Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/HGy0O8L6pfR3V_nIqmRvXJxHX8E.roa
File:                     HGy0O8L6pfR3V_nIqmRvXJxHX8E.roa (raw, json)
Hash identifier:          Tf2g1csDzGnewHxvn4K4QdWNDJZS//J9vFO/a+Y6ark=
Subject key identifier:   1C:6C:B4:3B:C2:FA:A5:F4:77:57:F9:C8:AA:64:6F:5C:9C:47:5F:C1
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958D9725B68A9C2FEB16B126017433
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/HGy0O8L6pfR3V_nIqmRvXJxHX8E.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208111
IP address blocks:        45.135.212.0/24 maxlen: 24
                          45.135.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8d:97:25:b6:8a:9c:2f:eb:16:b1:26:01:74:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c6cb43bc2faa5f47757f9c8aa646f5c9c475fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d9:23:ca:cf:e6:ab:ea:42:1a:2a:ff:fd:fa:
                    14:66:85:67:b7:d6:ae:09:b4:0a:20:e6:0e:aa:f9:
                    76:8f:37:be:bc:73:43:1f:18:92:a7:cf:26:80:f0:
                    51:49:b8:e6:0c:16:63:2a:e2:9d:47:35:82:15:95:
                    13:c7:20:c4:a2:bd:e2:48:07:f0:ec:76:14:b5:fc:
                    ed:6c:86:92:fb:f0:1e:21:bd:d5:f3:f9:d6:13:f3:
                    9f:b5:2e:33:db:d7:d2:42:42:c9:33:79:b3:0b:2e:
                    c6:26:4d:2f:19:11:ea:3a:6d:c2:d4:8a:54:56:1e:
                    43:6b:e7:ec:f1:1b:59:b0:f0:6a:3f:ea:d0:2a:72:
                    4e:73:75:f8:a5:ec:26:ea:2d:a0:17:1d:bf:8e:c0:
                    40:51:ff:d2:8a:36:0c:90:36:7d:23:d3:22:a9:db:
                    85:00:69:f8:a8:94:77:33:97:cb:36:6e:cf:ca:a1:
                    eb:13:95:c8:dc:a1:be:c4:19:58:da:4a:09:ea:2d:
                    52:ef:b0:0e:1d:cf:dd:2d:a1:ec:6c:5c:79:35:6c:
                    5d:c3:38:1e:e0:cf:06:77:0d:d1:08:bc:7c:47:92:
                    0c:df:d7:24:2a:7e:92:b8:13:a0:2e:15:ed:bb:98:
                    61:ce:5b:77:5f:1e:3f:5b:0b:e7:aa:fa:13:c5:1e:
                    a2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:6C:B4:3B:C2:FA:A5:F4:77:57:F9:C8:AA:64:6F:5C:9C:47:5F:C1
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/HGy0O8L6pfR3V_nIqmRvXJxHX8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:3e:1a:a0:22:ac:73:2d:d9:9f:f8:18:5e:08:ce:60:51:ca:
         a4:12:c4:b5:58:9f:b7:7d:e5:16:19:06:a0:f3:5e:d8:43:93:
         9b:62:88:14:88:6f:c0:ad:03:dc:16:ac:42:5a:b4:a8:d4:ba:
         32:75:11:05:00:41:6f:53:65:81:78:1c:86:0e:58:fc:c0:e8:
         a7:17:42:3a:b9:b3:29:58:c8:cb:3b:d3:8f:72:0a:32:bf:fe:
         59:2b:34:e4:f7:33:34:b6:5f:96:fa:29:1e:00:df:88:37:3a:
         15:1a:ca:79:61:7e:e5:91:1e:fb:cb:3c:5f:fb:14:f7:bf:b9:
         60:01:60:da:41:4f:5e:7d:8d:04:3f:72:c5:36:2a:30:2f:9d:
         04:46:a7:f8:f0:48:9e:54:04:04:7b:ef:83:f2:1e:aa:7f:02:
         d0:05:e8:45:74:23:1a:4a:c7:20:e0:31:a5:a3:9c:0f:5e:07:
         1b:18:0f:e4:a9:ff:ee:93:b3:d3:b6:19:e2:1c:dc:21:ff:bf:
         80:9e:4f:bf:d1:7f:78:ec:fb:d9:75:25:f8:df:b5:8c:f0:ba:
         38:87:e8:a5:36:b9:52:82:ea:10:ab:90:c8:d7:13:56:37:0a:
         41:61:76:03:49:98:24:eb:bd:06:f2:d4:dd:07:f1:1d:b9:1a:
         8f:4c:77:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY2XJbaKnC/rFrEmAXQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzZjYjQzYmMyZmFhNWY0Nzc1N2Y5YzhhYTY0NmY1YzljNDc1ZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNkjys/mq+pCGir//foUZoVnt9au
CbQKIOYOqvl2jze+vHNDHxiSp88mgPBRSbjmDBZjKuKdRzWCFZUTxyDEor3iSAfw
7HYUtfztbIaS+/AeIb3V8/nWE/OftS4z29fSQkLJM3mzCy7GJk0vGRHqOm3C1IpU
Vh5Da+fs8RtZsPBqP+rQKnJOc3X4pewm6i2gFx2/jsBAUf/SijYMkDZ9I9MiqduF
AGn4qJR3M5fLNm7PyqHrE5XI3KG+xBlY2koJ6i1S77AOHc/dLaHsbFx5NWxdwzge
4M8Gdw3RCLx8R5IM39ckKn6SuBOgLhXtu5hhzlt3Xx4/WwvnqvoTxR6irQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxstDvC+qX0d1f5yKpkb1ycR1/BMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvSEd5ME84TDZwZlIzVl9uSXFtUnZYSnhIWDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYfUMA0G
CSqGSIb3DQEBCwUAA4IBAQBrPhqgIqxzLdmf+BheCM5gUcqkEsS1WJ+3feUWGQag
817YQ5ObYogUiG/ArQPcFqxCWrSo1LoydREFAEFvU2WBeByGDlj8wOinF0I6ubMp
WMjLO9OPcgoyv/5ZKzTk9zM0tl+W+ikeAN+INzoVGsp5YX7lkR77yzxf+xT3v7lg
AWDaQU9efY0EP3LFNiowL50ERqf48EieVAQEe++D8h6qfwLQBehFdCMaSscg4DGl
o5wPXgcbGA/kqf/uk7PTthniHNwh/7+Ank+/0X947PvZdSX437WM8Lo4h+ilNrlS
guoQq5DI1xNWNwpBYXYDSZgk670G8tTdB/EduRqPTHdM
-----END CERTIFICATE-----