Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hCrbabp4Fjoh39ZjDg29XFmHQXQ.roa
File:                     hCrbabp4Fjoh39ZjDg29XFmHQXQ.roa (raw, json)
Hash identifier:          j6Ff5p76BL+4dht/BPnnBcHHr3kmAi93TJ571Sg8skw=
Subject key identifier:   84:2A:DB:69:BA:78:16:3A:21:DF:D6:63:0E:0D:BD:5C:59:87:41:74
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018F05367F5A2BA67936D4CA47C33EE4AEC2
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hCrbabp4Fjoh39ZjDg29XFmHQXQ.roa
Signing time:             Mon 22 Apr 2024 09:50:08 +0000
ROA not before:           Mon 22 Apr 2024 09:50:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        45.92.218.0/23 maxlen: 23
                          45.92.218.0/24 maxlen: 24
                          45.92.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:36:7f:5a:2b:a6:79:36:d4:ca:47:c3:3e:e4:ae:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Apr 22 09:50:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=842adb69ba78163a21dfd6630e0dbd5c59874174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8a:92:33:46:f9:bf:e5:0b:29:57:61:17:8c:
                    67:3b:2e:26:3b:8e:41:ab:c8:f7:9d:50:a8:0c:d7:
                    2e:84:eb:e9:44:02:58:11:b3:bd:ba:92:d5:3d:2a:
                    83:02:97:c5:8f:39:e3:f2:a7:37:18:f2:fa:c3:1a:
                    9e:64:f7:ba:da:d6:f5:57:65:3e:f1:b0:66:49:7d:
                    9a:61:a2:f8:4e:9d:25:68:72:22:1b:3c:65:62:36:
                    ed:fa:ee:b7:6d:f3:25:4c:1c:a4:90:60:94:38:94:
                    4a:9d:40:0d:38:d9:d4:c2:9d:78:c9:f3:a6:00:8f:
                    ee:a9:b8:6d:e8:b5:81:67:97:f2:b2:95:f1:8a:79:
                    33:4a:cb:16:f5:5b:32:37:aa:d1:12:4e:15:23:dc:
                    00:72:ad:07:26:6f:4b:51:b0:3a:6d:41:c4:8d:f2:
                    39:c4:e5:b2:1a:fe:df:b9:2a:e9:aa:e6:c5:7e:0a:
                    9a:10:5f:34:a6:dc:20:d8:b7:22:09:b4:b0:3c:e0:
                    29:05:82:1f:23:a4:b6:64:6f:ab:19:63:41:66:cb:
                    53:ed:5b:36:23:8d:c8:76:14:26:66:96:b2:2d:38:
                    9d:a2:b6:5f:7c:42:e8:d9:ab:50:90:74:62:11:91:
                    4a:66:9d:cc:d8:2b:d9:bd:3d:e7:5f:2a:9c:11:e8:
                    b7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:2A:DB:69:BA:78:16:3A:21:DF:D6:63:0E:0D:BD:5C:59:87:41:74
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hCrbabp4Fjoh39ZjDg29XFmHQXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:05:8d:5a:02:52:15:01:1e:2b:43:3c:2a:37:39:f3:ef:3d:
         8a:50:a2:c1:d6:61:a6:4b:eb:99:58:29:86:e0:d7:cf:77:0e:
         5f:67:db:dc:8a:7c:35:84:9e:14:9a:8b:60:fd:82:46:df:20:
         36:f2:86:12:a9:b9:ce:98:12:b2:81:31:76:ef:cc:cb:3c:45:
         d0:61:7a:e1:6f:d8:f5:f4:fc:98:13:1d:0b:48:39:fb:8f:00:
         5d:60:84:94:94:e5:79:09:a3:dc:ef:3a:52:ae:c2:67:cc:57:
         9a:25:3d:98:14:be:60:8e:1c:fd:15:df:3c:f7:7a:d4:b7:45:
         6f:d0:f9:c4:1d:90:7c:1b:05:f3:b9:76:5a:1c:44:1f:71:0a:
         b7:c0:cb:aa:3c:3d:cd:b8:88:73:77:44:b4:f2:85:b9:f0:e8:
         3e:be:21:ec:b0:82:bb:cb:c2:9c:ad:81:4c:02:09:5f:7c:22:
         11:a7:44:61:1f:5c:41:27:bc:45:ba:d4:18:f9:ad:a4:70:58:
         9d:3c:1e:a2:89:fe:f0:d6:ad:79:dd:3a:68:8e:2c:9c:f6:a1:
         06:28:e1:49:6f:e8:f8:53:c3:49:3b:83:28:87:52:9e:e6:65:
         0a:a1:64:d6:42:9e:3e:6d:10:13:b4:62:8d:49:91:11:6a:fa:
         45:b8:42:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8FNn9aK6Z5NtTKR8M+5K7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNDIyMDk1MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDJhZGI2OWJhNzgxNjNhMjFkZmQ2NjMwZTBkYmQ1YzU5ODc0MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIqSM0b5v+ULKVdhF4xnOy4mO45B
q8j3nVCoDNcuhOvpRAJYEbO9upLVPSqDApfFjznj8qc3GPL6wxqeZPe62tb1V2U+
8bBmSX2aYaL4Tp0laHIiGzxlYjbt+u63bfMlTBykkGCUOJRKnUANONnUwp14yfOm
AI/uqbht6LWBZ5fyspXxinkzSssW9VsyN6rREk4VI9wAcq0HJm9LUbA6bUHEjfI5
xOWyGv7fuSrpqubFfgqaEF80ptwg2LciCbSwPOApBYIfI6S2ZG+rGWNBZstT7Vs2
I43IdhQmZpayLTidorZffELo2atQkHRiEZFKZp3M2CvZvT3nXyqcEei3rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQq22m6eBY6Id/WYw4NvVxZh0F0MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvaENyYmFicDRGam9oMzlaakRnMjlYRm1IUVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVzaMA0G
CSqGSIb3DQEBCwUAA4IBAQCJBY1aAlIVAR4rQzwqNznz7z2KUKLB1mGmS+uZWCmG
4NfPdw5fZ9vcinw1hJ4Umotg/YJG3yA28oYSqbnOmBKygTF278zLPEXQYXrhb9j1
9PyYEx0LSDn7jwBdYISUlOV5CaPc7zpSrsJnzFeaJT2YFL5gjhz9Fd8893rUt0Vv
0PnEHZB8GwXzuXZaHEQfcQq3wMuqPD3NuIhzd0S08oW58Og+viHssIK7y8KcrYFM
AglffCIRp0RhH1xBJ7xFutQY+a2kcFidPB6iif7w1q153Tpojiyc9qEGKOFJb+j4
U8NJO4Moh1Ke5mUKoWTWQp4+bRATtGKNSZERavpFuEIm
-----END CERTIFICATE-----