Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/8EKlF2rKTASXy2PoiNE8eCwHnVs.roa
File:                     8EKlF2rKTASXy2PoiNE8eCwHnVs.roa (raw, json)
Hash identifier:          9vl3lBdLxOSqTSVHzxi1Bvhsy8samFid4K8EpwNJjrc=
Subject key identifier:   F0:42:A5:17:6A:CA:4C:04:97:CB:63:E8:88:D1:3C:78:2C:07:9D:5B
Certificate issuer:       /CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
Certificate serial:       018CC86FCD0509557122F9DC4CB073006421
Authority key identifier: 8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/8EKlF2rKTASXy2PoiNE8eCwHnVs.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29691
IP address blocks:        45.9.160.0/24 maxlen: 24
                          45.9.161.0/24 maxlen: 24
                          45.9.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cd:05:09:55:71:22:f9:dc:4c:b0:73:00:64:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f042a5176aca4c0497cb63e888d13c782c079d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:84:16:0e:a4:ec:b7:b0:1e:2a:da:b3:e6:17:
                    02:cf:93:ad:a5:1b:e0:13:dd:03:c2:cb:93:42:de:
                    4e:63:6f:bb:84:9d:de:2a:2e:7a:2c:e9:f4:aa:26:
                    41:58:3a:79:11:d4:2f:cc:0f:65:68:95:91:07:ca:
                    e6:c2:b3:d6:66:e6:19:06:20:42:25:bc:b8:88:96:
                    45:cb:90:0f:e4:95:67:cf:ce:21:98:31:fa:b8:0a:
                    d6:37:f5:2b:74:18:d6:89:6f:e0:ba:a1:53:24:3c:
                    59:e2:af:e0:d1:ef:4f:11:00:de:ce:c3:c9:7f:b2:
                    29:c9:98:14:46:fc:c7:6d:89:5a:f9:63:fe:69:69:
                    bc:e1:33:09:2b:bc:73:84:83:b3:0b:bf:29:a5:b8:
                    5a:e6:e5:a2:59:a1:cc:8d:ea:01:d0:2a:64:f0:a3:
                    b9:4b:0f:d3:12:2a:2b:4a:73:c6:e3:48:54:53:bb:
                    d1:4c:cb:ff:c4:16:07:ad:db:23:5a:f9:70:23:33:
                    82:fb:c9:b7:97:ed:c9:bd:9a:51:fc:e4:9d:72:0b:
                    cd:63:3d:83:c6:56:a2:3e:f8:65:c7:b1:db:ee:a9:
                    a1:ee:34:5e:b2:2b:47:fa:0f:41:98:64:ea:89:63:
                    f0:1c:e2:57:f1:04:98:79:f7:37:38:07:6b:b1:c3:
                    2a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:42:A5:17:6A:CA:4C:04:97:CB:63:E8:88:D1:3C:78:2C:07:9D:5B
            X509v3 Authority Key Identifier:
                keyid:8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/8EKlF2rKTASXy2PoiNE8eCwHnVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.160.0-45.9.162.255

    Signature Algorithm: sha256WithRSAEncryption
         07:1a:3a:43:12:d1:bc:98:ae:cd:9b:90:7a:04:06:ad:02:b5:
         9f:8b:02:3f:1c:05:ac:51:67:e7:0d:20:b1:ae:d5:5f:65:19:
         21:d7:f5:cb:c4:fa:79:da:43:74:ee:b5:b9:cc:b8:6f:e5:25:
         80:74:31:21:6a:67:f4:f4:04:21:9d:d9:9a:b1:b0:a3:dd:e9:
         88:6b:07:41:93:ca:b3:6b:39:cf:33:5a:47:0d:9b:55:01:8b:
         5a:b4:49:4a:32:2e:d4:2e:11:6d:68:cc:f2:42:27:b2:2e:f1:
         40:7d:3b:f8:ac:60:1f:5d:2b:9f:2d:c9:c2:c4:a0:d0:dc:75:
         b6:55:6e:57:8e:e7:4d:89:ac:90:eb:e8:37:8b:da:f6:a5:7b:
         96:39:90:a2:dc:55:7f:d8:8e:86:ea:da:cf:fa:52:ff:93:aa:
         8e:f5:5a:b3:37:d2:75:db:ac:47:07:34:6c:33:80:fc:a1:12:
         7c:c7:d4:d0:fb:30:fb:e1:96:42:97:63:d1:13:16:4b:1b:1f:
         bc:3d:7b:e6:38:86:cf:5f:1e:4b:21:06:7f:58:98:ff:86:a2:
         14:54:61:fe:8d:1c:d4:51:1e:33:99:9c:4f:c1:85:76:41:f6:
         b1:95:12:7e:3f:8c:53:a4:5f:f8:3e:ee:81:cc:85:da:63:35:
         5e:8c:18:c8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIb80FCVVxIvncTLBzAGQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGFjMThhN2FkNTAxYmE3ZWExMzU2NzkwOWYxN2U0Zjcz
Mjc0MTMwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQyYTUxNzZhY2E0YzA0OTdjYjYzZTg4OGQxM2M3ODJjMDc5ZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4QWDqTst7AeKtqz5hcCz5OtpRvg
E90DwsuTQt5OY2+7hJ3eKi56LOn0qiZBWDp5EdQvzA9laJWRB8rmwrPWZuYZBiBC
Jby4iJZFy5AP5JVnz84hmDH6uArWN/UrdBjWiW/guqFTJDxZ4q/g0e9PEQDezsPJ
f7IpyZgURvzHbYla+WP+aWm84TMJK7xzhIOzC78ppbha5uWiWaHMjeoB0Cpk8KO5
Sw/TEiorSnPG40hUU7vRTMv/xBYHrdsjWvlwIzOC+8m3l+3JvZpR/OSdcgvNYz2D
xlaiPvhlx7Hb7qmh7jResitH+g9BmGTqiWPwHOJX8QSYefc3OAdrscMqkwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPBCpRdqykwEl8tj6IjRPHgsB51bMB8GA1UdIwQY
MBaAFIvawYp61QG6fqE1Z5CfF+T3MnQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzkt
YzNjYzVkZTFlY2U5LzEvOEVLbEYycktUQVNYeTJQb2lORThlQ3dIblZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzktYzNjYzVkZTFlY2U5
LzEvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAUtCaAD
BAAtCaIwDQYJKoZIhvcNAQELBQADggEBAAcaOkMS0byYrs2bkHoEBq0CtZ+LAj8c
BaxRZ+cNILGu1V9lGSHX9cvE+nnaQ3TutbnMuG/lJYB0MSFqZ/T0BCGd2ZqxsKPd
6YhrB0GTyrNrOc8zWkcNm1UBi1q0SUoyLtQuEW1ozPJCJ7Iu8UB9O/isYB9dK58t
ycLEoNDcdbZVbleO502JrJDr6DeL2vale5Y5kKLcVX/Yjobq2s/6Uv+Tqo71WrM3
0nXbrEcHNGwzgPyhEnzH1ND7MPvhlkKXY9ETFksbH7w9e+Y4hs9fHkshBn9YmP+G
ohRUYf6NHNRRHjOZnE/BhXZB9rGVEn4/jFOkX/g+7oHMhdpjNV6MGMg=
-----END CERTIFICATE-----