Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/d8b0c3-3f70-43db-85a4-5be1202367e9/1/Uy9m1YnSyR2vaVqV8sdhd4RyI_g.roa
File:                     Uy9m1YnSyR2vaVqV8sdhd4RyI_g.roa (raw, json)
Hash identifier:          dNua9wcVg3ZC/11NR22NxwzbPasxeq/BhMltALNiDrQ=
Subject key identifier:   53:2F:66:D5:89:D2:C9:1D:AF:69:5A:95:F2:C7:61:77:84:72:23:F8
Certificate issuer:       /CN=1b6a5a7ee9d21a7dd45bbbfff431b364dea0b5ae
Certificate serial:       018CC94E502CB71F1D90FCA85590312DB7DD
Authority key identifier: 1B:6A:5A:7E:E9:D2:1A:7D:D4:5B:BB:FF:F4:31:B3:64:DE:A0:B5:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G2pafunSGn3UW7v_9DGzZN6gta4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/d8b0c3-3f70-43db-85a4-5be1202367e9/1/Uy9m1YnSyR2vaVqV8sdhd4RyI_g.roa
Signing time:             Tue 02 Jan 2024 08:33:21 +0000
ROA not before:           Tue 02 Jan 2024 08:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212344
IP address blocks:        45.85.186.0/24 maxlen: 24
                          45.85.186.0/23 maxlen: 23
                          45.85.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/d8b0c3-3f70-43db-85a4-5be1202367e9/1/G2pafunSGn3UW7v_9DGzZN6gta4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/d8b0c3-3f70-43db-85a4-5be1202367e9/1/G2pafunSGn3UW7v_9DGzZN6gta4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G2pafunSGn3UW7v_9DGzZN6gta4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:50:2c:b7:1f:1d:90:fc:a8:55:90:31:2d:b7:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b6a5a7ee9d21a7dd45bbbfff431b364dea0b5ae
        Validity
            Not Before: Jan  2 08:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=532f66d589d2c91daf695a95f2c76177847223f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6f:9f:f0:8e:f5:3b:b4:8d:5e:6a:a8:16:ff:
                    34:4f:bd:af:a6:d6:86:d9:e2:3a:b6:bd:e5:1e:bc:
                    a5:b8:4a:7c:f2:f8:ae:34:9f:9d:52:6b:7d:04:22:
                    d1:f0:e4:69:f1:35:30:cc:03:f6:01:f6:85:34:75:
                    4b:a6:38:35:1a:8d:f9:17:02:3c:3e:91:38:81:e2:
                    15:52:4c:21:62:78:4b:b6:28:fb:e8:0a:38:0b:da:
                    d1:22:08:b3:e5:d2:5f:70:ef:e8:e1:ff:5b:13:be:
                    39:f0:15:68:ab:12:3a:79:37:92:0d:04:a8:6e:69:
                    eb:ae:23:01:d1:0b:dd:86:d2:61:d7:a6:53:4a:15:
                    a1:a1:17:4d:09:79:f9:89:f5:87:98:1e:be:20:93:
                    0f:06:4c:b8:88:a2:c6:c3:e0:7f:79:25:ee:5a:ac:
                    c7:6f:16:a8:a1:5a:70:65:ba:d7:f5:64:e6:56:65:
                    cc:b3:43:1e:27:6f:8c:14:e7:b7:e2:b7:ea:e3:1f:
                    99:1c:fe:d6:02:82:e6:2a:ac:89:df:3d:ed:30:18:
                    4c:fe:2a:70:9f:a7:aa:a5:d1:61:8e:61:25:e7:c6:
                    0c:68:8a:6e:c8:b7:66:4e:b0:53:71:ae:6e:cf:eb:
                    37:0f:98:79:15:12:82:55:f3:a9:86:a7:94:73:c3:
                    57:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2F:66:D5:89:D2:C9:1D:AF:69:5A:95:F2:C7:61:77:84:72:23:F8
