Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/8809bb-2468-41e6-8a42-de25cdc8f211/1/jHgHqnANLrtm7VTx4Z7Qk_66Q6I.roa
File:                     jHgHqnANLrtm7VTx4Z7Qk_66Q6I.roa (raw, json)
Hash identifier:          GXGs9j3CLcQ8ajQusri0/AI2dQqfHS0uzwBDNnoJUa0=
Subject key identifier:   8C:78:07:AA:70:0D:2E:BB:66:ED:54:F1:E1:9E:D0:93:FE:BA:43:A2
Certificate issuer:       /CN=45fd3374c7ac3c03778707f367f9148f1fe0390d
Certificate serial:       018CC5DC507670792B2EFB6A985491C24A7F
Authority key identifier: 45:FD:33:74:C7:AC:3C:03:77:87:07:F3:67:F9:14:8F:1F:E0:39:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rf0zdMesPAN3hwfzZ_kUjx_gOQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/8809bb-2468-41e6-8a42-de25cdc8f211/1/jHgHqnANLrtm7VTx4Z7Qk_66Q6I.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        82.195.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/8809bb-2468-41e6-8a42-de25cdc8f211/1/Rf0zdMesPAN3hwfzZ_kUjx_gOQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/8809bb-2468-41e6-8a42-de25cdc8f211/1/Rf0zdMesPAN3hwfzZ_kUjx_gOQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rf0zdMesPAN3hwfzZ_kUjx_gOQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:50:76:70:79:2b:2e:fb:6a:98:54:91:c2:4a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45fd3374c7ac3c03778707f367f9148f1fe0390d
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c7807aa700d2ebb66ed54f1e19ed093feba43a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:6c:fc:d8:e1:a2:49:06:8d:2d:a5:e9:c3:7f:
                    7b:3a:3d:14:93:de:79:89:99:2d:08:b3:97:06:fe:
                    04:d9:fc:47:9b:f8:63:ac:6c:84:6a:46:21:96:3e:
                    dc:6f:8b:5f:35:49:f9:ae:22:0c:a5:0d:4a:21:58:
                    fc:92:84:bb:c2:4e:41:1d:94:63:a1:20:fc:f8:58:
                    30:d3:27:71:dd:16:32:7d:65:6f:75:40:2a:00:be:
                    c8:20:6b:84:b5:d7:71:89:6b:a4:bd:ea:93:1c:53:
                    ed:f1:1c:73:2c:37:82:0e:da:5e:06:55:20:ed:4a:
                    e2:56:0a:fd:1a:ad:0d:ba:b9:6f:03:54:31:24:23:
                    b3:31:a1:4f:9d:8d:40:08:8d:a5:50:72:3b:a9:b6:
                    96:68:ef:f9:26:ee:08:6b:58:cf:ef:57:00:d9:bb:
                    85:c3:e1:4d:f2:da:0d:44:b3:90:36:40:59:51:71:
                    87:16:51:b1:ac:74:48:87:1a:64:c5:16:2c:bf:22:
                    f8:3c:52:37:83:6b:ef:71:8d:a1:f0:6a:fc:76:b6:
                    2b:b0:f3:bf:60:b6:fc:0d:19:28:3c:c0:a2:d9:54:
                    d7:aa:fb:91:e6:b1:e8:5a:58:f8:91:01:0d:d5:73:
                    45:d6:2b:bd:fc:26:4b:06:3b:eb:f5:ae:10:1b:2c:
                    77:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:78:07:AA:70:0D:2E:BB:66:ED:54:F1:E1:9E:D0:93:FE:BA:43:A2
            X509v3 Authority Key Identifier:
