Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/7g45vkwnaCpIJ-bhkhfm97rJHyc.roa
File:                     7g45vkwnaCpIJ-bhkhfm97rJHyc.roa (raw, json)
Hash identifier:          jKaKnk8LqRlfhxwXCLNy/s6myvswTh9A/3Pkuwf0GnA=
Subject key identifier:   EE:0E:39:BE:4C:27:68:2A:48:27:E6:E1:92:17:E6:F7:BA:C9:1F:27
Certificate issuer:       /CN=3b39b2382f38512e59ed18ebfaa596c955212910
Certificate serial:       018CC8012C2FF94ACAF0B80C751E9B2466E9
Authority key identifier: 3B:39:B2:38:2F:38:51:2E:59:ED:18:EB:FA:A5:96:C9:55:21:29:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzmyOC84US5Z7Rjr-qWWyVUhKRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/7g45vkwnaCpIJ-bhkhfm97rJHyc.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        45.92.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/OzmyOC84US5Z7Rjr-qWWyVUhKRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/OzmyOC84US5Z7Rjr-qWWyVUhKRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzmyOC84US5Z7Rjr-qWWyVUhKRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2c:2f:f9:4a:ca:f0:b8:0c:75:1e:9b:24:66:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b39b2382f38512e59ed18ebfaa596c955212910
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee0e39be4c27682a4827e6e19217e6f7bac91f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:df:93:30:d5:16:72:88:da:95:77:fc:de:ad:
                    e4:c1:38:b5:1d:5b:1f:46:3e:4f:37:46:51:a8:eb:
                    0f:42:0a:48:10:75:8e:8d:d9:7d:6e:2a:27:53:94:
                    89:82:3b:db:6f:5b:2a:ec:4d:f6:08:91:11:0d:58:
                    26:d1:75:9d:4f:59:f5:e0:d6:1a:fa:2b:5c:cc:0f:
                    22:c7:43:33:46:6f:a8:de:f0:ab:ca:ce:2e:c4:fb:
                    1c:83:03:4c:a0:d6:05:6b:dd:43:71:9d:cb:16:28:
                    17:5f:33:14:28:f1:b2:2a:2c:bb:38:e1:ff:58:5f:
                    3c:dd:ca:51:10:de:7f:c5:40:68:a0:a5:0a:20:c5:
                    1d:ab:6e:c9:9b:ae:b4:eb:ec:dc:f1:5c:04:53:d9:
                    a3:90:b9:81:db:9c:b4:4b:b2:62:d5:bf:ae:64:59:
                    ae:31:4a:51:ce:16:d9:11:06:30:11:72:ce:3a:6e:
                    77:d2:72:11:3b:ce:21:a6:d4:fb:28:88:fb:9a:21:
                    db:a8:af:5b:c5:61:dc:e0:05:53:08:1a:ba:d1:02:
                    2d:76:7b:22:64:7c:3d:6b:c5:ac:cc:07:a7:6e:4d:
                    68:34:39:95:d7:d9:a4:6c:19:b3:a5:a3:2d:52:80:
                    b7:7b:10:c9:e3:42:0d:df:82:48:25:f2:7a:71:5b:
                    b1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:0E:39:BE:4C:27:68:2A:48:27:E6:E1:92:17:E6:F7:BA:C9:1F:27
            X509v3 Authority Key Identifier:
