Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/1-vIii3jAJIDZG2-jCM96LAXAqqA.roa
File:                     1-vIii3jAJIDZG2-jCM96LAXAqqA.roa (raw, json)
Hash identifier:          rMde5jdYT4tZw/3L5jq+5s+4J2tkn9Crnmi5p4kKYDY=
Subject key identifier:   FA:F2:22:8B:78:C0:24:80:D9:1B:6F:A3:08:CF:7A:2C:05:C0:AA:A0
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2F45A063B73FDAD3265462CF651A
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/1-vIii3jAJIDZG2-jCM96LAXAqqA.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206238
IP address blocks:        45.80.168.0/22 maxlen: 22
                          45.83.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2f:45:a0:63:b7:3f:da:d3:26:54:62:cf:65:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faf2228b78c02480d91b6fa308cf7a2c05c0aaa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4b:63:0a:94:e1:5f:db:97:89:06:9e:03:22:
                    1a:54:4b:24:ab:fa:89:95:73:b9:46:cb:3b:47:c7:
                    17:75:91:81:22:7e:17:6e:a2:d3:ab:6b:f0:2f:f8:
                    16:06:f5:1a:0c:4b:13:4c:00:31:c0:cf:aa:07:fd:
                    e9:ee:94:1a:31:95:f1:f6:09:bd:45:be:bf:41:fd:
                    59:af:ad:59:43:22:eb:60:97:76:84:2c:41:ef:bb:
                    d3:ad:eb:b2:b4:4f:5d:98:67:39:81:37:34:01:be:
                    a3:06:0f:a7:b6:b0:d7:7c:c8:29:87:dc:66:5f:61:
                    2c:23:53:2a:ae:14:49:19:75:3f:34:74:f3:26:1e:
                    3a:8b:19:f6:22:d7:42:ed:33:e6:ec:75:9f:58:11:
                    b3:95:87:a4:73:40:75:19:b9:de:a0:37:82:7e:da:
                    8f:1e:2f:36:66:b8:e6:9d:ac:ed:c2:69:48:e2:8b:
                    a8:f4:90:01:e9:e6:66:12:e8:61:dd:5e:53:d6:3e:
                    43:32:84:26:eb:2e:68:40:1f:96:8c:19:81:71:39:
                    5d:ff:d7:0b:59:df:2d:35:79:6d:1f:32:7e:e2:8b:
                    1d:60:f8:3f:cb:8a:6a:7f:13:00:f9:95:44:91:49:
                    03:c2:5c:35:31:be:4e:12:cf:22:f8:88:a1:55:55:
                    a6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F2:22:8B:78:C0:24:80:D9:1B:6F:A3:08:CF:7A:2C:05:C0:AA:A0
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/1-vIii3jAJIDZG2-jCM96LAXAqqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.168.0/22
                  45.83.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:6d:1d:14:ac:aa:e1:bf:e2:d4:26:d9:29:25:9d:6f:38:82:
         56:a9:2b:27:f7:38:ca:92:65:ea:38:5a:83:da:b2:79:49:c5:
         a2:cc:43:b2:28:44:22:41:99:74:43:23:0a:b2:33:a5:fd:ec:
         e1:cc:c4:f6:10:72:81:a0:68:c4:5c:4b:dd:78:e7:53:aa:9d:
         73:29:3e:3b:bd:e5:da:e6:ef:4f:14:94:07:60:c0:b7:6b:67:
         23:fb:f5:84:5e:16:7e:f0:c6:b2:18:cf:ec:74:4c:1c:92:47:
         ab:56:1e:60:c2:b1:84:a7:a6:a6:8e:b3:94:ff:63:fe:7d:8a:
         70:e4:e4:8a:37:cd:27:46:0e:84:12:0a:2b:04:2b:72:1f:30:
         b9:1c:4b:4e:fa:70:01:1c:86:b6:90:25:61:e5:f4:70:38:e3:
         cf:14:b8:0b:af:fe:d8:2b:5b:94:75:7c:74:a9:70:2c:6d:f1:
         34:e1:5c:d8:0e:22:1b:a0:74:a3:9e:42:fa:78:f1:5e:e3:bc:
         aa:d9:19:fb:2d:9d:d7:ef:b6:bc:6e:90:c6:e1:23:8e:e8:0f:
         4f:d6:15:28:c2:95:64:7f:54:31:cd:06:3a:21:1c:14:ab:6f:
         89:35:0c:4b:72:e6:78:34:31:67:5c:5d:96:99:f9:06:c4:18:
         c6:df:20:ad
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzCbS9FoGO3P9rTJlRiz2UaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWYyMjI4Yjc4YzAyNDgwZDkxYjZmYTMwOGNmN2EyYzA1YzBhYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnktjCpThX9uXiQaeAyIaVEskq/qJ
lXO5Rss7R8cXdZGBIn4XbqLTq2vwL/gWBvUaDEsTTAAxwM+qB/3p7pQaMZXx9gm9
Rb6/Qf1Zr61ZQyLrYJd2hCxB77vTreuytE9dmGc5gTc0Ab6jBg+ntrDXfMgph9xm
X2EsI1MqrhRJGXU/NHTzJh46ixn2ItdC7TPm7HWfWBGzlYekc0B1GbneoDeCftqP
Hi82ZrjmnaztwmlI4ouo9JAB6eZmEuhh3V5T1j5DMoQm6y5oQB+WjBmBcTld/9cL
Wd8tNXltHzJ+4osdYPg/y4pqfxMA+ZVEkUkDwlw1Mb5OEs8i+IihVVWmIwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPryIot4wCSA2RtvowjPeiwFwKqgMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvMS12SWlpM2pBSklEWkcyLWpDTTk2TEFYQXFxQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzcvOWZhYjVjLWUxMzgtNGVmNi04Nzk5LWIwYjM1YTM0ZTM4
OC8xL2o4YVdSa1Y2aV9qdmxXbTV0Q2ZwOHNSaTVXNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAi1QqAME
Ai1TBDANBgkqhkiG9w0BAQsFAAOCAQEAgW0dFKyq4b/i1CbZKSWdbziCVqkrJ/c4
ypJl6jhag9qyeUnFosxDsihEIkGZdEMjCrIzpf3s4czE9hBygaBoxFxL3XjnU6qd
cyk+O73l2ubvTxSUB2DAt2tnI/v1hF4WfvDGshjP7HRMHJJHq1YeYMKxhKempo6z
lP9j/n2KcOTkijfNJ0YOhBIKKwQrch8wuRxLTvpwARyGtpAlYeX0cDjjzxS4C6/+
2CtblHV8dKlwLG3xNOFc2A4iG6B0o55C+njxXuO8qtkZ+y2d1++2vG6QxuEjjugP
T9YVKMKVZH9UMc0GOiEcFKtviTUMS3LmeDQxZ1xdlpn5BsQYxt8grQ==
-----END CERTIFICATE-----