Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/G4xuotwFbbT1Nl_Xui4wuNe0RrU.roa
File:                     G4xuotwFbbT1Nl_Xui4wuNe0RrU.roa (raw, json)
Hash identifier:          0Vxct5lZs4DRKn4vxAcUaaICJiMRJgzwDztwCFM0FEY=
Subject key identifier:   1B:8C:6E:A2:DC:05:6D:B4:F5:36:5F:D7:BA:2E:30:B8:D7:B4:46:B5
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D7A9318D69BBEA5C9B97E86585A05764B
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/G4xuotwFbbT1Nl_Xui4wuNe0RrU.roa
Signing time:             Mon 05 Feb 2024 18:41:16 +0000
ROA not before:           Mon 05 Feb 2024 18:41:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62563
IP address blocks:        45.135.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:93:18:d6:9b:be:a5:c9:b9:7e:86:58:5a:05:76:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  5 18:41:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b8c6ea2dc056db4f5365fd7ba2e30b8d7b446b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fc:78:79:20:fd:0c:b6:59:f5:ad:7d:e1:76:
                    8c:47:d6:46:9e:f0:b3:15:ff:7d:2c:17:d3:b0:82:
                    77:23:d2:92:14:e2:6f:62:c2:e5:ad:14:48:28:dc:
                    47:85:85:cc:6d:f6:02:df:77:5a:d0:31:23:82:70:
                    f4:fb:b3:1f:f6:ad:8e:e9:50:9a:d6:ba:c5:2c:da:
                    98:dc:d6:4a:65:dc:a5:44:a7:96:0d:50:bf:b6:d6:
                    a3:3b:2f:28:a4:47:b5:b6:35:22:1a:44:f5:39:9f:
                    52:f5:be:42:7e:a1:0e:fc:43:71:15:49:80:57:16:
                    ea:9d:16:d9:aa:93:c9:6a:5c:16:1a:0f:ea:5c:d4:
                    cb:43:8d:ac:54:49:de:b8:a2:33:d7:47:19:3c:c0:
                    40:96:42:f7:96:4a:24:74:28:e1:26:70:63:07:bb:
                    f2:8f:60:6b:e4:65:47:fa:dd:e4:7f:26:b7:4f:97:
                    20:6f:94:0c:b7:85:58:75:1d:a6:40:95:a8:bd:20:
                    8e:fc:76:5c:7b:69:87:8f:94:71:70:83:a8:42:1f:
                    2c:01:e7:8e:aa:81:fc:62:fa:58:32:35:80:0e:59:
                    2f:34:41:74:f2:de:68:5c:5a:01:79:29:ac:f2:ad:
                    f0:9b:27:25:7a:ce:15:d9:69:aa:6e:5c:88:9b:b7:
                    e9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8C:6E:A2:DC:05:6D:B4:F5:36:5F:D7:BA:2E:30:B8:D7:B4:46:B5
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/G4xuotwFbbT1Nl_Xui4wuNe0RrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:f2:8a:bb:6d:34:fc:17:67:7a:9b:19:5f:81:cd:8e:97:7c:
         28:9b:88:af:bf:72:f2:fc:12:d8:fd:59:14:e5:5b:76:a7:b5:
         84:57:b8:9f:21:9b:ca:c0:92:fe:8e:29:ef:69:f9:56:78:58:
         ee:91:14:e4:e5:59:56:14:74:2d:f2:73:b8:c0:91:e6:ec:01:
         3f:e1:99:7e:90:17:5e:02:dc:cf:77:a4:0a:9c:f2:ac:50:d5:
         ad:f3:26:3f:11:e9:09:f8:f9:94:0f:dd:f7:69:59:9d:99:d2:
         0b:56:10:d9:2e:1b:83:a6:5d:22:a6:63:35:24:92:92:4d:a1:
         4d:80:5f:04:a6:fa:ea:94:cd:93:74:b7:28:be:82:13:a1:31:
         6a:70:62:0b:93:e8:6e:10:44:2c:20:43:20:d5:46:d7:ac:f3:
         95:80:ac:46:c3:9c:80:4f:8e:07:19:08:24:f8:6a:c8:e6:de:
         82:c0:e5:c3:64:a4:3f:ba:a4:ed:bc:d3:a8:ac:75:8d:a9:4e:
         62:89:9c:61:99:91:a3:d9:d7:0b:af:8c:e9:6d:bc:6f:75:d5:
         b7:10:0e:03:40:5b:b6:58:99:88:0e:45:42:71:ed:84:3e:39:
         f5:f4:51:ef:bc:07:6f:5d:ba:44:d9:17:0c:df:6f:54:7d:6a:
         ee:0f:7e:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16kxjWm76lybl+hlhaBXZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA1MTg0MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhjNmVhMmRjMDU2ZGI0ZjUzNjVmZDdiYTJlMzBiOGQ3YjQ0NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPx4eSD9DLZZ9a194XaMR9ZGnvCz
Ff99LBfTsIJ3I9KSFOJvYsLlrRRIKNxHhYXMbfYC33da0DEjgnD0+7Mf9q2O6VCa
1rrFLNqY3NZKZdylRKeWDVC/ttajOy8opEe1tjUiGkT1OZ9S9b5CfqEO/ENxFUmA
VxbqnRbZqpPJalwWGg/qXNTLQ42sVEneuKIz10cZPMBAlkL3lkokdCjhJnBjB7vy
j2Br5GVH+t3kfya3T5cgb5QMt4VYdR2mQJWovSCO/HZce2mHj5RxcIOoQh8sAeeO
qoH8YvpYMjWADlkvNEF08t5oXFoBeSms8q3wmycles4V2WmqblyIm7fpxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuMbqLcBW209TZf17ouMLjXtEa1MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvRzR4dW90d0ZiYlQxTmxfWHVpNHd1TmUwUnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYcMMA0G
CSqGSIb3DQEBCwUAA4IBAQBU8oq7bTT8F2d6mxlfgc2Ol3wom4ivv3Ly/BLY/VkU
5Vt2p7WEV7ifIZvKwJL+jinvaflWeFjukRTk5VlWFHQt8nO4wJHm7AE/4Zl+kBde
AtzPd6QKnPKsUNWt8yY/EekJ+PmUD933aVmdmdILVhDZLhuDpl0ipmM1JJKSTaFN
gF8EpvrqlM2TdLcovoIToTFqcGILk+huEEQsIEMg1UbXrPOVgKxGw5yAT44HGQgk
+GrI5t6CwOXDZKQ/uqTtvNOorHWNqU5iiZxhmZGj2dcLr4zpbbxvddW3EA4DQFu2
WJmIDkVCce2EPjn19FHvvAdvXbpE2RcM329UfWruD36j
-----END CERTIFICATE-----