Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f0358f-0d50-4704-85cf-262da883c8e2/1/CCWb6pHp-nju5OsEguas3eMhbms.roa
File:                     CCWb6pHp-nju5OsEguas3eMhbms.roa (raw, json)
Hash identifier:          LMD1X6jAM9qvtIZ8c8rIem7jc3OFu2CAq9bMhHATZKY=
Subject key identifier:   08:25:9B:EA:91:E9:FA:78:EE:E4:EB:04:82:E6:AC:DD:E3:21:6E:6B
Certificate issuer:       /CN=32316cd4881562da3bf3925b4918b6e11d76514c
Certificate serial:       018CC7941153B339F7208058604EBFDC9E94
Authority key identifier: 32:31:6C:D4:88:15:62:DA:3B:F3:92:5B:49:18:B6:E1:1D:76:51:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MjFs1IgVYto785JbSRi24R12UUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f0358f-0d50-4704-85cf-262da883c8e2/1/CCWb6pHp-nju5OsEguas3eMhbms.roa
Signing time:             Tue 02 Jan 2024 00:30:18 +0000
ROA not before:           Tue 02 Jan 2024 00:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49397
IP address blocks:        45.81.180.0/24 maxlen: 24
                          45.81.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f0358f-0d50-4704-85cf-262da883c8e2/1/MjFs1IgVYto785JbSRi24R12UUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f0358f-0d50-4704-85cf-262da883c8e2/1/MjFs1IgVYto785JbSRi24R12UUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MjFs1IgVYto785JbSRi24R12UUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:11:53:b3:39:f7:20:80:58:60:4e:bf:dc:9e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32316cd4881562da3bf3925b4918b6e11d76514c
        Validity
            Not Before: Jan  2 00:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08259bea91e9fa78eee4eb0482e6acdde3216e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7f:98:f1:c5:85:cf:89:2b:6d:91:2d:1e:92:
                    dc:ad:f1:3c:19:8a:8f:1b:d4:07:49:5d:fb:07:d1:
                    29:7d:e4:a8:52:77:c8:42:fb:54:8d:b5:02:ad:d3:
                    7a:da:41:96:a8:c0:6d:56:81:3d:cd:e3:e6:09:ae:
                    a3:50:90:8e:87:ce:f7:37:65:31:c7:3a:c2:03:c9:
                    ae:a7:86:6d:b1:c0:5d:19:20:ae:f5:f7:53:01:51:
                    95:55:bc:e8:1e:c3:f8:6e:69:d9:9d:73:03:4e:b2:
                    ba:d3:32:50:83:3f:8f:40:b2:86:4f:59:95:73:7e:
                    9f:50:2c:40:ef:19:61:3f:5e:c0:df:9b:ae:da:81:
                    fd:45:e9:45:41:86:07:17:0d:aa:15:d8:3d:f0:41:
                    60:6b:f3:ae:12:70:f3:c5:50:54:9a:8e:20:ec:5b:
                    5a:3f:9c:86:07:23:f8:7e:a7:a5:c3:c4:24:03:6b:
                    bc:1c:6d:03:c7:9e:14:b4:83:d6:21:13:60:05:e1:
                    42:42:84:01:3d:35:6f:57:5b:2c:20:7c:28:3c:92:
                    60:7d:ac:2e:83:13:7b:98:a9:2f:34:f6:4f:96:a4:
                    8b:01:bb:18:60:a9:01:3e:75:ab:22:9d:5f:ce:2d:
                    45:66:04:f9:8c:84:6a:70:1a:b5:6b:65:ad:76:f5:
                    c4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:25:9B:EA:91:E9:FA:78:EE:E4:EB:04:82:E6:AC:DD:E3:21:6E:6B
            X509v3 Authority Key Identifier:
