Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/3ae1de-bd5c-4a17-9fa8-0a9a1f1c989c/1/8j4B1jt3Wq1_U6wF6fLAN41lzDA.roa
File:                     8j4B1jt3Wq1_U6wF6fLAN41lzDA.roa (raw, json)
Hash identifier:          U1B+YgEQxTSH10L2kgDJ/FvIcxuY9ey6kNYm3xTwNH4=
Subject key identifier:   F2:3E:01:D6:3B:77:5A:AD:7F:53:AC:05:E9:F2:C0:37:8D:65:CC:30
Certificate issuer:       /CN=f6057e74aad21abcf13374f5915b1a7e827d4ea1
Certificate serial:       018CC94E57E005A412746F8548994D46A5D5
Authority key identifier: F6:05:7E:74:AA:D2:1A:BC:F1:33:74:F5:91:5B:1A:7E:82:7D:4E:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gV-dKrSGrzxM3T1kVsafoJ9TqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/3ae1de-bd5c-4a17-9fa8-0a9a1f1c989c/1/8j4B1jt3Wq1_U6wF6fLAN41lzDA.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212530
IP address blocks:        45.13.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/3ae1de-bd5c-4a17-9fa8-0a9a1f1c989c/1/9gV-dKrSGrzxM3T1kVsafoJ9TqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/3ae1de-bd5c-4a17-9fa8-0a9a1f1c989c/1/9gV-dKrSGrzxM3T1kVsafoJ9TqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gV-dKrSGrzxM3T1kVsafoJ9TqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:57:e0:05:a4:12:74:6f:85:48:99:4d:46:a5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6057e74aad21abcf13374f5915b1a7e827d4ea1
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f23e01d63b775aad7f53ac05e9f2c0378d65cc30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8a:45:f5:6e:33:83:b9:0f:04:5f:eb:27:90:
                    85:d5:ee:86:6f:50:63:39:5d:5a:b3:42:66:93:6c:
                    ed:a1:1f:85:f7:7f:9e:26:a8:0b:ca:db:4f:00:6c:
                    5a:a5:81:d3:9d:50:4b:1e:4f:91:b0:3c:45:14:9f:
                    99:68:67:04:24:52:ab:62:29:bb:33:b5:33:47:10:
                    38:ff:dd:de:45:2d:17:1e:5d:c2:a6:ca:2e:76:4a:
                    92:bd:10:d2:e4:95:44:7f:66:af:bc:01:f9:8f:a7:
                    96:f2:0a:4e:8f:c0:ba:b9:e1:39:be:11:f7:69:92:
                    b4:b1:16:4e:2f:e2:63:b1:a0:f7:59:75:ee:49:97:
                    cc:95:dc:3c:cc:63:4d:44:8c:66:76:9b:dc:db:81:
                    f9:eb:f8:18:35:3d:97:7a:3d:a4:ca:1b:17:79:34:
                    34:7d:87:24:c0:15:ed:f3:36:dd:e7:5c:95:af:53:
                    55:9a:30:38:75:3e:83:eb:61:79:15:ae:4e:e5:fa:
                    85:db:ca:26:7b:a6:dd:f6:76:95:f5:b7:ca:05:7a:
                    62:1e:e8:96:39:62:52:24:98:06:a2:c6:ef:b9:2d:
                    0f:28:9d:b0:f8:71:ce:ec:a3:6e:be:b7:d8:4c:10:
                    3f:23:cb:84:db:6e:4e:23:3b:a5:9e:9a:83:26:43:
                    25:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3E:01:D6:3B:77:5A:AD:7F:53:AC:05:E9:F2:C0:37:8D:65:CC:30
            X509v3 Authority Key Identifier:
