Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/zxgnm2wNu8GOy9OHUogwS8gycuo.roa
File:                     zxgnm2wNu8GOy9OHUogwS8gycuo.roa (raw, json)
Hash identifier:          aeOeyykLY86Iz4UGcgBxikYl37blLoVKqQkdaCyJteE=
Subject key identifier:   CF:18:27:9B:6C:0D:BB:C1:8E:CB:D3:87:52:88:30:4B:C8:32:72:EA
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       018E65FFC65FEA76B694B3E0F43645DE1569
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/zxgnm2wNu8GOy9OHUogwS8gycuo.roa
Signing time:             Fri 22 Mar 2024 11:50:45 +0000
ROA not before:           Fri 22 Mar 2024 11:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        45.83.185.0/24 maxlen: 24
                          45.94.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:ff:c6:5f:ea:76:b6:94:b3:e0:f4:36:45:de:15:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Mar 22 11:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf18279b6c0dbbc18ecbd3875288304bc83272ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4a:10:92:62:ab:ce:99:ab:ce:96:60:78:35:
                    be:96:39:9c:fc:44:6b:c4:8e:b0:62:d5:18:bc:89:
                    70:1f:fa:2f:b8:72:cc:c0:f5:8b:a3:0c:55:f4:55:
                    94:44:ec:07:72:83:ba:ad:0a:0e:14:7f:f4:1a:7c:
                    ca:b0:2d:db:46:5d:31:75:74:46:a3:74:1d:7e:2f:
                    f4:a7:61:29:5a:20:6c:8a:77:ae:b0:04:04:7b:64:
                    d9:ec:0c:dc:30:6c:ca:45:8f:48:c1:e2:d3:7c:cd:
                    c7:e6:03:35:29:2b:10:95:b2:56:f0:43:4f:38:bc:
                    07:b9:29:6a:0b:5e:71:49:92:2f:04:15:18:26:22:
                    98:c7:0f:f0:b1:1a:1a:7e:c0:fe:bf:c8:18:b4:6d:
                    8c:ef:74:68:03:db:cf:83:a7:84:19:f0:b4:45:32:
                    1f:a2:46:60:74:1b:57:2a:5d:6c:0b:f7:7b:0a:69:
                    c3:28:10:9d:03:e6:11:27:c2:be:43:ca:d0:b2:15:
                    72:aa:ce:05:2c:c9:98:53:a7:84:b2:55:1f:c4:5e:
                    d8:f8:93:25:61:26:21:1e:08:9f:9e:40:fc:6c:55:
                    cb:2e:7b:b6:d6:76:f1:9e:82:d4:1e:7e:67:70:ca:
                    53:6a:2f:b1:cd:4e:f8:b8:99:06:26:c0:5f:83:cd:
                    06:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:18:27:9B:6C:0D:BB:C1:8E:CB:D3:87:52:88:30:4B:C8:32:72:EA
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/zxgnm2wNu8GOy9OHUogwS8gycuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.185.0/24
                  45.94.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f8:16:84:aa:b3:ee:7e:55:30:73:fc:12:0f:4d:d0:ee:65:
         c0:27:3f:22:cf:da:e9:2f:43:c4:01:7a:fc:97:d0:a8:4b:a8:
         56:f0:21:b5:01:7b:e5:b6:3d:2f:47:25:5a:da:ab:0a:e9:72:
         19:33:6f:24:a2:f3:b6:84:e5:65:ae:dc:26:5e:df:e0:12:5b:
         0e:57:6c:17:8b:71:f2:03:57:fe:da:49:a4:cc:5f:aa:0b:96:
         12:8f:d2:bd:4f:83:d8:9e:dc:a7:ce:95:13:23:d0:a2:bd:ef:
         0d:23:e3:45:a4:da:5d:f8:74:19:7d:60:01:26:d6:9c:d8:c3:
         82:fd:81:7a:2d:bf:15:27:30:a4:2f:12:b4:23:cc:98:de:cd:
         8e:3d:62:cf:b8:e5:4b:aa:7c:78:30:8e:1e:be:cb:74:27:8e:
         c6:a0:49:1e:aa:81:b7:a2:90:d7:84:ac:13:fb:ef:34:9c:9a:
         dc:ec:97:17:67:2c:16:7b:9b:1d:17:85:10:7e:b8:cb:09:cb:
         fb:25:e3:5c:d7:60:7e:b5:2a:f8:8d:18:46:2a:bc:3e:71:14:
         16:5f:08:cd:e5:96:f3:11:02:61:ad:a9:01:4d:7c:f4:11:4b:
         b0:d3:05:b4:35:23:16:5b:a8:d7:ef:9b:c1:5b:11:d2:58:71:
         49:21:00:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5l/8Zf6na2lLPg9DZF3hVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjQwMzIyMTE1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE4Mjc5YjZjMGRiYmMxOGVjYmQzODc1Mjg4MzA0YmM4MzI3MmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0oQkmKrzpmrzpZgeDW+ljmc/ERr
xI6wYtUYvIlwH/ovuHLMwPWLowxV9FWUROwHcoO6rQoOFH/0GnzKsC3bRl0xdXRG
o3Qdfi/0p2EpWiBsineusAQEe2TZ7AzcMGzKRY9IweLTfM3H5gM1KSsQlbJW8ENP
OLwHuSlqC15xSZIvBBUYJiKYxw/wsRoafsD+v8gYtG2M73RoA9vPg6eEGfC0RTIf
okZgdBtXKl1sC/d7CmnDKBCdA+YRJ8K+Q8rQshVyqs4FLMmYU6eEslUfxF7Y+JMl
YSYhHgifnkD8bFXLLnu21nbxnoLUHn5ncMpTai+xzU74uJkGJsBfg80GrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM8YJ5tsDbvBjsvTh1KIMEvIMnLqMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvenhnbm0yd051OEdPeTlPSFVvZ3dTOGd5Y3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVO5AwQA
LV4ZMA0GCSqGSIb3DQEBCwUAA4IBAQAn+BaEqrPuflUwc/wSD03Q7mXAJz8iz9rp
L0PEAXr8l9CoS6hW8CG1AXvltj0vRyVa2qsK6XIZM28kovO2hOVlrtwmXt/gElsO
V2wXi3HyA1f+2kmkzF+qC5YSj9K9T4PYntynzpUTI9Cive8NI+NFpNpd+HQZfWAB
Jtac2MOC/YF6Lb8VJzCkLxK0I8yY3s2OPWLPuOVLqnx4MI4evst0J47GoEkeqoG3
opDXhKwT++80nJrc7JcXZywWe5sdF4UQfrjLCcv7JeNc12B+tSr4jRhGKrw+cRQW
XwjN5ZbzEQJhrakBTXz0EUuw0wW0NSMWW6jX75vBWxHSWHFJIQCP
-----END CERTIFICATE-----