Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/fUGWYm8pleQaDVpR7AYySJX4B-4.roa
File:                     fUGWYm8pleQaDVpR7AYySJX4B-4.roa (raw, json)
Hash identifier:          iBpWW8xQFwTc1AXjXKxFIEWI5L4mDOiArYB1zPaTahQ=
Subject key identifier:   7D:41:96:62:6F:29:95:E4:1A:0D:5A:51:EC:06:32:48:95:F8:07:EE
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018CC72734EE7A68F178A3750300520BB9D0
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/fUGWYm8pleQaDVpR7AYySJX4B-4.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        45.85.130.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:34:ee:7a:68:f1:78:a3:75:03:00:52:0b:b9:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d4196626f2995e41a0d5a51ec06324895f807ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:07:81:63:b8:92:0f:9f:e8:59:1f:41:10:2f:
                    4e:bc:a6:40:7a:1b:96:b4:0f:9b:eb:59:d8:b5:61:
                    b7:1c:4f:f2:ae:53:ae:83:c6:43:19:5b:1d:fa:bb:
                    11:ab:c9:a2:16:2c:81:46:5a:0d:11:87:95:22:09:
                    5c:28:1f:cd:82:a7:48:67:fc:60:f6:7b:e3:0b:13:
                    fb:71:e3:0f:93:15:a6:94:05:6d:19:6d:f3:74:32:
                    95:c1:8f:d3:02:4f:55:e2:ad:f4:ef:f8:90:5c:f9:
                    86:d9:ab:c2:67:d5:ec:89:34:e9:4b:68:b2:84:84:
                    1a:98:b0:fd:08:fc:60:c5:e0:85:90:ce:c6:51:ed:
                    67:b7:f2:19:a9:21:6a:f1:ec:ce:98:46:67:b6:0a:
                    fd:ef:af:23:72:df:b8:ec:60:4e:ef:11:62:3c:31:
                    ad:ee:b6:de:d6:72:d8:71:29:c0:0b:58:95:7e:95:
                    bc:61:00:bf:e1:47:e5:3f:85:3d:b6:56:4f:c1:f4:
                    82:7b:ed:b6:10:92:3b:11:50:ec:07:8d:25:4a:4b:
                    cc:b4:8f:e3:a7:bd:3c:14:ba:6a:b2:bf:bf:8b:92:
                    b5:3e:cf:44:0c:d0:40:aa:0f:d5:34:00:cf:92:4d:
                    97:4e:26:f2:d6:89:73:d3:b0:55:ef:0f:a4:3e:5a:
                    71:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:41:96:62:6F:29:95:E4:1A:0D:5A:51:EC:06:32:48:95:F8:07:EE
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/fUGWYm8pleQaDVpR7AYySJX4B-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:f1:36:f8:af:88:e4:27:09:bf:f7:5a:f0:d7:73:ef:35:40:
         26:33:d6:a2:7d:ff:4b:9e:92:cb:29:01:1d:80:44:61:af:4e:
         b5:bd:89:25:9d:9c:bd:98:bc:fc:af:fb:f2:33:e8:68:df:84:
         f1:00:09:f1:b9:d8:35:56:3e:8b:19:e3:b5:71:7e:14:d0:73:
         21:1c:e2:23:40:6e:7b:68:7c:df:d5:0a:05:cb:73:58:96:dd:
         47:89:0f:ee:59:98:32:bd:68:5f:9b:24:bb:cb:c6:8d:7e:e5:
         a5:b4:fd:35:58:90:5b:2f:f2:40:96:b2:6a:26:37:91:6f:82:
         9e:3d:bb:2b:27:e9:8b:80:35:8c:90:23:6b:0d:68:6c:18:fe:
         e1:30:c8:38:39:6f:f9:41:b8:cb:14:6d:e6:a2:2c:04:14:b9:
         f7:3e:47:b1:40:67:42:2d:07:84:71:c1:60:48:57:b6:dc:55:
         04:40:44:c9:22:83:65:62:a2:0d:f9:d1:cd:6d:79:b5:b1:79:
         17:61:be:6b:13:0e:54:67:f9:b6:93:ce:27:9b:bb:ab:95:98:
         1a:d5:e9:b4:e0:cc:30:05:d7:17:62:3f:f4:f4:ab:3a:61:be:
         c5:bd:8e:09:4a:36:90:26:73:38:88:3c:4c:74:73:b8:29:94:
         a3:ff:90:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzTuemjxeKN1AwBSC7nQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDQxOTY2MjZmMjk5NWU0MWEwZDVhNTFlYzA2MzI0ODk1ZjgwN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAeBY7iSD5/oWR9BEC9OvKZAehuW
tA+b61nYtWG3HE/yrlOug8ZDGVsd+rsRq8miFiyBRloNEYeVIglcKB/NgqdIZ/xg
9nvjCxP7ceMPkxWmlAVtGW3zdDKVwY/TAk9V4q307/iQXPmG2avCZ9XsiTTpS2iy
hIQamLD9CPxgxeCFkM7GUe1nt/IZqSFq8ezOmEZntgr9768jct+47GBO7xFiPDGt
7rbe1nLYcSnAC1iVfpW8YQC/4UflP4U9tlZPwfSCe+22EJI7EVDsB40lSkvMtI/j
p708FLpqsr+/i5K1Ps9EDNBAqg/VNADPkk2XTiby1olz07BV7w+kPlpxBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1BlmJvKZXkGg1aUewGMkiV+AfuMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvZlVHV1ltOHBsZVFhRFZwUjdBWXlTSlg0Qi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVWCMA0G
CSqGSIb3DQEBCwUAA4IBAQAf8Tb4r4jkJwm/91rw13PvNUAmM9aiff9LnpLLKQEd
gERhr061vYklnZy9mLz8r/vyM+ho34TxAAnxudg1Vj6LGeO1cX4U0HMhHOIjQG57
aHzf1QoFy3NYlt1HiQ/uWZgyvWhfmyS7y8aNfuWltP01WJBbL/JAlrJqJjeRb4Ke
PbsrJ+mLgDWMkCNrDWhsGP7hMMg4OW/5QbjLFG3moiwEFLn3PkexQGdCLQeEccFg
SFe23FUEQETJIoNlYqIN+dHNbXm1sXkXYb5rEw5UZ/m2k84nm7urlZga1em04Mww
BdcXYj/09Ks6Yb7FvY4JSjaQJnM4iDxMdHO4KZSj/5CK
-----END CERTIFICATE-----