Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/krmM4076JJCwvyvM2NtHUlGmOAk.roa
File:                     krmM4076JJCwvyvM2NtHUlGmOAk.roa (raw, json)
Hash identifier:          nOeDhtT+Bqfl24DdPU8DbUpDoJyw9LlPzZ92ftVNwz0=
Subject key identifier:   92:B9:8C:E3:4E:FA:24:90:B0:BF:2B:CC:D8:DB:47:52:51:A6:38:09
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018CC8DF13D6CF54D4ECB4C5F282B8A32F9F
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/krmM4076JJCwvyvM2NtHUlGmOAk.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        45.155.254.0/24 maxlen: 24
                          45.155.253.0/24 maxlen: 24
                          185.226.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:13:d6:cf:54:d4:ec:b4:c5:f2:82:b8:a3:2f:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92b98ce34efa2490b0bf2bccd8db475251a63809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f2:4f:71:c2:88:b7:c3:54:0a:f8:8e:c0:35:
                    40:e5:f5:d7:30:3a:d7:05:55:bc:3e:c8:5b:96:5f:
                    bd:ec:24:3b:48:59:50:09:a6:9f:a1:0e:2c:b1:7d:
                    88:c6:e8:e1:76:d9:6c:a3:52:82:64:31:ba:2e:13:
                    39:f5:99:07:c5:c1:4a:a2:8a:3e:a1:81:27:52:b6:
                    01:71:37:7b:50:23:78:29:15:76:d6:3a:8f:6a:8f:
                    52:5d:f8:93:28:a1:dc:4d:85:9f:c8:3a:49:f5:0b:
                    ba:3f:75:7f:cd:a6:cd:18:53:5a:08:2f:4c:11:a0:
                    5d:fe:cd:4c:70:cf:44:66:fa:cb:ee:b1:84:83:c8:
                    f9:d1:c8:21:fe:4a:32:a1:48:02:22:8b:17:89:dc:
                    39:21:93:72:09:15:d0:ac:dd:90:a7:d0:57:c5:ff:
                    5b:94:6b:7e:3b:29:de:8b:86:87:fb:3a:f0:fd:d7:
                    c2:83:85:50:e1:ab:da:52:a5:28:ce:72:9f:a6:10:
                    4a:d2:3c:b6:d8:40:f9:ef:aa:61:96:a7:2f:4c:3f:
                    62:9f:1d:1f:d6:58:54:49:b8:4a:cb:ea:4f:5b:af:
                    63:95:dd:47:61:60:25:ad:73:92:9a:49:d1:63:42:
                    d6:56:81:d9:89:43:54:4e:13:fa:7d:d3:6e:16:37:
                    f3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B9:8C:E3:4E:FA:24:90:B0:BF:2B:CC:D8:DB:47:52:51:A6:38:09
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/krmM4076JJCwvyvM2NtHUlGmOAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.253.0-45.155.254.255
                  185.226.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:38:6c:36:22:9f:66:50:3e:cd:d3:72:31:12:f6:79:f4:9b:
         b9:98:c1:f6:6a:c3:d0:4f:f7:b1:b3:9c:9b:4a:2b:66:3f:9f:
         78:a5:7b:c9:44:da:da:1b:25:4b:59:43:64:6d:e4:a5:94:51:
         9d:17:fa:47:3b:d2:8e:5f:cc:15:3a:21:d1:1b:bc:a8:b9:dc:
         3c:8b:87:c6:62:70:ff:61:3c:04:d2:82:60:f1:89:d0:a3:ea:
         ff:7f:d4:3d:cc:11:47:b7:f1:dc:57:53:7e:e1:d7:0b:5f:93:
         8d:f8:c8:cb:5d:e5:14:aa:8c:7e:93:7d:64:8d:e6:77:48:5f:
         99:a8:9e:74:0a:b7:f5:9f:45:d4:13:39:12:54:bf:cb:40:1d:
         2d:9e:42:5b:41:7b:b5:5f:06:32:7d:e1:2d:66:34:da:b7:90:
         d2:55:98:88:be:c7:c8:c2:5c:da:ed:86:f3:41:d4:a9:bc:bb:
         80:fa:3e:cd:6b:52:d0:c9:43:96:75:a5:df:57:2e:68:67:b8:
         4b:7c:87:9a:72:38:39:d7:43:18:ed:1b:02:1e:fe:74:c8:5a:
         e9:8a:6f:16:14:32:c4:ac:f4:39:98:74:d4:74:7b:db:86:89:
         35:72:a1:70:c7:57:57:1b:79:d9:3f:cf:02:68:d6:a8:f3:4b:
         0a:66:62:e1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzI3xPWz1TU7LTF8oK4oy+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmI5OGNlMzRlZmEyNDkwYjBiZjJiY2NkOGRiNDc1MjUxYTYzODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/JPccKIt8NUCviOwDVA5fXXMDrX
BVW8Pshbll+97CQ7SFlQCaafoQ4ssX2Ixujhdtlso1KCZDG6LhM59ZkHxcFKooo+
oYEnUrYBcTd7UCN4KRV21jqPao9SXfiTKKHcTYWfyDpJ9Qu6P3V/zabNGFNaCC9M
EaBd/s1McM9EZvrL7rGEg8j50cgh/koyoUgCIosXidw5IZNyCRXQrN2Qp9BXxf9b
lGt+Oynei4aH+zrw/dfCg4VQ4avaUqUoznKfphBK0jy22ED576phlqcvTD9inx0f
1lhUSbhKy+pPW69jld1HYWAlrXOSmknRY0LWVoHZiUNUThP6fdNuFjfzEwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJK5jONO+iSQsL8rzNjbR1JRpjgJMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEva3JtTTQwNzZKSkN3dnl2TTJOdEhVbEdtT0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtm/0D
BAAtm/4DBAC54rQwDQYJKoZIhvcNAQELBQADggEBABc4bDYin2ZQPs3TcjES9nn0
m7mYwfZqw9BP97GznJtKK2Y/n3ile8lE2tobJUtZQ2Rt5KWUUZ0X+kc70o5fzBU6
IdEbvKi53DyLh8ZicP9hPATSgmDxidCj6v9/1D3MEUe38dxXU37h1wtfk434yMtd
5RSqjH6TfWSN5ndIX5monnQKt/WfRdQTORJUv8tAHS2eQltBe7VfBjJ94S1mNNq3
kNJVmIi+x8jCXNrthvNB1Km8u4D6Ps1rUtDJQ5Z1pd9XLmhnuEt8h5pyODnXQxjt
GwIe/nTIWumKbxYUMsSs9DmYdNR0e9uGiTVyoXDHV1cbedk/zwJo1qjzSwpmYuE=
-----END CERTIFICATE-----