:ED:60:EA:F7:2B:7A:6A:05:2F:51:9D:1B
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       01915AC8EC332694E972A8291B68EAD51101
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/cOtBqzGxmAHtYOr3K3pqBS9RnRs.roa
Signing time:             Fri 16 Aug 2024 10:43:22 +0000
ROA not before:           Fri 16 Aug 2024 10:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        45.158.192.0/22 maxlen: 22
                          185.45.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:c8:ec:33:26:94:e9:72:a8:29:1b:68:ea:d5:11:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Aug 16 10:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70eb41ab31b19801ed60eaf72b7a6a052f519d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f8:08:b7:96:d7:f2:18:7e:c5:7d:51:aa:5c:
                    d3:75:7d:1a:e2:68:63:9a:6a:6d:91:14:9f:8e:65:
                    94:1e:db:92:13:2c:2a:dc:8e:0b:10:d8:37:9e:36:
                    15:0c:12:08:84:4c:14:a7:44:d2:2e:60:08:4b:b6:
                    66:b2:db:c5:68:25:d3:61:98:20:12:06:30:f3:1c:
                    55:0f:c0:47:4a:bc:a9:ae:d1:ce:dc:17:d4:c3:70:
                    fd:c6:e6:23:cb:bc:bf:26:eb:e2:ae:f8:24:5e:e1:
                    b9:80:87:bc:a5:35:cf:4b:a8:69:de:1a:80:f9:01:
                    83:32:36:95:5f:05:6a:1c:48:69:30:bc:49:5f:d6:
                    70:3e:06:1b:67:42:00:1e:76:9e:59:cd:dd:46:a8:
                    da:cd:f9:04:8e:34:f6:b8:af:af:64:70:ba:ef:47:
                    64:66:c6:48:b4:b0:2e:da:e9:4f:b5:c3:b7:61:bf:
                    86:b3:2a:5b:29:a1:27:0e:b3:11:b6:d7:b3:2d:46:
                    21:ee:51:49:70:3f:0d:59:5d:19:3a:67:f7:54:a4:
                    f8:97:0b:34:b1:c0:57:0f:2b:97:08:6a:f2:28:e2:
                    d5:f7:a3:b7:f3:16:9f:a7:27:50:11:f2:c3:9a:34:
                    c5:d9:fc:60:90:ab:45:b7:6d:f6:96:c2:d4:00:ed:
                    59:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:EB:41:AB:31:B1:98:01:ED:60:EA:F7:2B:7A:6A:05:2F:51:9D:1B
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/cOtBqzGxmAHtYOr3K3pqBS9RnRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.192.0/22
                  185.45.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:5a:85:73:c7:1c:4d:97:05:5b:68:87:e7:32:58:c6:2e:eb:
         6d:34:0c:9a:f3:d8:0e:31:e3:f9:7a:09:64:2b:ac:42:46:fc:
         19:37:3e:4a:ed:fc:f4:a9:0b:01:ae:61:e5:44:6f:4e:a7:fa:
         3a:1a:59:b9:80:91:e1:4e:22:93:58:52:47:92:4e:49:df:77:
         57:fa:15:63:4b:42:4c:7d:01:52:a3:8d:07:50:df:90:9b:a2:
         0b:28:b3:dd:dc:c2:99:a5:33:5e:81:50:54:43:0c:15:da:08:
         e6:e8:6d:46:87:94:94:03:af:e3:a7:4b:ab:9b:49:aa:da:df:
         b2:cd:50:a6:95:17:1c:85:a6:0f:3f:df:f4:c2:47:e7:dd:57:
         e4:1a:ec:ec:ad:e5:1e:e7:1e:93:4a:0b:9f:94:50:57:9b:48:
         1f:8a:89:27:dc:f6:b2:7c:0e:e9:2a:c7:6f:66:55:d9:a7:a9:
         7d:e3:2c:24:72:62:8f:5a:45:42:47:75:34:a5:cf:be:73:fc:
         da:e8:73:83:f8:2b:4a:66:9e:e8:29:48:68:c0:36:9b:77:bd:
         a0:d1:00:9f:61:ec:aa:b7:d0:1c:a8:a0:91:e3:8e:8a:79:f5:
         d4:a9:40:c9:87:e0:99:27:c6:42:37:ca:bd:05:e4:ac:4a:45:
         79:67:9c:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFayOwzJpTpcqgpG2jq1REBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwODE2MTA0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGViNDFhYjMxYjE5ODAxZWQ2MGVhZjcyYjdhNmEwNTJmNTE5ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/gIt5bX8hh+xX1RqlzTdX0a4mhj
mmptkRSfjmWUHtuSEywq3I4LENg3njYVDBIIhEwUp0TSLmAIS7ZmstvFaCXTYZgg
EgYw8xxVD8BHSryprtHO3BfUw3D9xuYjy7y/JuvirvgkXuG5gIe8pTXPS6hp3hqA
+QGDMjaVXwVqHEhpMLxJX9ZwPgYbZ0IAHnaeWc3dRqjazfkEjjT2uK+vZHC670dk
ZsZItLAu2ulPtcO3Yb+GsypbKaEnDrMRttezLUYh7lFJcD8NWV0ZOmf3VKT4lws0
scBXDyuXCGryKOLV96O38xafpydQEfLDmjTF2fxgkKtFt232lsLUAO1Z4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHDrQasxsZgB7WDq9yt6agUvUZ0bMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvY090QnF6R3htQUh0WU9yM0szcHFCUzlSblJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZ7AAwQB
uS1cMA0GCSqGSIb3DQEBCwUAA4IBAQBxWoVzxxxNlwVbaIfnMljGLuttNAya89gO
MeP5eglkK6xCRvwZNz5K7fz0qQsBrmHlRG9Op/o6Glm5gJHhTiKTWFJHkk5J33dX
+hVjS0JMfQFSo40HUN+Qm6ILKLPd3MKZpTNegVBUQwwV2gjm6G1Gh5SUA6/jp0ur
m0mq2t+yzVCmlRcchaYPP9/0wkfn3VfkGuzsreUe5x6TSguflFBXm0gfiokn3Pay
fA7pKsdvZlXZp6l94ywkcmKPWkVCR3U0pc++c/za6HOD+CtKZp7oKUhowDabd72g
0QCfYeyqt9AcqKCR446KefXUqUDJh+CZJ8ZCN8q9BeSsSkV5Z5yA
-----END CERTIFICATE-----