Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/g45rfARe6OiCmKFrFMd4oMPhddo.roa
File:                     g45rfARe6OiCmKFrFMd4oMPhddo.roa (raw, json)
Hash identifier:          XQdP4/TnwPrPToTMCkFw0n9FXK5cgymP/Xk9/sD7G+U=
Subject key identifier:   83:8E:6B:7C:04:5E:E8:E8:82:98:A1:6B:14:C7:78:A0:C3:E1:75:DA
Certificate issuer:       /CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
Certificate serial:       01934109527ECC4E88247B990233D7997629
Authority key identifier: B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/g45rfARe6OiCmKFrFMd4oMPhddo.roa
Signing time:             Mon 18 Nov 2024 20:49:10 +0000
ROA not before:           Mon 18 Nov 2024 20:49:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212193
IP address blocks:        45.94.6.0/24 maxlen: 24
                          194.29.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:41:09:52:7e:cc:4e:88:24:7b:99:02:33:d7:99:76:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
        Validity
            Not Before: Nov 18 20:49:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=838e6b7c045ee8e88298a16b14c778a0c3e175da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:27:d1:b8:85:42:bd:06:85:e2:bb:a4:11:6c:
                    33:de:fc:90:80:e6:c3:54:0d:27:c4:4e:36:aa:81:
                    94:61:d7:0e:29:f7:26:64:e9:88:e0:68:11:05:76:
                    ef:44:ea:7a:fb:5b:af:6d:33:68:85:2e:87:80:ce:
                    e0:22:dd:b8:7c:17:41:42:07:9b:b9:6b:14:ec:6d:
                    68:14:b5:36:48:29:29:37:1c:96:aa:da:bc:8c:1f:
                    79:db:a0:34:55:32:33:cc:0a:8c:3e:4f:0f:c3:46:
                    00:b9:bd:ad:f1:63:26:47:2b:16:9d:e6:fc:80:98:
                    15:e3:a0:73:19:6e:90:84:59:8c:89:a9:e7:86:3c:
                    75:71:32:ba:ca:59:04:08:2c:74:04:7a:8a:c1:c6:
                    5a:c9:23:f1:34:17:fd:6c:8b:c0:0d:12:dc:80:d9:
                    99:e1:6d:63:63:62:03:49:3f:88:0c:ab:d1:51:82:
                    5b:87:3c:fa:1d:71:f6:79:00:e2:79:8e:e3:ce:82:
                    5a:24:30:53:9c:ea:84:a7:1d:02:98:88:4a:54:78:
                    b6:a9:2b:58:37:ed:e9:bc:47:ba:93:1a:f9:1d:41:
                    3b:0b:db:76:14:cc:70:95:94:90:29:1d:a4:0c:4a:
                    ef:1c:1e:aa:71:3c:b0:cc:6b:f6:ec:d1:83:81:0f:
                    fa:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:8E:6B:7C:04:5E:E8:E8:82:98:A1:6B:14:C7:78:A0:C3:E1:75:DA
            X509v3 Authority Key Identifier:
                keyid:B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/g45rfARe6OiCmKFrFMd4oMPhddo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.6.0/24
                  194.29.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f2:a2:09:0b:c6:87:4f:29:4f:9b:b1:af:d8:e7:66:3e:4c:
         ec:79:42:a7:15:a2:76:ec:ef:77:91:44:88:fc:11:ab:f1:57:
         d4:46:20:59:c1:17:0e:7a:5c:52:82:60:d8:7c:af:2c:57:60:
         3a:f5:8e:8b:a3:90:e3:70:a5:5b:cb:9c:1e:39:f9:03:82:59:
         53:14:88:a3:2d:2b:fd:98:e0:5c:90:ee:30:2c:12:75:bc:cb:
         df:8a:e3:d7:06:6d:94:f8:35:5c:7b:da:51:28:82:11:56:8b:
         db:e9:b4:c4:0f:9a:4c:4c:7e:50:bd:ae:b0:99:29:32:23:0c:
         4d:98:fb:15:43:70:14:47:79:8a:75:f9:d8:2a:38:4a:6c:ae:
         7b:a8:fe:8c:2b:39:7e:9a:d1:46:94:3a:e4:fb:fa:d6:37:d2:
         d1:68:db:47:51:52:5c:80:32:05:ce:cf:0a:4f:8b:a6:e2:96:
         3a:3f:1b:40:97:8a:c3:f3:1e:b1:21:b8:3b:a8:84:c2:73:47:
         e4:83:cb:cd:10:93:13:24:e5:27:18:e2:b1:90:06:c7:2e:96:
         2a:10:cb:83:a6:31:bc:a4:ca:1c:6b:8e:33:aa:a7:2c:91:51:
         50:e3:5e:1e:a4:2b:b6:88:29:06:17:8d:f8:7d:91:6e:5c:54:
         8e:90:1f:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNBCVJ+zE6IJHuZAjPXmXYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYzBiZGFmYWRlYTc4ZGNlMzEyZjg2MmRkZjQyYjFiZDRj
NGY2NDUwHhcNMjQxMTE4MjA0OTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzhlNmI3YzA0NWVlOGU4ODI5OGExNmIxNGM3NzhhMGMzZTE3NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSfRuIVCvQaF4rukEWwz3vyQgObD
VA0nxE42qoGUYdcOKfcmZOmI4GgRBXbvROp6+1uvbTNohS6HgM7gIt24fBdBQgeb
uWsU7G1oFLU2SCkpNxyWqtq8jB9526A0VTIzzAqMPk8Pw0YAub2t8WMmRysWneb8
gJgV46BzGW6QhFmMiannhjx1cTK6ylkECCx0BHqKwcZaySPxNBf9bIvADRLcgNmZ
4W1jY2IDST+IDKvRUYJbhzz6HXH2eQDieY7jzoJaJDBTnOqEpx0CmIhKVHi2qStY
N+3pvEe6kxr5HUE7C9t2FMxwlZSQKR2kDErvHB6qcTywzGv27NGDgQ/6YQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIOOa3wEXujogpihaxTHeKDD4XXaMB8GA1UdIwQY
MBaAFLLAva+t6njc4xL4Yt30KxvUxPZFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMt
ZmNjMzM2ZWVkOGQ3LzEvZzQ1cmZBUmU2T2lDbUtGckZNZDRvTVBoZGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMtZmNjMzM2ZWVkOGQ3
LzEvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV4GAwQA
wh03MA0GCSqGSIb3DQEBCwUAA4IBAQBD8qIJC8aHTylPm7Gv2OdmPkzseUKnFaJ2
7O93kUSI/BGr8VfURiBZwRcOelxSgmDYfK8sV2A69Y6Lo5DjcKVby5weOfkDgllT
FIijLSv9mOBckO4wLBJ1vMvfiuPXBm2U+DVce9pRKIIRVovb6bTED5pMTH5Qva6w
mSkyIwxNmPsVQ3AUR3mKdfnYKjhKbK57qP6MKzl+mtFGlDrk+/rWN9LRaNtHUVJc
gDIFzs8KT4um4pY6PxtAl4rD8x6xIbg7qITCc0fkg8vNEJMTJOUnGOKxkAbHLpYq
EMuDpjG8pMoca44zqqcskVFQ414epCu2iCkGF434fZFuXFSOkB8O
-----END CERTIFICATE-----