Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/9b3f6f-9754-458f-b5b4-f95855f10763/1/6G-7DNn5r1X--f0ZG0pvtCZBEnQ.roa
File:                     6G-7DNn5r1X--f0ZG0pvtCZBEnQ.roa (raw, json)
Hash identifier:          4yNbO4qdE37IgG1Z3g2kHP7ACidSlQaVnCOZpBIS4sM=
Subject key identifier:   E8:6F:BB:0C:D9:F9:AF:55:FE:F9:FD:19:1B:4A:6F:B4:26:41:12:74
Certificate issuer:       /CN=fbf400e63cb262c2000e071ce90aa72ef693e6a2
Certificate serial:       018CC5DC734B7D8375A3E5B1E5AF5CE9688A
Authority key identifier: FB:F4:00:E6:3C:B2:62:C2:00:0E:07:1C:E9:0A:A7:2E:F6:93:E6:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_QA5jyyYsIADgcc6QqnLvaT5qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/9b3f6f-9754-458f-b5b4-f95855f10763/1/6G-7DNn5r1X--f0ZG0pvtCZBEnQ.roa
Signing time:             Mon 01 Jan 2024 16:30:07 +0000
ROA not before:           Mon 01 Jan 2024 16:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35482
IP address blocks:        45.66.181.0/24 maxlen: 24
                          45.66.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/9b3f6f-9754-458f-b5b4-f95855f10763/1/1-_QA5jyyYsIADgcc6QqnLvaT5qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/9b3f6f-9754-458f-b5b4-f95855f10763/1/1-_QA5jyyYsIADgcc6QqnLvaT5qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-_QA5jyyYsIADgcc6QqnLvaT5qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:73:4b:7d:83:75:a3:e5:b1:e5:af:5c:e9:68:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf400e63cb262c2000e071ce90aa72ef693e6a2
        Validity
            Not Before: Jan  1 16:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e86fbb0cd9f9af55fef9fd191b4a6fb426411274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d6:ce:c8:a1:8e:9d:8c:cc:28:6e:7e:63:36:
                    2b:a5:86:8d:11:a7:c8:42:0e:42:70:11:1d:a8:e5:
                    d9:65:1c:59:7b:c9:ca:9e:a6:23:e8:eb:66:d4:9b:
                    46:17:c9:3d:04:f6:f8:21:26:7e:e0:b3:9a:03:1b:
                    6b:89:93:0b:66:36:1d:0e:ca:bf:cf:ca:0a:ca:92:
                    1f:72:66:c1:49:21:db:85:e7:eb:42:5a:6f:a6:0d:
                    3f:d3:66:d3:11:19:c0:c1:5a:b4:42:26:0e:52:c3:
                    58:b6:e4:b7:54:17:ff:10:21:a2:86:a3:04:ff:69:
                    63:ec:c5:6d:3c:e2:59:5b:c8:95:0c:4f:a1:24:58:
                    aa:9c:3e:eb:a6:38:55:2f:c7:89:cb:dd:44:84:c5:
                    7e:ae:a2:67:1a:69:0e:cb:f5:25:ac:71:ed:08:5e:
                    68:f0:5c:99:98:45:7e:f5:22:08:9b:63:ea:66:39:
                    f6:38:e7:dd:d0:81:db:fd:57:39:bc:8b:57:42:4b:
                    26:61:e4:d4:08:88:18:72:c2:cc:ba:84:90:89:1b:
                    e4:90:ab:6b:a4:a3:f6:a0:11:be:ce:20:fd:e1:35:
                    dd:e7:b3:98:43:c1:d8:f1:b9:af:57:ea:2d:ea:44:
                    c9:a1:cf:e6:5e:e2:23:d3:98:96:bd:0d:b3:2a:fb:
                    e3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:6F:BB:0C:D9:F9:AF:55:FE:F9:FD:19:1B:4A:6F:B4:26:41:12:74
            X509v3 Authority Key Identifier:
                keyid:FB:F4:00:E6:3C:B2:62:C2:00:0E:07:1C:E9:0A:A7:2E:F6:93:E6:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_QA5jyyYsIADgcc6QqnLvaT5qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9b3f6f-9754-458f-b5b4-f95855f10763/1/6G-7DNn5r1X--f0ZG0pvtCZBEnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9b3f6f-9754-458f-b5b4-f95855f10763/1/1-_QA5jyyYsIADgcc6QqnLvaT5qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:f8:35:66:aa:5d:8f:f4:81:52:fa:45:64:0b:47:07:2c:d7:
         32:6c:21:4a:2c:73:22:0b:63:5d:a0:ba:c8:27:11:b0:00:22:
         bf:fd:3e:23:4b:60:34:1b:38:da:cd:63:f7:59:74:0a:76:f1:
         b7:18:d2:37:de:4a:33:84:2c:c3:d9:f3:8a:b4:20:e7:5c:55:
         3f:c7:8e:8c:de:de:5d:3e:8c:95:27:e2:ba:04:50:46:c3:ee:
         26:f1:7c:52:18:7a:9e:49:4f:63:81:7f:fa:3a:88:09:9d:82:
         7f:f7:da:7b:a2:16:8a:25:59:d7:7e:42:b6:34:2c:95:2c:4f:
         e9:55:fc:d9:e7:3b:e5:66:ee:6d:2e:ac:6c:79:12:a5:24:f5:
         8a:39:6d:36:8c:ed:fc:33:a5:8d:6d:8c:9b:a4:af:91:a7:f2:
         06:0d:32:d1:4b:6d:e8:1e:6d:ab:d0:a3:3a:37:1f:9f:ea:60:
         88:c1:d9:aa:2a:ac:89:72:cc:db:9b:a1:44:98:a1:b4:0f:3b:
         6e:db:c1:8d:5f:47:ad:31:23:26:7c:10:66:99:fd:dd:e0:18:
         77:e9:64:ef:d1:86:2c:7a:2b:e5:24:96:3f:89:5e:48:8e:0f:
         ff:01:76:37:81:32:4c:f8:33:a1:78:a8:44:2d:01:36:06:ca:
         57:3b:02:d5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3HNLfYN1o+Wx5a9c6WiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjQwMGU2M2NiMjYyYzIwMDBlMDcxY2U5MGFhNzJlZjY5
M2U2YTIwHhcNMjQwMTAxMTYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODZmYmIwY2Q5ZjlhZjU1ZmVmOWZkMTkxYjRhNmZiNDI2NDExMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitbOyKGOnYzMKG5+YzYrpYaNEafI
Qg5CcBEdqOXZZRxZe8nKnqYj6Otm1JtGF8k9BPb4ISZ+4LOaAxtriZMLZjYdDsq/
z8oKypIfcmbBSSHbhefrQlpvpg0/02bTERnAwVq0QiYOUsNYtuS3VBf/ECGihqME
/2lj7MVtPOJZW8iVDE+hJFiqnD7rpjhVL8eJy91EhMV+rqJnGmkOy/UlrHHtCF5o
8FyZmEV+9SIIm2PqZjn2OOfd0IHb/Vc5vItXQksmYeTUCIgYcsLMuoSQiRvkkKtr
pKP2oBG+ziD94TXd57OYQ8HY8bmvV+ot6kTJoc/mXuIj05iWvQ2zKvvj9wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOhvuwzZ+a9V/vn9GRtKb7QmQRJ0MB8GA1UdIwQY
MBaAFPv0AOY8smLCAA4HHOkKpy72k+aiMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fUUE1anl5WXNJQURnY2M2UXFuTHZhVDVxSS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvOWIzZjZmLTk3NTQtNDU4Zi1iNWI0
LWY5NTg1NWYxMDc2My8xLzZHLTdETm41cjFYLS1mMFpHMHB2dENaQkVuUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvOWIzZjZmLTk3NTQtNDU4Zi1iNWI0LWY5NTg1NWYxMDc2
My8xLzEtX1FBNWp5eVlzSUFEZ2NjNlFxbkx2YVQ1cUkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtQrQw
DQYJKoZIhvcNAQELBQADggEBAA/4NWaqXY/0gVL6RWQLRwcs1zJsIUoscyILY12g
usgnEbAAIr/9PiNLYDQbONrNY/dZdAp28bcY0jfeSjOELMPZ84q0IOdcVT/Hjoze
3l0+jJUn4roEUEbD7ibxfFIYep5JT2OBf/o6iAmdgn/32nuiFoolWdd+QrY0LJUs
T+lV/NnnO+Vm7m0urGx5EqUk9Yo5bTaM7fwzpY1tjJukr5Gn8gYNMtFLbegebavQ
ozo3H5/qYIjB2aoqrIlyzNuboUSYobQPO27bwY1fR60xIyZ8EGaZ/d3gGHfpZO/R
hix6K+Uklj+JXkiOD/8BdjeBMkz4M6F4qEQtATYGylc7AtU=
-----END CERTIFICATE-----