Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/RemN8SNgEwusQZPwDn3NWdFXlpE.roa
File:                     RemN8SNgEwusQZPwDn3NWdFXlpE.roa (raw, json)
Hash identifier:          8UBuNeCLXeTtkte1N7/39tvhEVnJ22rKg5cEZNhphtw=
Subject key identifier:   45:E9:8D:F1:23:60:13:0B:AC:41:93:F0:0E:7D:CD:59:D1:57:96:91
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       0190C2A6910C0900695D58CB32A3A88D0915
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/RemN8SNgEwusQZPwDn3NWdFXlpE.roa
Signing time:             Wed 17 Jul 2024 21:43:34 +0000
ROA not before:           Wed 17 Jul 2024 21:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        80.83.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c2:a6:91:0c:09:00:69:5d:58:cb:32:a3:a8:8d:09:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jul 17 21:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45e98df12360130bac4193f00e7dcd59d1579691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:31:07:fb:58:97:ca:d5:c0:73:6f:02:76:75:
                    43:c0:ea:d1:ac:29:fd:64:ba:65:87:4c:f9:4d:af:
                    ac:b6:f8:34:65:ce:9d:cc:ef:8b:1b:0c:42:18:bb:
                    a1:b2:e0:e8:d9:7e:a8:f6:ba:1c:b9:20:87:cf:93:
                    5f:e8:72:d8:97:58:78:64:43:1c:21:13:aa:a4:97:
                    f7:80:42:25:44:dc:a8:6e:cf:e8:92:6d:15:3b:f0:
                    1b:0f:87:c6:91:5d:22:d8:b6:1f:22:2c:05:18:5f:
                    a1:d2:d0:8e:25:eb:22:71:92:93:ef:f2:b2:0f:f2:
                    40:e6:2f:59:1c:12:71:ea:d9:91:74:58:47:88:41:
                    0a:7f:1e:9b:e3:c2:c7:cf:a8:e4:6f:6f:0a:71:2b:
                    d1:9d:5e:8e:d7:d2:b4:bc:51:2f:32:f4:85:ae:8a:
                    9d:6c:99:c2:5a:1c:f6:bf:8f:26:8b:68:40:dc:14:
                    da:93:3d:fe:e6:c6:2e:46:82:2b:84:b4:4d:f4:89:
                    f9:23:75:9b:73:75:67:4d:c2:3a:5d:ef:0c:e8:0a:
                    68:74:d3:73:96:37:00:e7:db:21:ee:42:43:1a:61:
                    0e:12:02:25:12:e3:b7:0b:a0:5d:f5:ed:63:e9:8b:
                    53:41:ca:e1:0f:18:df:0a:eb:50:33:39:60:32:22:
                    a0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E9:8D:F1:23:60:13:0B:AC:41:93:F0:0E:7D:CD:59:D1:57:96:91
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/RemN8SNgEwusQZPwDn3NWdFXlpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:04:28:81:eb:b6:4d:10:fa:22:fe:c1:5f:24:69:77:b3:b8:
         76:3a:a7:1a:27:cd:32:c4:4a:7c:0f:2f:e5:01:7e:9a:a5:92:
         5e:27:63:cf:8c:b8:71:1e:32:7e:5a:d0:b6:4d:23:6b:1f:86:
         3e:bd:ee:01:4c:b3:17:85:70:d8:e3:49:bc:9a:2d:e3:fa:b7:
         b7:7b:f3:8a:ca:b5:36:1a:4e:09:0b:a5:4d:a7:d0:90:3d:3e:
         ae:87:b3:28:19:f1:cb:88:f1:57:5a:88:56:af:5e:bb:79:89:
         cd:34:de:e7:d6:5a:6e:42:4a:9c:1e:c3:07:3e:19:e8:fb:67:
         2b:c7:37:81:f2:b6:28:43:a3:82:55:88:4b:40:68:7a:43:14:
         46:0c:d0:06:5b:a4:db:92:58:06:0e:c3:78:41:5c:0f:ed:e1:
         c9:5d:27:86:06:e0:98:ed:e2:4b:ad:71:f6:5e:94:15:c7:e5:
         68:d3:5c:6a:45:a8:e8:fd:d6:48:c2:1c:c5:f2:c5:92:33:0b:
         93:cd:5e:1b:02:74:35:ba:67:cd:03:1e:46:8f:ff:13:f8:b8:
         37:ef:26:26:7d:14:c4:ee:d2:3e:7f:ac:60:e6:10:24:3e:1e:
         a7:96:02:79:d7:9a:38:fa:9d:ea:6c:05:e1:7a:52:16:91:08:
         80:31:83:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDCppEMCQBpXVjLMqOojQkVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwNzE3MjE0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWU5OGRmMTIzNjAxMzBiYWM0MTkzZjAwZTdkY2Q1OWQxNTc5NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzEH+1iXytXAc28CdnVDwOrRrCn9
ZLplh0z5Ta+stvg0Zc6dzO+LGwxCGLuhsuDo2X6o9rocuSCHz5Nf6HLYl1h4ZEMc
IROqpJf3gEIlRNyobs/okm0VO/AbD4fGkV0i2LYfIiwFGF+h0tCOJesicZKT7/Ky
D/JA5i9ZHBJx6tmRdFhHiEEKfx6b48LHz6jkb28KcSvRnV6O19K0vFEvMvSFroqd
bJnCWhz2v48mi2hA3BTakz3+5sYuRoIrhLRN9In5I3Wbc3VnTcI6Xe8M6ApodNNz
ljcA59sh7kJDGmEOEgIlEuO3C6Bd9e1j6YtTQcrhDxjfCutQMzlgMiKgFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXpjfEjYBMLrEGT8A59zVnRV5aRMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvUmVtTjhTTmdFd3VzUVpQd0RuM05XZEZYbHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFNYMA0G
CSqGSIb3DQEBCwUAA4IBAQBdBCiB67ZNEPoi/sFfJGl3s7h2OqcaJ80yxEp8Dy/l
AX6apZJeJ2PPjLhxHjJ+WtC2TSNrH4Y+ve4BTLMXhXDY40m8mi3j+re3e/OKyrU2
Gk4JC6VNp9CQPT6uh7MoGfHLiPFXWohWr167eYnNNN7n1lpuQkqcHsMHPhno+2cr
xzeB8rYoQ6OCVYhLQGh6QxRGDNAGW6TbklgGDsN4QVwP7eHJXSeGBuCY7eJLrXH2
XpQVx+Vo01xqRajo/dZIwhzF8sWSMwuTzV4bAnQ1umfNAx5Gj/8T+Lg37yYmfRTE
7tI+f6xg5hAkPh6nlgJ515o4+p3qbAXhelIWkQiAMYPy
-----END CERTIFICATE-----