            X509v3 Authority Key Identifier:
                keyid:1B:6A:5A:7E:E9:D2:1A:7D:D4:5B:BB:FF:F4:31:B3:64:DE:A0:B5:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G2pafunSGn3UW7v_9DGzZN6gta4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/d8b0c3-3f70-43db-85a4-5be1202367e9/1/Uy9m1YnSyR2vaVqV8sdhd4RyI_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/d8b0c3-3f70-43db-85a4-5be1202367e9/1/G2pafunSGn3UW7v_9DGzZN6gta4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:38:4c:eb:13:0f:d1:b7:aa:af:37:d8:e7:d3:4b:87:7d:3e:
         12:46:71:bf:42:12:bb:a7:23:04:bd:f3:ec:72:6b:40:83:e0:
         db:e7:ad:63:67:76:94:4b:5c:64:1b:a6:27:ac:ac:75:29:82:
         e4:ec:08:80:b9:59:46:b0:56:b0:ad:69:19:8e:d4:94:15:4d:
         38:b6:1d:ce:e8:76:e2:22:ac:81:7c:11:d2:f6:31:f0:c5:dc:
         23:85:30:15:4a:72:88:2c:c9:aa:f9:8f:64:d3:32:7c:d8:82:
         be:e7:d9:df:51:b9:71:36:0a:32:21:12:7f:6a:95:e6:71:49:
         a6:41:f2:68:ee:40:ab:92:05:e2:62:11:8b:b4:c6:97:57:84:
         41:67:ba:f5:10:a4:2c:b7:8f:54:de:e6:9e:5c:fc:12:3d:36:
         a7:f1:7a:e0:a5:6f:2d:9f:9c:ed:71:2e:7c:9b:8d:7c:d1:90:
         d9:a8:e2:8f:dd:07:16:3b:f4:7f:83:58:62:53:f9:08:02:75:
         89:9f:16:cd:7f:5b:16:a4:3d:37:1c:e6:fb:cc:2b:e8:cc:40:
         ec:b1:22:dc:22:f1:6e:79:20:9f:ba:92:56:46:ac:48:af:29:
         ed:7e:b8:d9:b5:0e:7e:12:2a:cf:61:76:d2:7d:49:d9:16:bc:
         54:5c:6f:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlAstx8dkPyoVZAxLbfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNmE1YTdlZTlkMjFhN2RkNDViYmJmZmY0MzFiMzY0ZGVh
MGI1YWUwHhcNMjQwMTAyMDgzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJmNjZkNTg5ZDJjOTFkYWY2OTVhOTVmMmM3NjE3Nzg0NzIyM2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG+f8I71O7SNXmqoFv80T72vptaG
2eI6tr3lHryluEp88viuNJ+dUmt9BCLR8ORp8TUwzAP2AfaFNHVLpjg1Go35FwI8
PpE4geIVUkwhYnhLtij76Ao4C9rRIgiz5dJfcO/o4f9bE7458BVoqxI6eTeSDQSo
bmnrriMB0QvdhtJh16ZTShWhoRdNCXn5ifWHmB6+IJMPBky4iKLGw+B/eSXuWqzH
bxaooVpwZbrX9WTmVmXMs0MeJ2+MFOe34rfq4x+ZHP7WAoLmKqyJ3z3tMBhM/ipw
n6eqpdFhjmEl58YMaIpuyLdmTrBTca5uz+s3D5h5FRKCVfOphqeUc8NXiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMvZtWJ0skdr2lalfLHYXeEciP4MB8GA1UdIwQY
MBaAFBtqWn7p0hp91Fu7//Qxs2TeoLWuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzJwYWZ1blNHbjNVVzd2XzlER3paTjZndGE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kOGIwYzMtM2Y3MC00M2RiLTg1YTQt
NWJlMTIwMjM2N2U5LzEvVXk5bTFZblN5UjJ2YVZxVjhzZGhkNFJ5SV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kOGIwYzMtM2Y3MC00M2RiLTg1YTQtNWJlMTIwMjM2N2U5
LzEvRzJwYWZ1blNHbjNVVzd2XzlER3paTjZndGE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVW6MA0G
CSqGSIb3DQEBCwUAA4IBAQBhOEzrEw/Rt6qvN9jn00uHfT4SRnG/QhK7pyMEvfPs
cmtAg+Db561jZ3aUS1xkG6YnrKx1KYLk7AiAuVlGsFawrWkZjtSUFU04th3O6Hbi
IqyBfBHS9jHwxdwjhTAVSnKILMmq+Y9k0zJ82IK+59nfUblxNgoyIRJ/apXmcUmm
QfJo7kCrkgXiYhGLtMaXV4RBZ7r1EKQst49U3uaeXPwSPTan8XrgpW8tn5ztcS58
m4180ZDZqOKP3QcWO/R/g1hiU/kIAnWJnxbNf1sWpD03HOb7zCvozEDssSLcIvFu
eSCfupJWRqxIryntfrjZtQ5+EirPYXbSfUnZFrxUXG/b
-----END CERTIFICATE-----