                keyid:45:FD:33:74:C7:AC:3C:03:77:87:07:F3:67:F9:14:8F:1F:E0:39:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rf0zdMesPAN3hwfzZ_kUjx_gOQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8809bb-2468-41e6-8a42-de25cdc8f211/1/jHgHqnANLrtm7VTx4Z7Qk_66Q6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8809bb-2468-41e6-8a42-de25cdc8f211/1/Rf0zdMesPAN3hwfzZ_kUjx_gOQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.195.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         e6:0e:8e:db:41:74:72:bd:05:70:72:bb:ba:a1:3b:b6:eb:af:
         28:c4:a0:de:8e:53:6e:88:5e:1c:a8:65:06:d1:93:d8:db:fb:
         3f:2d:bd:14:23:f6:df:4c:58:0d:21:f6:9f:29:36:db:a5:d7:
         9a:dc:24:df:b0:8a:64:35:5a:3c:ca:3a:ff:7e:da:77:6f:79:
         e8:c3:04:3b:16:36:46:cc:12:df:48:90:49:d7:56:72:07:2a:
         1d:3b:e9:7c:78:69:04:27:c8:66:3c:94:be:b4:f8:f1:0e:8e:
         d4:9a:97:f5:32:35:5a:6d:59:01:d6:94:7f:0f:9d:85:ac:0b:
         92:4d:32:08:ef:38:d0:f6:c0:9b:59:b7:38:48:d1:ca:1d:78:
         2a:36:c2:23:b5:fd:1b:ae:fe:6f:7b:4a:6c:3f:cc:28:c3:b8:
         b0:fe:97:55:ae:ca:92:ff:0c:7e:1c:23:4a:f8:16:60:ff:53:
         9d:28:b8:b9:ab:a5:70:44:93:b6:6a:6d:8f:7a:2d:59:70:74:
         90:c4:8c:a1:44:ff:5a:9c:63:ef:15:31:de:90:18:13:d7:a3:
         c2:2b:36:63:83:b9:79:05:15:b3:fc:41:1c:01:88:60:5e:97:
         a3:72:be:9d:9f:fb:99:ed:98:f0:14:95:36:28:7e:d9:a2:5c:
         86:21:e3:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FB2cHkrLvtqmFSRwkp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZmQzMzc0YzdhYzNjMDM3Nzg3MDdmMzY3ZjkxNDhmMWZl
MDM5MGQwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzc4MDdhYTcwMGQyZWJiNjZlZDU0ZjFlMTllZDA5M2ZlYmE0M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52z82OGiSQaNLaXpw397Oj0Uk955
iZktCLOXBv4E2fxHm/hjrGyEakYhlj7cb4tfNUn5riIMpQ1KIVj8koS7wk5BHZRj
oSD8+Fgw0ydx3RYyfWVvdUAqAL7IIGuEtddxiWukveqTHFPt8RxzLDeCDtpeBlUg
7UriVgr9Gq0NurlvA1QxJCOzMaFPnY1ACI2lUHI7qbaWaO/5Ju4Ia1jP71cA2buF
w+FN8toNRLOQNkBZUXGHFlGxrHRIhxpkxRYsvyL4PFI3g2vvcY2h8Gr8drYrsPO/
YLb8DRkoPMCi2VTXqvuR5rHoWlj4kQEN1XNF1iu9/CZLBjvr9a4QGyx3UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIx4B6pwDS67Zu1U8eGe0JP+ukOiMB8GA1UdIwQY
MBaAFEX9M3THrDwDd4cH82f5FI8f4DkNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmYwemRNZXNQQU4zaHdmelpfa1VqeF9nT1EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy84ODA5YmItMjQ2OC00MWU2LThhNDIt
ZGUyNWNkYzhmMjExLzEvakhnSHFuQU5McnRtN1ZUeDRaN1FrXzY2UTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy84ODA5YmItMjQ2OC00MWU2LThhNDItZGUyNWNkYzhmMjEx
LzEvUmYwemRNZXNQQU4zaHdmelpfa1VqeF9nT1EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFUsMgMA0G
CSqGSIb3DQEBCwUAA4IBAQDmDo7bQXRyvQVwcru6oTu2668oxKDejlNuiF4cqGUG
0ZPY2/s/Lb0UI/bfTFgNIfafKTbbpdea3CTfsIpkNVo8yjr/ftp3b3nowwQ7FjZG
zBLfSJBJ11ZyByodO+l8eGkEJ8hmPJS+tPjxDo7Umpf1MjVabVkB1pR/D52FrAuS
TTII7zjQ9sCbWbc4SNHKHXgqNsIjtf0brv5ve0psP8wow7iw/pdVrsqS/wx+HCNK
+BZg/1OdKLi5q6VwRJO2am2Pei1ZcHSQxIyhRP9anGPvFTHekBgT16PCKzZjg7l5
BRWz/EEcAYhgXpejcr6dn/uZ7ZjwFJU2KH7ZolyGIeM6
-----END CERTIFICATE-----