Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/tmEvOIFyELo233i5O9Q4mI4E0A8.roa
File:                     tmEvOIFyELo233i5O9Q4mI4E0A8.roa (raw, json)
Hash identifier:          4+o1KWEhzmvz8+LdPon++ZQENtfcX2YY9bF4pfTft2s=
Subject key identifier:   B6:61:2F:38:81:72:10:BA:36:DF:78:B9:3B:D4:38:98:8E:04:D0:0F
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       0191D048925D0BAB1881E4BF2A046341295A
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/tmEvOIFyELo233i5O9Q4mI4E0A8.roa
Signing time:             Sun 08 Sep 2024 06:18:22 +0000
ROA not before:           Sun 08 Sep 2024 06:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.84.112.0/23 maxlen: 24
                          45.84.114.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:48:92:5d:0b:ab:18:81:e4:bf:2a:04:63:41:29:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Sep  8 06:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6612f38817210ba36df78b93bd438988e04d00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:47:4d:86:3a:20:aa:06:70:9e:98:bb:65:
                    5b:55:b6:b3:f0:4d:8f:e0:e7:d4:a0:78:48:9c:d4:
                    96:e4:d4:89:bf:27:4c:d9:fa:cd:2d:af:48:8a:3a:
                    03:c1:36:68:fc:98:da:30:8b:b4:c3:d6:f6:48:dc:
                    2a:2b:39:1f:56:65:c5:1f:ad:ce:d6:9c:d9:c1:f3:
                    83:92:52:13:cf:bf:44:3a:cf:b6:13:b6:8d:55:08:
                    4b:50:c5:34:99:e3:66:53:89:9a:a5:06:37:bc:49:
                    bd:66:99:61:22:69:c1:76:1a:92:6a:ad:df:7b:e1:
                    37:10:f9:4a:3d:90:c4:ae:47:f6:36:49:2c:2a:05:
                    f7:ec:9f:d6:2c:ed:5b:26:ed:ff:11:b4:62:e3:7a:
                    5d:f0:54:14:70:d5:c9:9b:6e:07:3e:8e:46:dc:ba:
                    52:29:7b:8a:2e:8e:cc:4d:0d:de:e7:17:47:26:4e:
                    a5:5e:80:92:51:36:9e:00:6b:21:60:18:32:51:7f:
                    16:3e:7c:f8:1c:7c:c8:11:75:2f:56:95:ad:33:7f:
                    34:aa:1f:6b:d0:81:9f:40:4f:ee:d0:af:b4:85:c1:
                    1a:1a:95:02:32:e7:61:ba:2e:46:e3:28:a3:81:48:
                    01:3a:e2:fe:46:f4:8e:b2:eb:c8:d5:a0:d3:5e:3b:
                    95:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:61:2F:38:81:72:10:BA:36:DF:78:B9:3B:D4:38:98:8E:04:D0:0F
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/tmEvOIFyELo233i5O9Q4mI4E0A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:6b:f3:ff:4e:81:a3:cf:99:99:ff:9b:36:59:96:0c:67:b0:
         c7:1e:a9:98:8f:ff:6f:d8:e3:b0:dc:63:40:22:68:91:91:35:
         aa:26:d1:70:13:7c:d4:60:39:5d:7f:80:3c:c7:ec:d4:c7:3a:
         30:51:c1:98:ba:8d:05:0d:e7:55:8b:9b:86:52:9f:54:e4:af:
         3e:22:04:7f:58:3d:54:34:78:48:d5:c3:d7:98:9f:dd:d4:4a:
         f5:84:1a:7e:8a:0c:dd:3d:d1:22:df:79:14:ee:c9:ae:68:cc:
         4e:c8:a3:74:19:f1:ec:a7:3c:bb:5f:ff:d0:c9:de:2c:b7:ae:
         92:ee:76:68:18:30:7c:6b:48:e9:f5:09:ff:50:87:93:cd:e9:
         dc:c7:3d:d1:54:9d:09:33:56:fb:61:32:7f:b2:e0:00:22:7e:
         b4:20:6f:c6:c3:37:1d:a7:fe:db:26:ff:7b:c1:1f:f5:86:f3:
         5e:51:d5:3a:3b:75:e6:6d:07:e4:23:82:53:f8:d2:f0:40:db:
         89:00:7b:7d:c6:37:3b:ba:04:ab:3f:18:49:77:27:6e:f7:92:
         0c:68:3b:bb:47:5b:3d:dc:53:00:ea:7c:70:56:26:3a:22:87:
         bd:63:c9:a5:cd:95:c5:16:54:28:09:85:75:64:a7:e4:9c:ea:
         64:c4:95:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHQSJJdC6sYgeS/KgRjQSlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQwOTA4MDYxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjYxMmYzODgxNzIxMGJhMzZkZjc4YjkzYmQ0Mzg5ODhlMDRkMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIdHTYY6IKoGcJ6Yu2VbVbaz8E2P
4OfUoHhInNSW5NSJvydM2frNLa9IijoDwTZo/JjaMIu0w9b2SNwqKzkfVmXFH63O
1pzZwfODklITz79EOs+2E7aNVQhLUMU0meNmU4mapQY3vEm9ZplhImnBdhqSaq3f
e+E3EPlKPZDErkf2NkksKgX37J/WLO1bJu3/EbRi43pd8FQUcNXJm24HPo5G3LpS
KXuKLo7MTQ3e5xdHJk6lXoCSUTaeAGshYBgyUX8WPnz4HHzIEXUvVpWtM380qh9r
0IGfQE/u0K+0hcEaGpUCMudhui5G4yijgUgBOuL+RvSOsuvI1aDTXjuV1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZhLziBchC6Nt94uTvUOJiOBNAPMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvdG1Fdk9JRnlFTG8yMzNpNU85UTRtSTRFMEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVRwMA0G
CSqGSIb3DQEBCwUAA4IBAQBga/P/ToGjz5mZ/5s2WZYMZ7DHHqmYj/9v2OOw3GNA
ImiRkTWqJtFwE3zUYDldf4A8x+zUxzowUcGYuo0FDedVi5uGUp9U5K8+IgR/WD1U
NHhI1cPXmJ/d1Er1hBp+igzdPdEi33kU7smuaMxOyKN0GfHspzy7X//Qyd4st66S
7nZoGDB8a0jp9Qn/UIeTzencxz3RVJ0JM1b7YTJ/suAAIn60IG/Gwzcdp/7bJv97
wR/1hvNeUdU6O3XmbQfkI4JT+NLwQNuJAHt9xjc7ugSrPxhJdydu95IMaDu7R1s9
3FMA6nxwViY6Ioe9Y8mlzZXFFlQoCYV1ZKfknOpkxJU3
-----END CERTIFICATE-----