Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/3b9215-9807-481e-9a1e-732272023ec2/1/X4yu8N6fzZRHf29LRRyfASf8aUY.roa
File:                     X4yu8N6fzZRHf29LRRyfASf8aUY.roa (raw, json)
Hash identifier:          m4ZXig00CTVsHk/nstd/t+YbwGbzVxa/iHuVD4bygSw=
Subject key identifier:   5F:8C:AE:F0:DE:9F:CD:94:47:7F:6F:4B:45:1C:9F:01:27:FC:69:46
Certificate issuer:       /CN=62d18b312e353e78fa8ee5f80d36f741cdcde3aa
Certificate serial:       018CC3B6983940CE1AE1715A7EB2A5B315BD
Authority key identifier: 62:D1:8B:31:2E:35:3E:78:FA:8E:E5:F8:0D:36:F7:41:CD:CD:E3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGLMS41Pnj6juX4DTb3Qc3N46o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/3b9215-9807-481e-9a1e-732272023ec2/1/X4yu8N6fzZRHf29LRRyfASf8aUY.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        45.94.134.0/24 maxlen: 24
                          45.94.133.0/24 maxlen: 24
                          45.94.135.0/24 maxlen: 24
                          45.94.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/3b9215-9807-481e-9a1e-732272023ec2/1/YtGLMS41Pnj6juX4DTb3Qc3N46o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/3b9215-9807-481e-9a1e-732272023ec2/1/YtGLMS41Pnj6juX4DTb3Qc3N46o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtGLMS41Pnj6juX4DTb3Qc3N46o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:98:39:40:ce:1a:e1:71:5a:7e:b2:a5:b3:15:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d18b312e353e78fa8ee5f80d36f741cdcde3aa
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f8caef0de9fcd94477f6f4b451c9f0127fc6946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b9:b3:8b:80:7c:71:6d:07:29:95:1e:9b:c9:
                    1b:6c:47:69:08:a0:b9:4b:6c:58:cb:5b:14:9c:cf:
                    21:56:56:b2:21:92:2c:9d:6d:1b:5a:1b:65:0d:84:
                    52:d0:03:3e:8d:eb:21:d6:ed:87:27:aa:e0:15:38:
                    9a:3e:d6:90:3e:44:65:ba:e9:cc:73:42:82:ac:a2:
                    b1:3f:64:0b:3a:66:54:05:61:ec:be:e5:ed:78:5c:
                    7a:fe:13:4f:b4:8f:fa:cf:8e:73:34:b8:b6:0c:6a:
                    fe:5d:d1:58:32:c4:e8:9b:74:6c:9e:e0:c2:8f:43:
                    b5:67:1a:28:a8:26:56:57:90:32:cd:e5:c0:e1:30:
                    4a:ef:9b:be:2c:ef:c7:b2:e0:ed:c3:39:52:54:15:
                    d2:5e:32:14:94:ed:c3:69:83:85:bb:81:44:b3:90:
                    10:cb:ce:9e:f5:e6:8f:54:dd:25:50:eb:12:0e:7d:
                    d6:a8:34:dd:b8:d1:56:3d:5e:be:1d:07:20:b1:d8:
                    48:88:f2:06:a3:32:c7:4d:40:4f:8a:9e:26:61:43:
                    c7:6f:5e:e3:b7:65:a4:38:88:55:0c:cd:74:60:bd:
                    29:71:b3:24:03:e4:02:36:66:80:3a:1f:e7:6f:22:
                    0e:13:0a:4d:39:fc:cd:02:81:55:dd:e3:dd:74:25:
                    3e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:8C:AE:F0:DE:9F:CD:94:47:7F:6F:4B:45:1C:9F:01:27:FC:69:46
            X509v3 Authority Key Identifier:
