Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Gu0nfwcK6CAkyAc5OZrs8MgyTz0.roa
File:                     Gu0nfwcK6CAkyAc5OZrs8MgyTz0.roa (raw, json)
Hash identifier:          bUQSuNo5/TAORwt+Ds18sToeCFEJ81zZ+ruoO5VLjZw=
Subject key identifier:   1A:ED:27:7F:07:0A:E8:20:24:C8:07:39:39:9A:EC:F0:C8:32:4F:3D
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019320C0DAC3426EFC630353863EC1425859
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Gu0nfwcK6CAkyAc5OZrs8MgyTz0.roa
Signing time:             Tue 12 Nov 2024 14:22:10 +0000
ROA not before:           Tue 12 Nov 2024 14:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        45.92.218.0/23 maxlen: 23
                          45.92.218.0/24 maxlen: 24
                          45.92.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:c0:da:c3:42:6e:fc:63:03:53:86:3e:c1:42:58:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Nov 12 14:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aed277f070ae82024c80739399aecf0c8324f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:60:48:3f:76:93:f1:97:65:e5:86:92:59:b7:
                    58:a2:a6:8f:af:ce:7b:07:09:f6:21:1a:d1:bb:81:
                    1d:d5:72:d8:da:0a:36:06:e9:69:6d:89:4e:1e:82:
                    b7:c2:87:78:85:ba:0e:cd:90:ab:e2:6f:62:5b:34:
                    90:69:0e:c6:15:2b:db:7b:2d:f0:7a:cd:1e:81:49:
                    c7:f8:7c:42:99:7e:4c:fa:ad:f0:2b:58:21:88:f8:
                    d3:9e:80:c2:6e:5b:b1:29:d5:64:57:be:f3:6a:91:
                    ff:e7:7f:cd:9d:23:47:5d:39:77:cf:43:c6:da:b5:
                    45:b4:25:20:0c:4a:15:46:54:90:e9:38:dc:ed:df:
                    78:19:3b:6f:0c:13:7b:95:64:a1:96:65:35:f2:20:
                    4a:d2:36:3c:58:61:01:7a:0b:85:d5:8d:35:34:4f:
                    3e:75:3b:00:5c:d3:d3:97:74:17:e0:85:62:32:14:
                    56:3f:29:14:db:08:07:38:b0:ad:b2:d9:84:94:bd:
                    ab:56:d2:fc:81:2f:20:30:e0:59:b6:d8:3a:47:51:
                    f3:7a:5f:df:60:fd:f7:df:eb:2a:26:05:dc:45:ec:
                    2d:8e:ce:21:b3:e4:25:aa:f0:1b:79:37:72:ac:bb:
                    c8:95:24:3a:ea:1a:4d:7c:f3:21:15:76:a8:3f:0b:
                    50:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:ED:27:7F:07:0A:E8:20:24:C8:07:39:39:9A:EC:F0:C8:32:4F:3D
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Gu0nfwcK6CAkyAc5OZrs8MgyTz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:cf:07:3b:3c:3d:82:ef:0e:14:00:63:bf:1b:f0:2b:54:2c:
         03:60:ab:7d:66:91:b0:db:a7:ce:c1:e2:bb:53:f0:b2:0b:9b:
         59:ab:26:2f:e3:43:73:ce:a5:59:05:2c:25:a0:0b:eb:e8:1f:
         e7:e3:7d:48:b0:9a:2f:d9:e4:52:9f:56:e9:0e:6a:17:f0:d8:
         90:8a:c6:b9:bc:fa:1d:26:47:29:3b:47:03:b8:db:9b:07:1f:
         39:3c:1c:fe:60:a9:f1:f6:50:e0:8d:d4:59:a4:c3:61:53:96:
         bd:7a:48:4b:74:d8:b6:76:5a:e0:ef:a1:bd:12:0a:31:ba:b8:
         af:cc:52:ed:fb:4a:d1:4d:c2:18:17:d0:40:88:5c:aa:c9:25:
         ce:97:ae:aa:50:6e:0b:6a:46:a1:37:5a:a5:05:ec:67:6c:99:
         e0:02:3e:81:58:87:ef:4a:fb:ac:d5:2f:e7:d8:9a:a6:1b:a6:
         8d:7f:a0:13:04:79:7b:fe:84:39:cb:2b:0f:35:7b:a9:58:2f:
         c1:1e:f8:53:68:27:c9:7b:f8:82:ff:e0:72:0d:4f:e9:ae:3a:
         87:ca:72:0d:ce:49:ce:d5:9f:2a:cd:7f:25:cd:1a:0d:c1:b4:
         8f:af:f6:1c:bd:10:93:d7:6c:75:23:60:20:37:85:28:0c:b6:
         2c:b4:9d:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMgwNrDQm78YwNThj7BQlhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQxMTEyMTQyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWVkMjc3ZjA3MGFlODIwMjRjODA3MzkzOTlhZWNmMGM4MzI0ZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52BIP3aT8Zdl5YaSWbdYoqaPr857
Bwn2IRrRu4Ed1XLY2go2BulpbYlOHoK3wod4hboOzZCr4m9iWzSQaQ7GFSvbey3w
es0egUnH+HxCmX5M+q3wK1ghiPjTnoDCbluxKdVkV77zapH/53/NnSNHXTl3z0PG
2rVFtCUgDEoVRlSQ6Tjc7d94GTtvDBN7lWShlmU18iBK0jY8WGEBeguF1Y01NE8+
dTsAXNPTl3QX4IViMhRWPykU2wgHOLCtstmElL2rVtL8gS8gMOBZttg6R1Hzel/f
YP333+sqJgXcRewtjs4hs+QlqvAbeTdyrLvIlSQ66hpNfPMhFXaoPwtQgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrtJ38HCuggJMgHOTma7PDIMk89MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvR3UwbmZ3Y0s2Q0FreUFjNU9acnM4TWd5VHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVzaMA0G
CSqGSIb3DQEBCwUAA4IBAQAbzwc7PD2C7w4UAGO/G/ArVCwDYKt9ZpGw26fOweK7
U/CyC5tZqyYv40NzzqVZBSwloAvr6B/n431IsJov2eRSn1bpDmoX8NiQisa5vPod
JkcpO0cDuNubBx85PBz+YKnx9lDgjdRZpMNhU5a9ekhLdNi2dlrg76G9Egoxuriv
zFLt+0rRTcIYF9BAiFyqySXOl66qUG4LakahN1qlBexnbJngAj6BWIfvSvus1S/n
2JqmG6aNf6ATBHl7/oQ5yysPNXupWC/BHvhTaCfJe/iC/+ByDU/prjqHynINzknO
1Z8qzX8lzRoNwbSPr/YcvRCT12x1I2AgN4UoDLYstJ3a
-----END CERTIFICATE-----