                keyid:F6:05:7E:74:AA:D2:1A:BC:F1:33:74:F5:91:5B:1A:7E:82:7D:4E:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gV-dKrSGrzxM3T1kVsafoJ9TqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/3ae1de-bd5c-4a17-9fa8-0a9a1f1c989c/1/8j4B1jt3Wq1_U6wF6fLAN41lzDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/3ae1de-bd5c-4a17-9fa8-0a9a1f1c989c/1/9gV-dKrSGrzxM3T1kVsafoJ9TqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:d0:1d:5c:ae:6e:b3:0b:aa:93:7b:66:64:d0:48:fd:69:b9:
         73:4e:ed:0f:49:c6:6c:a7:bd:e3:54:dd:0b:b4:7c:c1:38:4b:
         e3:1f:16:01:13:95:61:df:79:d3:d8:a3:1c:d1:37:3a:d8:39:
         e2:08:ef:dc:84:1c:0c:3e:4d:cd:0a:46:3d:05:cb:9a:e1:a2:
         94:27:80:59:18:e7:1c:b9:d3:e1:0e:fd:67:e7:b0:f3:ec:0b:
         55:c1:fc:b0:63:5c:8a:72:d6:d0:16:8d:c2:ab:77:92:6d:93:
         34:7f:46:89:71:eb:dd:33:44:fb:8a:d4:aa:2c:47:04:37:fe:
         a0:9d:f5:39:17:46:83:59:92:e8:00:5c:f2:92:8e:84:f2:f1:
         69:69:51:5c:30:14:96:4a:18:0b:a7:c5:34:d8:85:6a:fa:ae:
         31:be:da:ad:58:18:06:dd:e4:1a:89:0b:81:3d:46:d0:c8:b3:
         b0:7b:01:87:76:88:d8:1e:ee:28:1f:ea:5d:b0:4b:1c:9c:23:
         6a:8c:a2:29:99:84:3e:f8:64:11:4c:9a:c4:93:b5:04:ba:22:
         49:a6:9c:b5:19:55:91:b9:4b:06:b6:20:f1:53:4a:a8:d5:00:
         9a:d8:b8:b1:05:42:74:4d:38:a3:03:0a:ec:9a:05:d3:e2:ba:
         07:fc:6f:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlfgBaQSdG+FSJlNRqXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDU3ZTc0YWFkMjFhYmNmMTMzNzRmNTkxNWIxYTdlODI3
ZDRlYTEwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjNlMDFkNjNiNzc1YWFkN2Y1M2FjMDVlOWYyYzAzNzhkNjVjYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYpF9W4zg7kPBF/rJ5CF1e6Gb1Bj
OV1as0Jmk2ztoR+F93+eJqgLyttPAGxapYHTnVBLHk+RsDxFFJ+ZaGcEJFKrYim7
M7UzRxA4/93eRS0XHl3CpsoudkqSvRDS5JVEf2avvAH5j6eW8gpOj8C6ueE5vhH3
aZK0sRZOL+JjsaD3WXXuSZfMldw8zGNNRIxmdpvc24H56/gYNT2Xej2kyhsXeTQ0
fYckwBXt8zbd51yVr1NVmjA4dT6D62F5Fa5O5fqF28ome6bd9naV9bfKBXpiHuiW
OWJSJJgGosbvuS0PKJ2w+HHO7KNuvrfYTBA/I8uE225OIzulnpqDJkMl3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI+AdY7d1qtf1OsBenywDeNZcwwMB8GA1UdIwQY
MBaAFPYFfnSq0hq88TN09ZFbGn6CfU6hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdWLWRLclNHcnp4TTNUMWtWc2Fmb0o5VHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zYWUxZGUtYmQ1Yy00YTE3LTlmYTgt
MGE5YTFmMWM5ODljLzEvOGo0QjFqdDNXcTFfVTZ3RjZmTEFONDFsekRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zYWUxZGUtYmQ1Yy00YTE3LTlmYTgtMGE5YTFmMWM5ODlj
LzEvOWdWLWRLclNHcnp4TTNUMWtWc2Fmb0o5VHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ1wMA0G
CSqGSIb3DQEBCwUAA4IBAQB00B1crm6zC6qTe2Zk0Ej9ablzTu0PScZsp73jVN0L
tHzBOEvjHxYBE5Vh33nT2KMc0Tc62DniCO/chBwMPk3NCkY9Bcua4aKUJ4BZGOcc
udPhDv1n57Dz7AtVwfywY1yKctbQFo3Cq3eSbZM0f0aJcevdM0T7itSqLEcEN/6g
nfU5F0aDWZLoAFzyko6E8vFpaVFcMBSWShgLp8U02IVq+q4xvtqtWBgG3eQaiQuB
PUbQyLOwewGHdojYHu4oH+pdsEscnCNqjKIpmYQ++GQRTJrEk7UEuiJJppy1GVWR
uUsGtiDxU0qo1QCa2LixBUJ0TTijAwrsmgXT4roH/G+B
-----END CERTIFICATE-----