Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8NHLIQ8vK_FrndS8b1lbpkJ_4uM.roa
File:                     8NHLIQ8vK_FrndS8b1lbpkJ_4uM.roa (raw, json)
Hash identifier:          ZUXIRGzFtIZXPhubT5BaKAeHIg9R742K83j7IBKvBaA=
Subject key identifier:   F0:D1:CB:21:0F:2F:2B:F1:6B:9D:D4:BC:6F:59:5B:A6:42:7F:E2:E3
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01930B417D3CDA8C5BA2CAB87CBFC0A26852
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8NHLIQ8vK_FrndS8b1lbpkJ_4uM.roa
Signing time:             Fri 08 Nov 2024 10:11:01 +0000
ROA not before:           Fri 08 Nov 2024 10:11:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        45.150.32.0/23 maxlen: 23
                          45.150.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:41:7d:3c:da:8c:5b:a2:ca:b8:7c:bf:c0:a2:68:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov  8 10:11:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0d1cb210f2f2bf16b9dd4bc6f595ba6427fe2e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e5:35:39:90:0d:a9:ef:56:29:2c:f6:99:45:
                    d4:da:00:35:77:7e:c9:e6:3d:fc:9e:12:22:c8:7f:
                    c6:95:f5:81:d2:f9:a2:31:03:02:46:cb:60:28:4f:
                    a1:7e:d2:98:03:9d:bb:57:f4:ae:1b:f6:ed:13:88:
                    ea:db:1a:43:a8:bd:04:4a:1b:73:cd:77:b4:96:a8:
                    c9:e5:6a:fd:bb:fa:20:99:f5:fb:d8:ea:f5:ec:80:
                    63:b3:55:cf:38:4f:68:5f:27:11:54:23:a2:0d:66:
                    a3:e9:42:81:ce:4b:d9:79:19:6f:19:a9:b6:ee:99:
                    8a:b6:4f:74:18:cd:d7:38:a0:9d:b8:2c:54:94:d1:
                    37:8a:2d:82:17:20:12:e7:40:61:fc:3a:87:e9:0c:
                    cb:bc:0c:f8:63:10:0c:1e:eb:a5:5b:45:cb:2a:93:
                    e3:e7:d0:04:54:a1:aa:8a:0b:49:d7:3f:52:00:8f:
                    f4:d3:e0:4f:fd:d6:22:44:bc:4e:d9:ca:39:0a:1f:
                    77:06:2a:9d:1e:aa:25:af:57:1f:e8:c3:48:99:96:
                    7f:09:26:4e:f0:bf:a2:e4:3a:51:79:22:c4:51:9f:
                    39:0f:8f:f5:1d:23:31:83:c8:b8:1c:34:ae:0b:50:
                    f5:26:36:00:f2:8d:7d:a8:d9:45:64:13:71:e6:ef:
                    b2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:D1:CB:21:0F:2F:2B:F1:6B:9D:D4:BC:6F:59:5B:A6:42:7F:E2:E3
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8NHLIQ8vK_FrndS8b1lbpkJ_4uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:56:09:63:4e:e7:e6:b2:8a:d8:eb:bd:6d:1b:7f:77:3a:43:
         9e:bb:1b:a2:d8:7b:03:26:69:08:c0:a8:f8:16:1f:c8:18:82:
         04:13:d1:37:6e:4c:a0:8d:e1:db:25:cb:f9:a2:45:b6:38:ef:
         2f:ed:35:d8:90:b7:e9:4c:07:ba:ae:ce:de:63:3a:31:51:0c:
         90:40:b0:7f:01:30:66:b1:3f:9a:c6:11:3d:c1:26:54:45:76:
         5a:02:01:c2:ac:89:9c:e7:96:6c:66:35:f6:b9:4d:a0:3d:01:
         80:6b:a2:fc:df:92:33:a4:3e:84:97:1b:28:54:c6:bc:c3:07:
         aa:15:8d:ea:51:16:85:a0:5a:7d:fb:07:10:b4:37:0a:dd:8b:
         b4:d5:c9:aa:d2:d0:45:2a:08:99:94:26:59:b9:18:60:07:09:
         30:8c:b5:60:db:5c:b3:63:c1:4a:b8:a9:1a:ae:1d:26:64:5e:
         96:b5:8f:70:7d:2b:2c:39:b8:ec:5b:27:4e:11:6c:48:81:3e:
         7a:5e:ed:15:2d:d8:6a:50:97:46:20:18:b0:95:96:6d:19:64:
         71:67:81:21:90:8d:37:87:41:e8:80:dd:df:46:77:aa:e4:47:
         df:88:51:e2:07:a8:a9:c3:ac:4b:7e:65:32:e0:c5:a3:a5:4e:
         e9:09:76:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMLQX082oxbosq4fL/AomhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMTA4MTAxMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGQxY2IyMTBmMmYyYmYxNmI5ZGQ0YmM2ZjU5NWJhNjQyN2ZlMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OU1OZANqe9WKSz2mUXU2gA1d37J
5j38nhIiyH/GlfWB0vmiMQMCRstgKE+hftKYA527V/SuG/btE4jq2xpDqL0EShtz
zXe0lqjJ5Wr9u/ogmfX72Or17IBjs1XPOE9oXycRVCOiDWaj6UKBzkvZeRlvGam2
7pmKtk90GM3XOKCduCxUlNE3ii2CFyAS50Bh/DqH6QzLvAz4YxAMHuulW0XLKpPj
59AEVKGqigtJ1z9SAI/00+BP/dYiRLxO2co5Ch93BiqdHqolr1cf6MNImZZ/CSZO
8L+i5DpReSLEUZ85D4/1HSMxg8i4HDSuC1D1JjYA8o19qNlFZBNx5u+y8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDRyyEPLyvxa53UvG9ZW6ZCf+LjMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvOE5ITElROHZLX0ZybmRTOGIxbGJwa0pfNHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZYgMA0G
CSqGSIb3DQEBCwUAA4IBAQAiVgljTufmsorY671tG393OkOeuxui2HsDJmkIwKj4
Fh/IGIIEE9E3bkygjeHbJcv5okW2OO8v7TXYkLfpTAe6rs7eYzoxUQyQQLB/ATBm
sT+axhE9wSZURXZaAgHCrImc55ZsZjX2uU2gPQGAa6L835IzpD6ElxsoVMa8wweq
FY3qURaFoFp9+wcQtDcK3Yu01cmq0tBFKgiZlCZZuRhgBwkwjLVg21yzY8FKuKka
rh0mZF6WtY9wfSssObjsWydOEWxIgT56Xu0VLdhqUJdGIBiwlZZtGWRxZ4EhkI03
h0HogN3fRneq5EffiFHiB6ipw6xLfmUy4MWjpU7pCXZq
-----END CERTIFICATE-----