Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/8CmyEau8EOeTZ8EicjKdVG8R9V4.roa
File:                     8CmyEau8EOeTZ8EicjKdVG8R9V4.roa (raw, json)
Hash identifier:          0mR23+hycMZJPbhbqqEGa2vSOZHWmTsTUEJ9cW6FA4g=
Subject key identifier:   F0:29:B2:11:AB:BC:10:E7:93:67:C1:22:72:32:9D:54:6F:11:F5:5E
Certificate issuer:       /CN=0a06f033537bbd863bbca2b62092d8de3611f651
Certificate serial:       018CC56DF0E142ED8769B538B738086681F5
Authority key identifier: 0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/8CmyEau8EOeTZ8EicjKdVG8R9V4.roa
Signing time:             Mon 01 Jan 2024 14:29:25 +0000
ROA not before:           Mon 01 Jan 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207919
IP address blocks:        45.133.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f0:e1:42:ed:87:69:b5:38:b7:38:08:66:81:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a06f033537bbd863bbca2b62092d8de3611f651
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f029b211abbc10e79367c12272329d546f11f55e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a0:09:da:2e:7a:7e:c9:af:ed:5f:98:58:fe:
                    5d:db:f4:6a:10:8f:55:aa:7d:54:2c:63:34:65:d6:
                    08:38:2d:e8:83:93:4d:1d:17:ef:0b:6f:31:e0:c5:
                    31:e8:b0:32:1e:52:8d:43:07:2c:21:7d:e2:a4:34:
                    e2:59:7d:3a:b0:8e:e3:53:db:f8:2d:b3:6f:e5:8e:
                    83:cd:b1:d4:1a:71:93:64:d0:35:ee:77:0a:8b:07:
                    7b:19:73:19:d5:34:34:fa:c2:e2:34:f1:f5:06:0a:
                    0c:6b:69:e7:64:e7:c3:e3:c0:e6:3b:b9:9d:67:94:
                    38:15:d4:da:4a:f1:89:8c:4f:fb:7e:56:bd:04:fa:
                    d0:0e:ae:f8:3a:69:0d:cb:1c:4c:fc:2c:ce:95:d8:
                    80:32:c0:72:01:81:05:c4:58:e7:97:96:57:1c:11:
                    76:77:19:bb:26:d0:b8:f4:24:8b:e2:89:a3:b6:a0:
                    f8:62:8d:a5:11:40:9c:b7:f3:e7:f6:60:cf:3a:47:
                    14:ca:c4:e3:3c:e2:85:34:55:c6:ed:8e:b2:a2:62:
                    88:a1:8a:44:2b:74:7a:a0:a1:c4:b2:0d:85:3c:44:
                    58:0f:63:68:05:51:3b:2c:25:94:90:c0:1a:8d:cc:
                    0f:25:64:d3:48:4c:ee:92:93:9b:d9:e6:4b:d1:e9:
                    45:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:29:B2:11:AB:BC:10:E7:93:67:C1:22:72:32:9D:54:6F:11:F5:5E
            X509v3 Authority Key Identifier:
                keyid:0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/8CmyEau8EOeTZ8EicjKdVG8R9V4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:a0:7f:81:8e:07:7c:10:06:55:a6:0f:85:98:7b:4b:07:dd:
         4f:8f:f4:96:cc:3f:90:5d:81:bc:f1:ca:29:e7:f0:fb:67:5d:
         fb:af:27:8c:fe:82:8f:f4:50:56:1a:12:cb:d7:e3:9f:bc:7e:
         06:c6:95:b5:a7:86:26:84:5c:45:5c:7b:1d:e8:05:90:00:b2:
         a3:67:50:6c:fc:2a:1d:61:2a:c5:ed:02:c0:b7:42:c3:5e:10:
         47:92:7a:6a:a9:26:9c:48:be:35:5c:3f:98:93:09:c0:94:1e:
         6e:39:15:07:50:9d:43:36:25:dd:a4:7c:f6:e7:ae:ef:b8:81:
         a4:e6:4d:4a:cd:d0:d0:48:d5:39:54:5e:ba:d2:13:8a:a0:ba:
         82:59:00:c4:3b:ed:7f:f4:3e:d0:81:18:8a:5c:84:11:6e:6e:
         e8:ea:a3:96:fe:c7:8a:46:ba:4e:a0:d3:ef:79:ea:c3:1c:88:
         5d:ec:90:d9:2c:a0:01:0e:53:02:2f:b0:94:3e:11:59:16:c4:
         2c:1f:02:f1:e5:a5:a9:55:26:85:41:60:79:62:27:35:30:d6:
         5a:28:ec:23:09:9e:ad:94:05:40:a4:cc:b9:32:ee:c0:3e:fa:
         59:be:f9:6b:46:c2:a1:19:af:ab:81:60:aa:ce:6d:4c:a1:13:
         2d:2c:03:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfDhQu2HabU4tzgIZoH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMDZmMDMzNTM3YmJkODYzYmJjYTJiNjIwOTJkOGRlMzYx
MWY2NTEwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI5YjIxMWFiYmMxMGU3OTM2N2MxMjI3MjMyOWQ1NDZmMTFmNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaAJ2i56fsmv7V+YWP5d2/RqEI9V
qn1ULGM0ZdYIOC3og5NNHRfvC28x4MUx6LAyHlKNQwcsIX3ipDTiWX06sI7jU9v4
LbNv5Y6DzbHUGnGTZNA17ncKiwd7GXMZ1TQ0+sLiNPH1BgoMa2nnZOfD48DmO7md
Z5Q4FdTaSvGJjE/7fla9BPrQDq74OmkNyxxM/CzOldiAMsByAYEFxFjnl5ZXHBF2
dxm7JtC49CSL4omjtqD4Yo2lEUCct/Pn9mDPOkcUysTjPOKFNFXG7Y6yomKIoYpE
K3R6oKHEsg2FPERYD2NoBVE7LCWUkMAajcwPJWTTSEzukpOb2eZL0elFZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPApshGrvBDnk2fBInIynVRvEfVeMB8GA1UdIwQY
MBaAFAoG8DNTe72GO7yitiCS2N42EfZRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2did00xTjd2WVk3dktLMklKTFkzallSOWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80Y2QxNmItMmEyMy00OGE5LTllZWIt
MmE0ODEzYTEzMTIwLzEvOENteUVhdThFT2VUWjhFaWNqS2RWRzhSOVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80Y2QxNmItMmEyMy00OGE5LTllZWItMmE0ODEzYTEzMTIw
LzEvQ2did00xTjd2WVk3dktLMklKTFkzallSOWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYU0MA0G
CSqGSIb3DQEBCwUAA4IBAQB9oH+Bjgd8EAZVpg+FmHtLB91Pj/SWzD+QXYG88cop
5/D7Z137ryeM/oKP9FBWGhLL1+OfvH4GxpW1p4YmhFxFXHsd6AWQALKjZ1Bs/Cod
YSrF7QLAt0LDXhBHknpqqSacSL41XD+YkwnAlB5uORUHUJ1DNiXdpHz2567vuIGk
5k1KzdDQSNU5VF660hOKoLqCWQDEO+1/9D7QgRiKXIQRbm7o6qOW/seKRrpOoNPv
eerDHIhd7JDZLKABDlMCL7CUPhFZFsQsHwLx5aWpVSaFQWB5Yic1MNZaKOwjCZ6t
lAVApMy5Mu7APvpZvvlrRsKhGa+rgWCqzm1MoRMtLAMy
-----END CERTIFICATE-----