                keyid:62:D1:8B:31:2E:35:3E:78:FA:8E:E5:F8:0D:36:F7:41:CD:CD:E3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGLMS41Pnj6juX4DTb3Qc3N46o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/3b9215-9807-481e-9a1e-732272023ec2/1/X4yu8N6fzZRHf29LRRyfASf8aUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/3b9215-9807-481e-9a1e-732272023ec2/1/YtGLMS41Pnj6juX4DTb3Qc3N46o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:2d:42:9e:fb:c3:cb:cf:e5:21:4d:ad:5c:cc:9f:e3:3b:8e:
         2f:b9:68:27:29:a6:3f:2c:d9:c1:40:a9:da:34:85:eb:b0:7e:
         d5:ac:e1:b5:85:a9:84:72:6a:a0:fd:0d:3b:42:ee:52:46:9c:
         e5:a3:9e:09:2d:92:d4:9c:87:4c:ec:b9:b0:e5:cb:04:fe:2d:
         83:84:d0:68:60:f5:65:85:01:0a:81:6e:6d:ee:aa:99:04:b5:
         ce:ab:59:f6:2c:5e:c6:0e:d2:8c:9a:da:d8:41:15:35:f6:fd:
         f8:f4:dd:6b:ba:b0:6c:b0:89:d0:f9:65:86:f6:01:21:b1:0a:
         72:e8:44:6a:1e:b6:fb:99:2f:45:7d:09:93:db:c8:05:15:00:
         f7:ed:77:dc:f1:b8:2c:21:8d:3f:cb:2f:c0:ed:05:9f:3f:5e:
         dd:5e:20:80:e1:64:95:ce:f8:fd:a3:19:37:e6:7c:cd:96:cc:
         8b:4f:63:73:a1:04:ea:f0:99:d3:1b:67:6f:fe:bc:07:b3:46:
         06:c4:ee:ce:a7:70:01:5c:53:74:97:17:f1:ef:49:9d:6f:bf:
         ae:e3:d2:15:54:cf:57:91:8f:dc:9c:4f:10:c8:b7:58:d8:15:
         6e:7a:bb:49:7b:fd:fa:b5:56:24:cb:ee:37:3c:ab:1f:2a:25:
         02:d7:5b:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpg5QM4a4XFafrKlsxW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE4YjMxMmUzNTNlNzhmYThlZTVmODBkMzZmNzQxY2Rj
ZGUzYWEwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjhjYWVmMGRlOWZjZDk0NDc3ZjZmNGI0NTFjOWYwMTI3ZmM2OTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrmzi4B8cW0HKZUem8kbbEdpCKC5
S2xYy1sUnM8hVlayIZIsnW0bWhtlDYRS0AM+jesh1u2HJ6rgFTiaPtaQPkRluunM
c0KCrKKxP2QLOmZUBWHsvuXteFx6/hNPtI/6z45zNLi2DGr+XdFYMsTom3RsnuDC
j0O1ZxooqCZWV5AyzeXA4TBK75u+LO/HsuDtwzlSVBXSXjIUlO3DaYOFu4FEs5AQ
y86e9eaPVN0lUOsSDn3WqDTduNFWPV6+HQcgsdhIiPIGozLHTUBPip4mYUPHb17j
t2WkOIhVDM10YL0pcbMkA+QCNmaAOh/nbyIOEwpNOfzNAoFV3ePddCU+WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+MrvDen82UR39vS0UcnwEn/GlGMB8GA1UdIwQY
MBaAFGLRizEuNT54+o7l+A0290HNzeOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHTE1TNDFQbmo2anVYNERUYjNRYzNONDZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8zYjkyMTUtOTgwNy00ODFlLTlhMWUt
NzMyMjcyMDIzZWMyLzEvWDR5dThONmZ6WlJIZjI5TFJSeWZBU2Y4YVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8zYjkyMTUtOTgwNy00ODFlLTlhMWUtNzMyMjcyMDIzZWMy
LzEvWXRHTE1TNDFQbmo2anVYNERUYjNRYzNONDZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV6EMA0G
CSqGSIb3DQEBCwUAA4IBAQCZLUKe+8PLz+UhTa1czJ/jO44vuWgnKaY/LNnBQKna
NIXrsH7VrOG1hamEcmqg/Q07Qu5SRpzlo54JLZLUnIdM7Lmw5csE/i2DhNBoYPVl
hQEKgW5t7qqZBLXOq1n2LF7GDtKMmtrYQRU19v349N1rurBssInQ+WWG9gEhsQpy
6ERqHrb7mS9FfQmT28gFFQD37Xfc8bgsIY0/yy/A7QWfP17dXiCA4WSVzvj9oxk3
5nzNlsyLT2NzoQTq8JnTG2dv/rwHs0YGxO7Op3ABXFN0lxfx70mdb7+u49IVVM9X
kY/cnE8QyLdY2BVuertJe/36tVYky+43PKsfKiUC11tM
-----END CERTIFICATE-----