Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I39wsPKj6U6clJsAoKeZhai-1Ow.roa
File:                     I39wsPKj6U6clJsAoKeZhai-1Ow.roa (raw, json)
Hash identifier:          ll9UULrCr/Gl5MO/Vy/P62OdOBowFnaQs3nvpcH1Ulk=
Subject key identifier:   23:7F:70:B0:F2:A3:E9:4E:9C:94:9B:00:A0:A7:99:85:A8:BE:D4:EC
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF98589D05756FB31E54CC5253A612
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I39wsPKj6U6clJsAoKeZhai-1Ow.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48891
IP address blocks:        185.105.119.0/24 maxlen: 24
                          45.133.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:98:58:9d:05:75:6f:b3:1e:54:cc:52:53:a6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=237f70b0f2a3e94e9c949b00a0a79985a8bed4ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:80:65:e0:db:43:90:79:bd:c3:ff:ac:3b:85:
                    9f:f3:ac:b4:41:c6:67:f2:e4:af:00:0c:7f:47:32:
                    4a:c3:81:25:37:7e:92:c6:29:d2:8c:02:9b:f3:c4:
                    22:62:5a:4f:1b:37:de:23:72:b6:57:cd:ec:37:67:
                    f8:9e:66:82:c5:49:14:05:85:77:8a:02:bd:d2:64:
                    f1:ab:82:e9:b5:5e:f6:d5:16:50:2f:ed:e1:ab:1c:
                    ed:2f:18:52:f1:51:13:86:85:3d:93:9e:0f:ec:42:
                    ef:b4:6c:6a:48:3e:62:f5:11:10:b9:ec:10:19:06:
                    14:8c:45:ec:c8:2b:75:a7:0e:e7:13:8d:0f:41:f1:
                    f0:07:c0:ce:80:c7:3f:b3:98:0e:ea:ad:92:9c:05:
                    ce:88:a6:3f:a0:95:d6:7c:38:1c:99:05:fb:c9:88:
                    25:d5:b3:5f:63:59:8d:a5:fc:dd:80:49:e0:9b:c0:
                    4f:a6:e0:b0:3b:6f:14:ba:ad:67:e8:a8:5d:dc:ec:
                    eb:5a:7b:7f:23:8e:e2:0b:2a:0e:f5:58:ff:b7:a0:
                    ea:9c:54:bd:a7:93:8c:79:26:d6:e0:74:a8:b8:c1:
                    e2:77:3a:a3:63:eb:a9:57:2a:67:3c:ce:1b:a3:0f:
                    73:99:ef:10:ce:e2:d4:25:4f:bb:df:44:2d:85:18:
                    5c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:7F:70:B0:F2:A3:E9:4E:9C:94:9B:00:A0:A7:99:85:A8:BE:D4:EC
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I39wsPKj6U6clJsAoKeZhai-1Ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.244.0/24
                  185.105.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:3b:4e:99:91:63:c0:9a:20:80:ad:94:3b:6a:ab:d3:4f:6c:
         ba:de:29:88:bc:da:23:6d:5d:a8:39:33:f8:87:6e:2b:de:00:
         83:1d:7d:36:42:4f:7d:90:88:d7:01:53:df:7b:f2:e1:44:bc:
         1f:d3:7c:34:8f:f0:34:76:27:46:19:74:ff:47:91:85:6c:21:
         8a:4f:57:92:26:2b:f8:32:a6:7b:ee:d7:62:be:a8:ef:ad:89:
         73:ff:05:d8:88:ea:ed:12:cf:8e:5b:04:91:ce:84:a7:27:e4:
         b5:15:76:57:6b:95:ce:8e:17:7c:ab:c5:48:de:7d:b6:6f:bb:
         c2:73:9e:57:2a:d6:8f:cc:76:74:ac:c8:31:40:28:30:c8:3f:
         92:1f:2b:32:e2:4e:38:22:3a:86:80:7f:54:ae:0c:5b:db:9c:
         60:14:63:d0:82:d5:d6:b7:a5:60:f9:1b:e2:38:83:e6:3c:fd:
         90:2a:ca:2b:5d:f2:64:14:26:ce:10:d5:65:6d:88:2a:63:c7:
         90:e0:16:45:e8:78:e1:71:90:b5:ca:e9:4c:fb:f7:a2:0f:00:
         94:5c:1d:d2:a6:eb:f4:2f:46:f6:63:9d:39:f0:ea:7a:9e:d2:
         a6:0f:5a:e7:8b:b2:5c:d6:cf:c8:e3:1b:4f:a4:18:2d:9b:11:
         6b:26:d9:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI35hYnQV1b7MeVMxSU6YSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzdmNzBiMGYyYTNlOTRlOWM5NDliMDBhMGE3OTk4NWE4YmVkNGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYBl4NtDkHm9w/+sO4Wf86y0QcZn
8uSvAAx/RzJKw4ElN36SxinSjAKb88QiYlpPGzfeI3K2V83sN2f4nmaCxUkUBYV3
igK90mTxq4LptV721RZQL+3hqxztLxhS8VEThoU9k54P7ELvtGxqSD5i9REQuewQ
GQYUjEXsyCt1pw7nE40PQfHwB8DOgMc/s5gO6q2SnAXOiKY/oJXWfDgcmQX7yYgl
1bNfY1mNpfzdgEngm8BPpuCwO28Uuq1n6Khd3OzrWnt/I47iCyoO9Vj/t6DqnFS9
p5OMeSbW4HSouMHidzqjY+upVypnPM4bow9zme8QzuLUJU+730QthRhcVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCN/cLDyo+lOnJSbAKCnmYWovtTsMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSTM5d3NQS2o2VTZjbEpzQW9LZVpoYWktMU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYX0AwQA
uWl3MA0GCSqGSIb3DQEBCwUAA4IBAQA4O06ZkWPAmiCArZQ7aqvTT2y63imIvNoj
bV2oOTP4h24r3gCDHX02Qk99kIjXAVPfe/LhRLwf03w0j/A0didGGXT/R5GFbCGK
T1eSJiv4MqZ77tdivqjvrYlz/wXYiOrtEs+OWwSRzoSnJ+S1FXZXa5XOjhd8q8VI
3n22b7vCc55XKtaPzHZ0rMgxQCgwyD+SHysy4k44IjqGgH9Urgxb25xgFGPQgtXW
t6Vg+RviOIPmPP2QKsorXfJkFCbOENVlbYgqY8eQ4BZF6HjhcZC1yulM+/eiDwCU
XB3Spuv0L0b2Y5058Op6ntKmD1rni7Jc1s/I4xtPpBgtmxFrJtnL
-----END CERTIFICATE-----