Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/1a58d4-133f-4750-a7ed-65e996312cbe/1/sM8u5q_92EOcYc00ZL0NmCIe5zk.roa
File:                     sM8u5q_92EOcYc00ZL0NmCIe5zk.roa (raw, json)
Hash identifier:          H7RhUHKBmcAa8kY0QKtbsko1j4Brx213hRVpM6QSJCw=
Subject key identifier:   B0:CF:2E:E6:AF:FD:D8:43:9C:61:CD:34:64:BD:0D:98:22:1E:E7:39
Certificate issuer:       /CN=c4145465f0696a70d5f03ee1d5decafd41dc6385
Certificate serial:       0192D7DE84023EE9D2DECE7E0A2E41A977CE
Authority key identifier: C4:14:54:65:F0:69:6A:70:D5:F0:3E:E1:D5:DE:CA:FD:41:DC:63:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBRUZfBpanDV8D7h1d7K_UHcY4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/1a58d4-133f-4750-a7ed-65e996312cbe/1/sM8u5q_92EOcYc00ZL0NmCIe5zk.roa
Signing time:             Tue 29 Oct 2024 10:42:17 +0000
ROA not before:           Tue 29 Oct 2024 10:42:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48825
IP address blocks:        95.128.128.0/21 maxlen: 21
                          185.4.48.0/22 maxlen: 23
                          2a02:64c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/1a58d4-133f-4750-a7ed-65e996312cbe/1/xBRUZfBpanDV8D7h1d7K_UHcY4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/1a58d4-133f-4750-a7ed-65e996312cbe/1/xBRUZfBpanDV8D7h1d7K_UHcY4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBRUZfBpanDV8D7h1d7K_UHcY4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:de:84:02:3e:e9:d2:de:ce:7e:0a:2e:41:a9:77:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4145465f0696a70d5f03ee1d5decafd41dc6385
        Validity
            Not Before: Oct 29 10:42:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0cf2ee6affdd8439c61cd3464bd0d98221ee739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:cf:61:08:76:ea:63:3e:fd:01:86:a7:8e:68:
                    67:ed:99:92:d0:79:e1:97:04:ec:f9:e5:3f:28:56:
                    f6:a6:ae:3e:92:fa:93:2d:3b:84:a3:9a:71:9a:84:
                    59:4a:9f:ec:23:a0:f1:f9:3b:9f:8e:4b:6b:83:78:
                    a3:50:c5:68:e3:3f:f0:92:7d:97:a9:87:a8:88:30:
                    3b:d0:5f:54:00:dc:e2:57:06:c0:bb:7d:92:e8:fa:
                    8f:3f:c8:e6:90:1f:fa:af:99:ec:e0:64:f5:7e:3e:
                    99:37:00:70:6e:15:2a:75:5d:88:4e:e0:c1:ca:16:
                    ca:d1:4d:77:24:35:47:79:11:5b:49:f4:30:47:e5:
                    48:c6:f7:c2:dd:21:83:38:7e:7a:94:66:18:2a:19:
                    bc:7b:40:10:62:15:42:65:42:c9:e4:13:8c:6f:f2:
                    a7:8d:64:7e:fe:72:fd:cf:19:e9:3e:1c:fd:f8:56:
                    ee:55:f9:41:23:19:65:4d:35:2f:3f:8d:1f:54:4a:
                    77:f5:d3:f2:79:4e:a4:ab:78:fa:ac:fe:3a:08:33:
                    81:22:40:77:34:65:63:aa:4e:09:8a:ad:41:f8:7e:
                    92:3f:81:17:a3:c0:f1:d7:f8:16:51:30:ce:59:73:
                    60:56:0a:4c:e2:aa:31:1a:32:b8:52:59:d4:6a:d9:
                    70:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CF:2E:E6:AF:FD:D8:43:9C:61:CD:34:64:BD:0D:98:22:1E:E7:39
            X509v3 Authority Key Identifier:
                keyid:C4:14:54:65:F0:69:6A:70:D5:F0:3E:E1:D5:DE:CA:FD:41:DC:63:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBRUZfBpanDV8D7h1d7K_UHcY4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/1a58d4-133f-4750-a7ed-65e996312cbe/1/sM8u5q_92EOcYc00ZL0NmCIe5zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/1a58d4-133f-4750-a7ed-65e996312cbe/1/xBRUZfBpanDV8D7h1d7K_UHcY4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.128.0/21
                  185.4.48.0/22
                IPv6:
                  2a02:64c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:2b:cc:90:5e:cf:81:7f:86:7c:e7:38:4d:7a:a5:42:a9:e0:
         0a:dc:04:c8:52:55:6c:74:e5:6a:a0:41:53:a9:6f:1e:8a:7a:
         4b:f7:28:84:d5:2e:77:d3:55:ff:7d:25:f0:8c:76:a3:8b:1d:
         21:c2:7b:9a:33:5f:1a:dc:1b:b6:66:f0:9e:5e:a9:4c:88:da:
         65:bb:d2:a0:91:67:2f:41:01:a0:14:91:b9:cd:3f:3a:0c:cf:
         db:5c:5a:91:cb:33:c6:14:32:de:7e:0b:7b:95:7d:7a:3a:a6:
         f1:2b:1e:b5:6c:1a:8f:5f:81:b8:0c:a9:f0:5d:8c:4c:0f:65:
         be:1b:cb:27:4b:c6:16:0a:c7:22:6c:a0:4e:55:9c:5d:83:7d:
         38:1e:8a:29:0c:ff:a5:c6:91:8b:53:75:64:28:9f:75:2f:c4:
         df:f6:36:14:44:92:e8:20:fd:67:7f:bd:03:db:e1:f5:0d:8a:
         64:11:b2:74:77:a4:65:73:f7:27:53:43:84:a4:b1:59:39:7d:
         ff:29:06:c3:e0:df:56:0a:6c:87:22:37:1c:e2:4b:31:97:ef:
         9a:4c:56:a4:f6:2c:2a:8f:a9:70:e0:27:3c:3e:66:1e:d8:41:
         c3:5f:2f:89:8c:45:66:dd:9c:f5:94:bf:e3:c4:df:1d:6c:2a:
         da:83:7d:23
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZLX3oQCPunS3s5+Ci5BqXfOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MTQ1NDY1ZjA2OTZhNzBkNWYwM2VlMWQ1ZGVjYWZkNDFk
YzYzODUwHhcNMjQxMDI5MTA0MjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGNmMmVlNmFmZmRkODQzOWM2MWNkMzQ2NGJkMGQ5ODIyMWVlNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjs9hCHbqYz79AYanjmhn7ZmS0Hnh
lwTs+eU/KFb2pq4+kvqTLTuEo5pxmoRZSp/sI6Dx+Tufjktrg3ijUMVo4z/wkn2X
qYeoiDA70F9UANziVwbAu32S6PqPP8jmkB/6r5ns4GT1fj6ZNwBwbhUqdV2ITuDB
yhbK0U13JDVHeRFbSfQwR+VIxvfC3SGDOH56lGYYKhm8e0AQYhVCZULJ5BOMb/Kn
jWR+/nL9zxnpPhz9+FbuVflBIxllTTUvP40fVEp39dPyeU6kq3j6rP46CDOBIkB3
NGVjqk4Jiq1B+H6SP4EXo8Dx1/gWUTDOWXNgVgpM4qoxGjK4UlnUatlw7wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLDPLuav/dhDnGHNNGS9DZgiHuc5MB8GA1UdIwQY
MBaAFMQUVGXwaWpw1fA+4dXeyv1B3GOFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJSVVpmQnBhbkRWOEQ3aDFkN0tfVUhjWTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8xYTU4ZDQtMTMzZi00NzUwLWE3ZWQt
NjVlOTk2MzEyY2JlLzEvc004dTVxXzkyRU9jWWMwMFpMME5tQ0llNXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8xYTU4ZDQtMTMzZi00NzUwLWE3ZWQtNjVlOTk2MzEyY2Jl
LzEveEJSVVpmQnBhbkRWOEQ3aDFkN0tfVUhjWTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4CAAwQC
uQQwMA0EAgACMAcDBQAqAmTAMA0GCSqGSIb3DQEBCwUAA4IBAQChK8yQXs+Bf4Z8
5zhNeqVCqeAK3ATIUlVsdOVqoEFTqW8einpL9yiE1S5301X/fSXwjHajix0hwnua
M18a3Bu2ZvCeXqlMiNplu9KgkWcvQQGgFJG5zT86DM/bXFqRyzPGFDLefgt7lX16
OqbxKx61bBqPX4G4DKnwXYxMD2W+G8snS8YWCscibKBOVZxdg304HoopDP+lxpGL
U3VkKJ91L8Tf9jYURJLoIP1nf70D2+H1DYpkEbJ0d6Rlc/cnU0OEpLFZOX3/KQbD
4N9WCmyHIjcc4ksxl++aTFak9iwqj6lw4Cc8PmYe2EHDXy+JjEVm3Zz1lL/jxN8d
bCrag30j
-----END CERTIFICATE-----