                keyid:32:31:6C:D4:88:15:62:DA:3B:F3:92:5B:49:18:B6:E1:1D:76:51:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MjFs1IgVYto785JbSRi24R12UUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f0358f-0d50-4704-85cf-262da883c8e2/1/CCWb6pHp-nju5OsEguas3eMhbms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f0358f-0d50-4704-85cf-262da883c8e2/1/MjFs1IgVYto785JbSRi24R12UUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:c7:0c:b3:ba:6a:13:89:72:5b:5a:9f:6a:25:36:6d:06:5b:
         15:4d:69:e2:d1:c4:54:36:15:77:c7:b1:07:07:7d:26:3a:35:
         93:11:63:55:5c:39:a8:42:b1:90:e8:a8:b4:6d:ca:18:0a:73:
         5c:7e:39:15:30:6c:e7:05:86:1c:98:b7:ac:d9:89:e9:c2:0c:
         69:6d:20:81:1f:35:d0:00:40:e2:23:a1:6e:ed:c3:4d:21:63:
         77:a9:83:94:41:11:c9:ae:48:8c:04:a8:a4:eb:eb:f9:2f:c4:
         ac:6b:b5:b9:50:42:a6:0f:10:db:a6:2f:bf:83:78:0f:8f:38:
         d1:28:1d:da:a3:88:27:5c:63:f8:ac:ae:9f:1a:f3:5b:41:00:
         ae:47:8e:98:d3:4d:e5:fd:00:73:b6:b2:5b:b8:76:9c:90:f6:
         87:08:20:fb:d6:f6:b3:29:01:00:1c:47:ea:3d:77:fb:f3:45:
         00:ea:79:f1:59:34:6a:1d:22:fe:90:74:de:a6:5f:7a:4f:02:
         76:47:d8:2f:17:b9:e5:1b:ea:7c:35:e8:c2:00:e2:b6:25:14:
         cd:f8:f1:0d:67:ec:bc:1f:5c:dd:fd:a9:79:d5:1b:9c:a9:49:
         99:49:6d:08:67:0b:47:e3:26:7f:ee:38:de:06:d0:be:e7:f4:
         9f:e1:00:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBFTszn3IIBYYE6/3J6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMzE2Y2Q0ODgxNTYyZGEzYmYzOTI1YjQ5MThiNmUxMWQ3
NjUxNGMwHhcNMjQwMTAyMDAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODI1OWJlYTkxZTlmYTc4ZWVlNGViMDQ4MmU2YWNkZGUzMjE2ZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3+Y8cWFz4krbZEtHpLcrfE8GYqP
G9QHSV37B9EpfeSoUnfIQvtUjbUCrdN62kGWqMBtVoE9zePmCa6jUJCOh873N2Ux
xzrCA8mup4ZtscBdGSCu9fdTAVGVVbzoHsP4bmnZnXMDTrK60zJQgz+PQLKGT1mV
c36fUCxA7xlhP17A35uu2oH9RelFQYYHFw2qFdg98EFga/OuEnDzxVBUmo4g7Fta
P5yGByP4fqelw8QkA2u8HG0Dx54UtIPWIRNgBeFCQoQBPTVvV1ssIHwoPJJgfawu
gxN7mKkvNPZPlqSLAbsYYKkBPnWrIp1fzi1FZgT5jIRqcBq1a2WtdvXEywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAglm+qR6fp47uTrBILmrN3jIW5rMB8GA1UdIwQY
MBaAFDIxbNSIFWLaO/OSW0kYtuEddlFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWpGczFJZ1ZZdG83ODVKYlNSaTI0UjEyVVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDM1OGYtMGQ1MC00NzA0LTg1Y2Yt
MjYyZGE4ODNjOGUyLzEvQ0NXYjZwSHAtbmp1NU9zRWd1YXMzZU1oYm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDM1OGYtMGQ1MC00NzA0LTg1Y2YtMjYyZGE4ODNjOGUy
LzEvTWpGczFJZ1ZZdG83ODVKYlNSaTI0UjEyVVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVG0MA0G
CSqGSIb3DQEBCwUAA4IBAQAjxwyzumoTiXJbWp9qJTZtBlsVTWni0cRUNhV3x7EH
B30mOjWTEWNVXDmoQrGQ6Ki0bcoYCnNcfjkVMGznBYYcmLes2YnpwgxpbSCBHzXQ
AEDiI6Fu7cNNIWN3qYOUQRHJrkiMBKik6+v5L8Ssa7W5UEKmDxDbpi+/g3gPjzjR
KB3ao4gnXGP4rK6fGvNbQQCuR46Y003l/QBztrJbuHackPaHCCD71vazKQEAHEfq
PXf780UA6nnxWTRqHSL+kHTepl96TwJ2R9gvF7nlG+p8NejCAOK2JRTN+PENZ+y8
H1zd/al51RucqUmZSW0IZwtH4yZ/7jjeBtC+5/Sf4QCM
-----END CERTIFICATE-----