Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/g73V2DH1Haix1UKO5fiPVVieOiw.roa
File:                     g73V2DH1Haix1UKO5fiPVVieOiw.roa (raw, json)
Hash identifier:          thkH7KPXsbDkTwaKQObIdc/h0G8TibtmCKjr9XnCP6E=
Subject key identifier:   83:BD:D5:D8:31:F5:1D:A8:B1:D5:42:8E:E5:F8:8F:55:58:9E:3A:2C
Certificate issuer:       /CN=988296c50d94bbed225f2867231fa5093debea91
Certificate serial:       018CC3B69DE0F617813B4FE5D9E3DCB06C3B
Authority key identifier: 98:82:96:C5:0D:94:BB:ED:22:5F:28:67:23:1F:A5:09:3D:EB:EA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/g73V2DH1Haix1UKO5fiPVVieOiw.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6282
IP address blocks:        45.158.200.0/23 maxlen: 24
                          45.158.202.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 12:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9d:e0:f6:17:81:3b:4f:e5:d9:e3:dc:b0:6c:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=988296c50d94bbed225f2867231fa5093debea91
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83bdd5d831f51da8b1d5428ee5f88f55589e3a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:bd:cd:5e:69:75:ac:f8:ea:67:a8:a7:37:70:
                    f6:76:f2:ad:cb:e0:ed:10:7f:f4:f6:42:66:10:45:
                    5b:6e:5a:7a:da:ab:0e:0e:94:7b:1c:34:7e:55:0d:
                    9b:87:70:f2:75:6d:73:34:69:b9:a7:3a:06:2c:87:
                    a3:78:1a:f7:16:0b:d9:65:5c:c5:34:9b:c7:4c:30:
                    1d:0e:2f:e1:50:5c:54:5f:71:e4:fc:29:3c:21:06:
                    17:da:19:27:d7:d3:f8:0a:4e:91:fa:51:e0:2c:77:
                    83:e2:53:5b:2a:0b:6e:0f:ed:be:57:fa:75:a6:ea:
                    81:f1:9c:1f:f6:81:2a:2b:62:cc:53:d1:01:c6:b6:
                    7d:d8:fe:f6:19:d9:81:f3:f5:e2:16:d1:d4:e6:51:
                    7b:52:e3:d1:b8:81:73:21:39:23:2e:e0:7f:22:63:
                    06:31:3f:ca:51:f3:ba:5c:0f:34:43:2d:f0:01:c5:
                    e5:fc:45:94:20:44:54:01:59:ca:f6:f9:6c:03:6e:
                    ad:ff:56:9b:f6:ac:af:8a:20:4d:df:28:ca:8c:49:
                    fa:61:80:9c:a7:f1:e6:d1:c2:f6:b9:a6:4e:79:4d:
                    1f:ec:92:78:eb:0c:45:8a:40:a6:66:9b:99:47:c1:
                    98:6f:c5:29:c7:9b:49:0f:79:8e:b5:ff:62:a9:4d:
                    41:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BD:D5:D8:31:F5:1D:A8:B1:D5:42:8E:E5:F8:8F:55:58:9E:3A:2C
            X509v3 Authority Key Identifier:
                keyid:98:82:96:C5:0D:94:BB:ED:22:5F:28:67:23:1F:A5:09:3D:EB:EA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/g73V2DH1Haix1UKO5fiPVVieOiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:5a:99:09:e3:ce:60:90:b9:e9:7c:3c:c0:14:57:48:98:79:
