Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/2a96b8-046d-4ac3-b23d-d819794a32a3/1/uzVTTvvF1-LVvJFX7Xie6DC32HU.roa
File:                     uzVTTvvF1-LVvJFX7Xie6DC32HU.roa (raw, json)
Hash identifier:          wFtdB7OoqNJLNyNo4CXpvXlmdvlZPaTlN41a+VVI9iU=
Subject key identifier:   BB:35:53:4E:FB:C5:D7:E2:D5:BC:91:57:ED:78:9E:E8:30:B7:D8:75
Certificate issuer:       /CN=94282a6078ba98fb4a6e343e7603a960e7a63442
Certificate serial:       018CC348A79849B82A5FA6A504702632316B
Authority key identifier: 94:28:2A:60:78:BA:98:FB:4A:6E:34:3E:76:03:A9:60:E7:A6:34:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lCgqYHi6mPtKbjQ-dgOpYOemNEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/2a96b8-046d-4ac3-b23d-d819794a32a3/1/uzVTTvvF1-LVvJFX7Xie6DC32HU.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209064
IP address blocks:        45.8.38.0/24 maxlen: 24
                          45.8.37.0/24 maxlen: 24
                          45.8.36.0/24 maxlen: 24
                          45.8.36.0/22 maxlen: 22
                          45.8.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/2a96b8-046d-4ac3-b23d-d819794a32a3/1/lCgqYHi6mPtKbjQ-dgOpYOemNEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/2a96b8-046d-4ac3-b23d-d819794a32a3/1/lCgqYHi6mPtKbjQ-dgOpYOemNEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lCgqYHi6mPtKbjQ-dgOpYOemNEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a7:98:49:b8:2a:5f:a6:a5:04:70:26:32:31:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94282a6078ba98fb4a6e343e7603a960e7a63442
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb35534efbc5d7e2d5bc9157ed789ee830b7d875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c4:c5:34:ce:76:1e:35:75:e1:bb:74:35:59:
                    70:b3:07:25:4c:97:d3:09:0c:51:a6:1e:c3:a0:86:
                    29:43:b8:37:f4:a0:92:ac:64:8f:26:da:5b:aa:0b:
                    d8:40:61:4b:36:07:2e:40:fa:1d:e5:04:bc:8b:e3:
                    31:3b:80:8e:f6:a3:26:e8:aa:a1:6b:6a:dc:5c:1a:
                    75:2f:7a:c8:e9:6f:62:04:14:a8:0b:27:1a:c5:82:
                    4c:dc:45:7d:6a:dc:c0:ac:39:67:9e:bf:81:a2:5a:
                    80:61:4e:fd:6d:41:12:37:46:83:1d:96:36:19:23:
                    3b:ba:97:a6:db:45:1b:49:25:be:3d:2a:cc:8e:f6:
                    e0:d3:47:01:bd:76:b1:25:57:4b:3f:65:38:87:5f:
                    54:bc:03:3f:a9:f8:3b:90:c5:89:80:8f:50:d0:a6:
                    6c:b5:ed:c5:4f:a0:2d:90:b1:6b:37:77:53:0a:f7:
                    28:26:86:cc:d6:0b:45:38:dc:e5:85:d3:5a:6b:dc:
                    07:cf:29:a4:93:f5:a5:93:48:4d:89:66:f8:5e:37:
                    4c:b6:2b:7f:32:b7:38:dc:c7:ca:a0:be:93:0e:14:
                    ca:82:0d:cc:5c:cc:8f:bc:62:8e:5b:bc:ff:fb:c5:
                    d3:bf:12:f8:cd:53:eb:ea:f4:c7:9c:f6:29:1e:e1:
                    d1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:35:53:4E:FB:C5:D7:E2:D5:BC:91:57:ED:78:9E:E8:30:B7:D8:75
            X509v3 Authority Key Identifier:
                keyid:94:28:2A:60:78:BA:98:FB:4A:6E:34:3E:76:03:A9:60:E7:A6:34:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCgqYHi6mPtKbjQ-dgOpYOemNEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/2a96b8-046d-4ac3-b23d-d819794a32a3/1/uzVTTvvF1-LVvJFX7Xie6DC32HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/2a96b8-046d-4ac3-b23d-d819794a32a3/1/lCgqYHi6mPtKbjQ-dgOpYOemNEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:37:0a:c4:6f:89:b7:0a:5b:30:9d:1b:51:b9:5d:27:cd:db:
         09:22:9b:47:13:91:be:07:fb:34:20:e3:38:fd:47:10:fa:1e:
         85:c7:fa:73:4a:c4:53:f9:e4:43:77:f6:4f:f4:96:be:1e:36:
         0f:eb:43:39:25:6b:f9:33:b0:bf:f8:37:64:95:b6:e9:f2:d3:
         dd:5e:7b:50:bd:06:77:f7:64:23:97:07:7c:7b:d2:7f:28:60:
         5b:ee:56:12:67:f8:a9:a4:e0:88:be:9e:23:24:28:37:eb:da:
         c4:6c:37:62:b5:8c:29:4e:d1:a4:06:b2:ba:34:49:24:53:71:
         0a:94:9a:ac:f1:0a:93:c0:49:58:a7:3f:a1:5d:99:a0:61:1d:
         f8:1f:54:58:15:25:eb:b3:09:f1:13:8a:ce:05:b5:a0:29:51:
         12:6d:2b:cf:fa:bf:f1:92:d3:bb:a7:e1:28:2c:c8:f7:64:14:
         18:0f:ba:3e:aa:63:b4:af:4c:2b:6e:71:18:ef:d2:4f:0f:91:
         2c:ed:a2:b2:5b:d1:20:63:4d:81:fd:de:f3:6f:de:64:be:89:
         f4:79:23:72:8b:24:6d:df:7a:74:93:dd:4a:52:a3:9f:49:23:
         55:fc:90:72:ea:68:3a:e8:ff:3a:8c:b7:76:d4:33:29:c9:3d:
         f8:a0:e3:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKeYSbgqX6alBHAmMjFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjgyYTYwNzhiYTk4ZmI0YTZlMzQzZTc2MDNhOTYwZTdh
NjM0NDIwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM1NTM0ZWZiYzVkN2UyZDViYzkxNTdlZDc4OWVlODMwYjdkODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcTFNM52HjV14bt0NVlwswclTJfT
CQxRph7DoIYpQ7g39KCSrGSPJtpbqgvYQGFLNgcuQPod5QS8i+MxO4CO9qMm6Kqh
a2rcXBp1L3rI6W9iBBSoCycaxYJM3EV9atzArDlnnr+BolqAYU79bUESN0aDHZY2
GSM7upem20UbSSW+PSrMjvbg00cBvXaxJVdLP2U4h19UvAM/qfg7kMWJgI9Q0KZs
te3FT6AtkLFrN3dTCvcoJobM1gtFONzlhdNaa9wHzymkk/Wlk0hNiWb4XjdMtit/
Mrc43MfKoL6TDhTKgg3MXMyPvGKOW7z/+8XTvxL4zVPr6vTHnPYpHuHRXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLs1U077xdfi1byRV+14nugwt9h1MB8GA1UdIwQY
MBaAFJQoKmB4upj7Sm40PnYDqWDnpjRCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENncVlIaTZtUHRLYmpRLWRnT3BZT2VtTkVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8yYTk2YjgtMDQ2ZC00YWMzLWIyM2Qt
ZDgxOTc5NGEzMmEzLzEvdXpWVFR2dkYxLUxWdkpGWDdYaWU2REMzMkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8yYTk2YjgtMDQ2ZC00YWMzLWIyM2QtZDgxOTc5NGEzMmEz
LzEvbENncVlIaTZtUHRLYmpRLWRnT3BZT2VtTkVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQgkMA0G
CSqGSIb3DQEBCwUAA4IBAQBnNwrEb4m3ClswnRtRuV0nzdsJIptHE5G+B/s0IOM4
/UcQ+h6Fx/pzSsRT+eRDd/ZP9Ja+HjYP60M5JWv5M7C/+Ddklbbp8tPdXntQvQZ3
92Qjlwd8e9J/KGBb7lYSZ/ippOCIvp4jJCg369rEbDditYwpTtGkBrK6NEkkU3EK
lJqs8QqTwElYpz+hXZmgYR34H1RYFSXrswnxE4rOBbWgKVESbSvP+r/xktO7p+Eo
LMj3ZBQYD7o+qmO0r0wrbnEY79JPD5Es7aKyW9EgY02B/d7zb95kvon0eSNyiyRt
33p0k91KUqOfSSNV/JBy6mg66P86jLd21DMpyT34oOMm
-----END CERTIFICATE-----