Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1hJwIGWkjdFSRIvLa_nHIPTE46o.roa
File:                     1hJwIGWkjdFSRIvLa_nHIPTE46o.roa (raw, json)
Hash identifier:          MuHp+k//shQfO6xG1YhiQw9+UO9v9VXwyZelii5X5fY=
Subject key identifier:   D6:12:70:20:65:A4:8D:D1:52:44:8B:CB:6B:F9:C7:20:F4:C4:E3:AA
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01909743D3D924EC4D018A73AA7869395FB3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1hJwIGWkjdFSRIvLa_nHIPTE46o.roa
Signing time:             Tue 09 Jul 2024 11:32:03 +0000
ROA not before:           Tue 09 Jul 2024 11:32:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49443
IP address blocks:        45.86.19.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:97:43:d3:d9:24:ec:4d:01:8a:73:aa:78:69:39:5f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul  9 11:32:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d612702065a48dd152448bcb6bf9c720f4c4e3aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:02:4a:59:3f:ea:6f:62:7f:bb:12:fb:dd:e0:
                    3c:da:5f:2a:b2:95:34:47:4b:44:87:43:50:97:19:
                    4c:97:e3:b5:c4:5d:22:ec:65:e2:55:99:69:ac:7e:
                    05:f4:fc:9a:e7:d3:38:55:36:c8:7f:ee:ae:1e:47:
                    04:85:7f:7d:31:9f:de:e4:53:6c:bd:c7:25:c1:9b:
                    20:b7:1e:ef:76:31:57:5a:0a:0a:a8:e1:2b:d5:7b:
                    80:27:b0:08:72:e7:8b:a1:df:2a:ee:e6:a0:f1:f9:
                    50:64:a8:b8:e6:ec:db:c0:2b:53:e5:a4:a9:f7:f9:
                    1f:3e:87:6a:94:8f:d1:12:a2:1b:47:e6:9e:2a:33:
                    f2:a0:8d:cd:62:4e:a8:5c:4b:bc:f1:d1:f7:d8:c9:
                    8c:7d:fa:e3:1d:25:e6:70:54:59:29:5c:60:5c:02:
                    7f:9e:a0:3b:85:16:c5:1e:22:65:15:63:1e:7e:43:
                    c4:a6:ae:77:04:31:59:f7:8a:67:87:eb:24:dd:c1:
                    70:cf:63:ce:d2:ed:5d:d2:97:72:c6:50:59:c3:e5:
                    46:37:34:06:4e:68:48:a8:af:2d:83:af:7c:a7:ae:
                    91:aa:b3:47:db:69:96:8a:53:16:21:43:16:60:d4:
                    9b:55:73:f5:f2:4b:b0:78:54:c1:11:2e:4f:c0:b5:
                    66:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:12:70:20:65:A4:8D:D1:52:44:8B:CB:6B:F9:C7:20:F4:C4:E3:AA
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1hJwIGWkjdFSRIvLa_nHIPTE46o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.19.0/24
                  80.94.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:d4:69:5f:17:a4:ef:cf:a4:38:40:2b:bb:d4:d1:0f:96:0a:
         66:61:7d:57:0b:a6:6b:9a:98:a4:36:20:4b:9e:c5:fa:2f:80:
         d0:36:ee:f2:30:32:61:59:6a:00:72:c9:e3:29:6d:e6:7b:a3:
         20:f8:3c:e3:2d:75:91:69:af:f2:79:d6:88:d1:ca:c0:42:8f:
         ad:8d:bd:2c:a9:8c:fb:97:27:02:12:5d:a3:a2:7c:1a:3b:f4:
         39:80:e3:9b:d8:72:f8:98:a7:9c:a9:2a:0a:21:f3:b9:07:e3:
         0d:a1:8b:33:50:5f:16:d8:fd:4a:f2:9f:b6:81:ac:74:4b:fe:
         0d:62:7c:70:93:3c:69:45:c2:65:6f:09:9e:a2:8c:60:b4:6d:
         8e:3d:b1:df:46:61:a7:9e:a1:3d:9c:c6:51:5f:d4:71:2e:c5:
         95:7f:f3:f7:56:21:a3:9e:d2:4c:78:4c:d3:e7:94:ca:54:68:
         96:a5:63:7a:e2:81:a8:b8:22:e2:29:f4:c7:2f:73:f2:0b:d7:
         9e:35:10:83:90:f0:3d:cb:72:b4:74:13:1a:17:bd:95:e5:f8:
         1a:d8:cf:8f:b2:d5:89:0b:48:c1:64:a9:d5:fc:32:7b:6d:5c:
         09:bb:e9:87:3d:7e:7e:b2:7d:16:75:56:a3:2e:da:a2:de:30:
         df:89:da:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCXQ9PZJOxNAYpzqnhpOV+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNzA5MTEzMjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjEyNzAyMDY1YTQ4ZGQxNTI0NDhiY2I2YmY5YzcyMGY0YzRlM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAJKWT/qb2J/uxL73eA82l8qspU0
R0tEh0NQlxlMl+O1xF0i7GXiVZlprH4F9Pya59M4VTbIf+6uHkcEhX99MZ/e5FNs
vcclwZsgtx7vdjFXWgoKqOEr1XuAJ7AIcueLod8q7uag8flQZKi45uzbwCtT5aSp
9/kfPodqlI/REqIbR+aeKjPyoI3NYk6oXEu88dH32MmMffrjHSXmcFRZKVxgXAJ/
nqA7hRbFHiJlFWMefkPEpq53BDFZ94pnh+sk3cFwz2PO0u1d0pdyxlBZw+VGNzQG
TmhIqK8tg698p66RqrNH22mWilMWIUMWYNSbVXP18kuweFTBES5PwLVmnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYScCBlpI3RUkSLy2v5xyD0xOOqMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMWhKd0lHV2tqZEZTUkl2TGFfbkhJUFRFNDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVYTAwQB
UF5QMA0GCSqGSIb3DQEBCwUAA4IBAQBq1GlfF6Tvz6Q4QCu71NEPlgpmYX1XC6Zr
mpikNiBLnsX6L4DQNu7yMDJhWWoAcsnjKW3me6Mg+DzjLXWRaa/yedaI0crAQo+t
jb0sqYz7lycCEl2jonwaO/Q5gOOb2HL4mKecqSoKIfO5B+MNoYszUF8W2P1K8p+2
gax0S/4NYnxwkzxpRcJlbwmeooxgtG2OPbHfRmGnnqE9nMZRX9RxLsWVf/P3ViGj
ntJMeEzT55TKVGiWpWN64oGouCLiKfTHL3PyC9eeNRCDkPA9y3K0dBMaF72V5fga
2M+PstWJC0jBZKnV/DJ7bVwJu+mHPX5+sn0WdVajLtqi3jDfidq2
-----END CERTIFICATE-----