         8d:e6:a0:7d:a9:41:18:a8:b7:c3:0e:d5:25:30:f6:2a:f4:96:
         23:de:0d:07:0c:b3:ca:3b:41:91:fb:b5:c7:21:64:9b:29:ad:
         32:51:b5:6e:48:86:bc:5d:07:42:c7:1b:66:c8:0d:e6:34:e4:
         9b:ab:cf:f9:e3:9c:18:2f:f9:a3:6f:d6:23:cc:15:c1:4b:de:
         f5:4f:60:e9:5c:f6:09:3c:fd:0b:1a:18:d9:f0:de:78:cd:df:
         41:01:9e:c6:57:f2:38:c7:fb:8b:67:ff:b9:49:1e:dc:b5:83:
         06:46:5a:ee:9c:7c:60:fe:51:5c:cd:6c:b7:d1:ec:ed:12:21:
         d5:18:1f:f2:c9:a6:de:81:09:46:be:37:dc:04:d8:16:12:46:
         1a:2f:3d:67:a1:de:b3:80:a4:db:e5:16:87:6b:06:91:5a:65:
         8e:22:78:df:ef:b4:86:31:c2:10:7b:0d:67:0f:6c:f9:80:f8:
         37:1c:fc:19:02:14:d3:57:e8:c3:df:9d:e9:19:75:07:80:b2:
         b7:4a:c3:fc:79:cb:44:f0:b7:cf:3c:25:10:b0:b0:c5:0e:73:
         9b:e2:4a:85:2d:3d:c5:2e:dc:cf:03:b8:fd:f8:17:e1:6c:46:
         91:72:ba:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtp3g9heBO0/l2ePcsGw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ODI5NmM1MGQ5NGJiZWQyMjVmMjg2NzIzMWZhNTA5M2Rl
YmVhOTEwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2JkZDVkODMxZjUxZGE4YjFkNTQyOGVlNWY4OGY1NTU4OWUzYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjb3NXml1rPjqZ6inN3D2dvKty+Dt
EH/09kJmEEVbblp62qsODpR7HDR+VQ2bh3DydW1zNGm5pzoGLIejeBr3FgvZZVzF
NJvHTDAdDi/hUFxUX3Hk/Ck8IQYX2hkn19P4Ck6R+lHgLHeD4lNbKgtuD+2+V/p1
puqB8Zwf9oEqK2LMU9EBxrZ92P72GdmB8/XiFtHU5lF7UuPRuIFzITkjLuB/ImMG
MT/KUfO6XA80Qy3wAcXl/EWUIERUAVnK9vlsA26t/1ab9qyviiBN3yjKjEn6YYCc
p/Hm0cL2uaZOeU0f7JJ46wxFikCmZpuZR8GYb8Upx5tJD3mOtf9iqU1BqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO91dgx9R2osdVCjuX4j1VYnjosMB8GA1UdIwQY
MBaAFJiClsUNlLvtIl8oZyMfpQk96+qRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUlLV3hRMlV1LTBpWHlobkl4LWxDVDNyNnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mNzYwZDAtMmY2Ny00MzA3LTlmMGMt
Mzk5M2I1MGIyMDY0LzEvZzczVjJESDFIYWl4MVVLTzVmaVBWVmllT2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9mNzYwZDAtMmY2Ny00MzA3LTlmMGMtMzk5M2I1MGIyMDY0
LzEvbUlLV3hRMlV1LTBpWHlobkl4LWxDVDNyNnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ7IMA0G
CSqGSIb3DQEBCwUAA4IBAQBOWpkJ485gkLnpfDzAFFdImHmN5qB9qUEYqLfDDtUl
MPYq9JYj3g0HDLPKO0GR+7XHIWSbKa0yUbVuSIa8XQdCxxtmyA3mNOSbq8/545wY
L/mjb9YjzBXBS971T2DpXPYJPP0LGhjZ8N54zd9BAZ7GV/I4x/uLZ/+5SR7ctYMG
RlrunHxg/lFczWy30eztEiHVGB/yyabegQlGvjfcBNgWEkYaLz1nod6zgKTb5RaH
awaRWmWOInjf77SGMcIQew1nD2z5gPg3HPwZAhTTV+jD353pGXUHgLK3SsP8ectE
8LfPPCUQsLDFDnOb4kqFLT3FLtzPA7j9+BfhbEaRcroi
-----END CERTIFICATE-----