                keyid:3B:39:B2:38:2F:38:51:2E:59:ED:18:EB:FA:A5:96:C9:55:21:29:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzmyOC84US5Z7Rjr-qWWyVUhKRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/7g45vkwnaCpIJ-bhkhfm97rJHyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/OzmyOC84US5Z7Rjr-qWWyVUhKRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:eb:cf:f9:0a:3b:56:bd:6d:45:47:b1:6c:49:1a:12:f4:96:
         40:dc:54:63:bd:92:6b:2a:a0:c6:63:79:cd:fb:b1:8a:6d:4f:
         c9:8c:d1:67:99:ca:90:ea:0b:ac:6d:46:76:04:02:46:b5:29:
         4b:4a:4a:e1:33:f2:3e:f3:1b:45:f2:2d:d9:c8:4a:51:21:a9:
         58:3c:0d:f6:92:d9:94:cc:60:ab:fa:a6:6c:f2:0f:d3:f6:cd:
         07:3f:da:5e:69:ec:e8:79:62:8c:e8:6a:36:9a:54:be:43:e4:
         f5:be:99:fc:a3:62:35:35:fe:a8:81:aa:8b:30:0d:95:11:c4:
         9a:b2:d1:2e:aa:60:6b:38:32:1f:83:f9:6f:32:14:89:16:3e:
         30:ca:b5:c9:a1:e9:26:e6:ca:b7:3a:c7:29:68:5f:89:c7:25:
         d9:81:37:53:8d:92:4b:c6:23:2c:6a:15:76:42:1c:6d:de:6f:
         6f:51:f7:b1:d1:10:fd:49:f2:c7:1b:84:20:3e:88:55:89:7f:
         0d:69:7a:71:a9:36:b2:18:4d:ab:c0:4b:96:e4:43:82:c3:0c:
         0e:98:64:7a:23:99:c7:91:85:23:47:19:6d:be:cd:06:fc:bc:
         b5:f4:f3:02:07:70:58:07:38:a5:c1:6e:0a:0c:8e:82:cd:1d:
         dd:64:ec:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASwv+UrK8LgMdR6bJGbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMzliMjM4MmYzODUxMmU1OWVkMThlYmZhYTU5NmM5NTUy
MTI5MTAwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTBlMzliZTRjMjc2ODJhNDgyN2U2ZTE5MjE3ZTZmN2JhYzkxZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9+TMNUWcojalXf83q3kwTi1HVsf
Rj5PN0ZRqOsPQgpIEHWOjdl9bionU5SJgjvbb1sq7E32CJERDVgm0XWdT1n14NYa
+itczA8ix0MzRm+o3vCrys4uxPscgwNMoNYFa91DcZ3LFigXXzMUKPGyKiy7OOH/
WF883cpREN5/xUBooKUKIMUdq27Jm6606+zc8VwEU9mjkLmB25y0S7Ji1b+uZFmu
MUpRzhbZEQYwEXLOOm530nIRO84hptT7KIj7miHbqK9bxWHc4AVTCBq60QItdnsi
ZHw9a8WszAenbk1oNDmV19mkbBmzpaMtUoC3exDJ40IN34JIJfJ6cVuxvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4OOb5MJ2gqSCfm4ZIX5ve6yR8nMB8GA1UdIwQY
MBaAFDs5sjgvOFEuWe0Y6/qllslVISkQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pteU9DODRVUzVaN1Jqci1xV1d5VlVoS1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmRhZDYtMGVjOC00M2FjLWJjMzMt
OGI4ZDc2YjJkMjRlLzEvN2c0NXZrd25hQ3BJSi1iaGtoZm05N3JKSHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmRhZDYtMGVjOC00M2FjLWJjMzMtOGI4ZDc2YjJkMjRl
LzEvT3pteU9DODRVUzVaN1Jqci1xV1d5VlVoS1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVzIMA0G
CSqGSIb3DQEBCwUAA4IBAQCs68/5CjtWvW1FR7FsSRoS9JZA3FRjvZJrKqDGY3nN
+7GKbU/JjNFnmcqQ6gusbUZ2BAJGtSlLSkrhM/I+8xtF8i3ZyEpRIalYPA32ktmU
zGCr+qZs8g/T9s0HP9peaezoeWKM6Go2mlS+Q+T1vpn8o2I1Nf6ogaqLMA2VEcSa
stEuqmBrODIfg/lvMhSJFj4wyrXJoekm5sq3OscpaF+JxyXZgTdTjZJLxiMsahV2
Qhxt3m9vUfex0RD9SfLHG4QgPohViX8NaXpxqTayGE2rwEuW5EOCwwwOmGR6I5nH
kYUjRxltvs0G/Ly19PMCB3BYBzilwW4KDI6CzR3dZOxC
-----END CERTIFICATE-----