Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ph4tWqoG-OgguSgXJ6z7F58XWYQ.roa
File:                     ph4tWqoG-OgguSgXJ6z7F58XWYQ.roa (raw, json)
Hash identifier:          HshvwfrGybgqBlI2RrbclyB8wA2QXYZVfPH0hWOueZI=
Subject key identifier:   A6:1E:2D:5A:AA:06:F8:E8:20:B9:28:17:27:AC:FB:17:9F:17:59:84
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC79489818434BCA2B5DAD410BC93FC84
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ph4tWqoG-OgguSgXJ6z7F58XWYQ.roa
Signing time:             Tue 02 Jan 2024 00:30:49 +0000
ROA not before:           Tue 02 Jan 2024 00:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8452
IP address blocks:        45.85.188.0/24 maxlen: 24
                          2a0e:4200::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 11:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:89:81:84:34:bc:a2:b5:da:d4:10:bc:93:fc:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a61e2d5aaa06f8e820b9281727acfb179f175984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a2:d2:c5:a9:29:7d:09:08:87:3a:d5:38:8d:
                    d2:85:ba:92:6e:3d:af:14:bb:00:0d:87:03:90:d4:
                    33:3f:55:ae:87:3d:18:90:5c:54:65:27:07:3a:82:
                    9e:c7:e5:bd:79:04:16:a4:61:8d:ee:b8:41:6d:e2:
                    74:4d:78:f0:35:3b:db:65:16:e0:f9:09:b5:22:07:
                    53:35:fc:e4:9a:bc:c0:b3:ab:f6:3c:d2:78:77:ae:
                    9d:7a:c6:e6:63:03:19:92:67:69:a9:d5:6c:61:fb:
                    26:85:c7:11:ec:54:f9:be:30:94:a7:41:f9:42:16:
                    1a:f1:38:71:42:fc:69:cc:c7:93:ef:6e:a4:58:9b:
                    e8:24:fc:ef:99:00:14:75:36:de:39:2a:02:3e:a8:
                    e2:7f:4c:c5:90:ea:b5:dd:07:9c:a0:1d:68:5f:bf:
                    24:ce:84:de:1d:6b:a4:5b:79:56:8b:e2:b5:d6:c6:
                    6b:c1:6f:af:13:96:8b:9c:0d:6a:fb:cf:1f:5e:bb:
                    34:78:b2:3f:23:91:8c:28:5a:44:08:fd:08:5a:dc:
                    1f:1e:76:08:db:2d:de:fd:78:c0:f9:80:4a:3c:9b:
                    c1:e6:f9:09:cb:4c:5e:8a:84:4b:b2:8f:ba:6b:c6:
                    9a:75:37:71:ca:78:da:5a:f2:ec:9f:3c:35:3d:1c:
                    9c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1E:2D:5A:AA:06:F8:E8:20:B9:28:17:27:AC:FB:17:9F:17:59:84
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ph4tWqoG-OgguSgXJ6z7F58XWYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.188.0/24
                IPv6:
                  2a0e:4200::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:93:7f:19:fe:23:da:fd:78:4a:b3:7f:ed:15:45:f7:77:d6:
         e3:75:fb:b4:c9:fc:f6:12:c8:2d:89:27:f7:27:ad:f6:34:12:
         6f:33:13:e9:fb:7c:7f:65:74:f2:4d:62:78:82:11:05:0c:f1:
         06:83:ef:f9:0f:12:e7:c9:97:4e:3e:73:aa:bc:06:74:ad:65:
         2a:ed:4a:94:32:64:13:85:42:e7:dc:9c:9d:14:9b:9a:57:7b:
         b0:d7:b1:93:13:16:54:ac:9c:f1:9d:b3:12:99:24:27:46:96:
         f7:1d:ab:3c:3c:fe:15:22:f9:78:6c:12:f1:08:fb:61:fa:7d:
         ea:e5:5d:38:24:70:a7:26:a1:60:fd:22:ff:02:9e:7d:0e:fd:
         e3:86:db:0c:08:9c:5a:2c:4c:ac:eb:0d:11:fe:29:30:47:ad:
         a2:26:06:80:54:5f:81:4a:a5:e0:d6:b2:36:f9:92:97:a9:88:
         a1:49:cd:76:9d:25:37:ad:88:d9:b3:07:e6:fc:9b:4d:fe:b9:
         1b:f5:c5:4d:73:ac:87:87:c4:d4:15:b9:14:53:7f:8b:89:c7:
         76:a0:56:3e:02:f4:9a:82:f9:ad:3a:85:9b:ba:12:da:f4:79:
         50:b4:f6:31:7e:ed:f0:b3:c2:97:58:17:51:80:4d:a4:3a:60:
         60:0f:b7:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlImBhDS8orXa1BC8k/yEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjFlMmQ1YWFhMDZmOGU4MjBiOTI4MTcyN2FjZmIxNzlmMTc1OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqLSxakpfQkIhzrVOI3ShbqSbj2v
FLsADYcDkNQzP1Wuhz0YkFxUZScHOoKex+W9eQQWpGGN7rhBbeJ0TXjwNTvbZRbg
+Qm1IgdTNfzkmrzAs6v2PNJ4d66desbmYwMZkmdpqdVsYfsmhccR7FT5vjCUp0H5
QhYa8ThxQvxpzMeT726kWJvoJPzvmQAUdTbeOSoCPqjif0zFkOq13QecoB1oX78k
zoTeHWukW3lWi+K11sZrwW+vE5aLnA1q+88fXrs0eLI/I5GMKFpECP0IWtwfHnYI
2y3e/XjA+YBKPJvB5vkJy0xeioRLso+6a8aadTdxynjaWvLsnzw1PRycawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKYeLVqqBvjoILkoFyes+xefF1mEMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvcGg0dFdxb0ctT2dndVNnWEo2ejdGNThYV1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVW8MA0E
AgACMAcDBQAqDkIAMA0GCSqGSIb3DQEBCwUAA4IBAQAmk38Z/iPa/XhKs3/tFUX3
d9bjdfu0yfz2EsgtiSf3J632NBJvMxPp+3x/ZXTyTWJ4ghEFDPEGg+/5DxLnyZdO
PnOqvAZ0rWUq7UqUMmQThULn3JydFJuaV3uw17GTExZUrJzxnbMSmSQnRpb3Has8
PP4VIvl4bBLxCPth+n3q5V04JHCnJqFg/SL/Ap59Dv3jhtsMCJxaLEys6w0R/ikw
R62iJgaAVF+BSqXg1rI2+ZKXqYihSc12nSU3rYjZswfm/JtN/rkb9cVNc6yHh8TU
FbkUU3+Licd2oFY+AvSagvmtOoWbuhLa9HlQtPYxfu3ws8KXWBdRgE2kOmBgD7fu
-----END CERTIFICATE-----