Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uXFd_cLHnCbUh0GXRXvOY8vArZ4.roa
File:                     uXFd_cLHnCbUh0GXRXvOY8vArZ4.roa (raw, json)
Hash identifier:          3c3QSGhPoaUdBerV0mPxLPKQIA7Ep1HUqd/SQOklh7M=
Subject key identifier:   B9:71:5D:FD:C2:C7:9C:26:D4:87:41:97:45:7B:CE:63:CB:C0:AD:9E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3630D1CB7E47DFC55B3431E48A92
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uXFd_cLHnCbUh0GXRXvOY8vArZ4.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206085
IP address blocks:        45.89.44.0/22 maxlen: 24
                          45.83.12.0/22 maxlen: 22
                          45.95.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:36:30:d1:cb:7e:47:df:c5:5b:34:31:e4:8a:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9715dfdc2c79c26d4874197457bce63cbc0ad9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3f:7f:59:85:5a:8e:59:1e:3c:0c:27:00:8a:
                    ce:c3:c5:f1:58:69:71:b2:7a:f5:2e:bd:a2:c8:67:
                    dc:6c:cf:9d:68:8b:d3:e7:de:4c:e5:78:9d:f6:7e:
                    03:ee:64:57:18:38:c6:03:73:d2:3a:15:81:65:80:
                    03:04:38:95:6c:c7:53:9a:a3:e0:84:1b:06:30:c2:
                    d6:61:b9:bb:3b:8e:8e:b3:39:21:08:c9:97:db:c2:
                    0f:e1:ef:38:57:a3:a6:f4:e7:6d:66:64:de:34:82:
                    9a:f9:32:4f:09:71:12:79:2a:5c:f2:48:8a:25:82:
                    31:4c:94:f3:55:2d:d1:81:b8:c8:74:8b:55:b8:6b:
                    2f:07:c5:a3:b9:e4:62:82:10:69:ea:67:97:d8:74:
                    68:a4:4f:71:bd:1a:fb:10:30:b8:9c:c0:f1:7a:2a:
                    c3:e7:f2:c4:58:2a:f6:c0:51:a0:18:b5:a8:fd:81:
                    b5:18:fb:bf:9a:cb:7f:67:ff:9f:11:23:8d:48:64:
                    e8:99:41:6c:18:1b:45:9f:a2:4b:5a:a1:8c:a5:e3:
                    b7:e2:59:e4:1e:f4:91:6b:10:c5:97:90:f3:b8:fd:
                    e9:d6:19:d3:96:92:f3:7d:78:5f:30:8d:38:03:26:
                    24:06:2e:d7:e1:48:c0:fe:7c:ca:cd:26:b1:97:b6:
                    b5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:71:5D:FD:C2:C7:9C:26:D4:87:41:97:45:7B:CE:63:CB:C0:AD:9E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uXFd_cLHnCbUh0GXRXvOY8vArZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.12.0/22
                  45.89.44.0/22
                  45.95.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:24:22:f1:29:03:30:e7:0f:a0:ff:e7:28:d1:c1:49:e9:66:
         84:d8:a1:70:07:a9:05:fd:22:e3:bf:6c:d4:6d:a9:40:75:0b:
         fd:4b:f4:72:6e:98:79:0b:ef:5e:30:c9:73:74:24:43:b9:e2:
         4c:e1:c8:88:79:a1:90:5b:1e:2c:20:21:7c:dd:f0:6c:76:21:
         91:32:71:6d:4c:07:82:0c:e1:5d:13:f0:fc:f3:ec:68:c9:f8:
         d3:4e:66:de:8c:a8:cd:8e:0e:54:35:c6:9c:ea:5c:f6:e7:c2:
         d3:d2:13:1a:e5:ee:22:3e:fc:19:c2:9e:66:d0:70:e1:2f:46:
         ec:ee:ef:1d:56:f4:a6:09:37:c5:73:51:38:f7:aa:85:29:99:
         af:8f:93:b1:0d:cf:7a:9a:98:26:c8:80:47:4e:0b:4f:1d:a8:
         0b:fb:0e:d4:a7:f5:cd:54:61:60:13:28:94:52:f1:e4:1b:a6:
         19:81:15:aa:cf:49:24:10:ca:10:3e:2d:0a:09:f2:2f:ae:7f:
         c7:37:c8:be:2a:bf:47:55:8a:74:dd:40:a9:78:1c:3e:53:7e:
         2c:ba:92:86:3a:a3:2a:9b:89:27:ec:f2:31:cc:a9:29:c8:ff:
         d7:a5:6d:f4:a4:88:30:6f:e1:41:de:44:88:62:69:20:15:9d:
         03:1e:1e:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2zYw0ct+R9/FWzQx5IqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTcxNWRmZGMyYzc5YzI2ZDQ4NzQxOTc0NTdiY2U2M2NiYzBhZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhj9/WYVajlkePAwnAIrOw8XxWGlx
snr1Lr2iyGfcbM+daIvT595M5Xid9n4D7mRXGDjGA3PSOhWBZYADBDiVbMdTmqPg
hBsGMMLWYbm7O46OszkhCMmX28IP4e84V6Om9OdtZmTeNIKa+TJPCXESeSpc8kiK
JYIxTJTzVS3RgbjIdItVuGsvB8WjueRighBp6meX2HRopE9xvRr7EDC4nMDxeirD
5/LEWCr2wFGgGLWo/YG1GPu/mst/Z/+fESONSGTomUFsGBtFn6JLWqGMpeO34lnk
HvSRaxDFl5DzuP3p1hnTlpLzfXhfMI04AyYkBi7X4UjA/nzKzSaxl7a1+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLlxXf3Cx5wm1IdBl0V7zmPLwK2eMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdVhGZF9jTEhuQ2JVaDBHWFJYdk9ZOHZBclo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVMMAwQC
LVksAwQCLV9YMA0GCSqGSIb3DQEBCwUAA4IBAQB3JCLxKQMw5w+g/+co0cFJ6WaE
2KFwB6kF/SLjv2zUbalAdQv9S/Rybph5C+9eMMlzdCRDueJM4ciIeaGQWx4sICF8
3fBsdiGRMnFtTAeCDOFdE/D88+xoyfjTTmbejKjNjg5UNcac6lz258LT0hMa5e4i
PvwZwp5m0HDhL0bs7u8dVvSmCTfFc1E496qFKZmvj5OxDc96mpgmyIBHTgtPHagL
+w7Up/XNVGFgEyiUUvHkG6YZgRWqz0kkEMoQPi0KCfIvrn/HN8i+Kr9HVYp03UCp
eBw+U34supKGOqMqm4kn7PIxzKkpyP/XpW30pIgwb+FB3kSIYmkgFZ0DHh4b
-----END CERTIFICATE-----