Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/kRxONx4CPS4h7Dwl-n9Db31ve04.roa
File:                     kRxONx4CPS4h7Dwl-n9Db31ve04.roa (raw, json)
Hash identifier:          D2keJUUxLYTC1RvGccRSZsujB77QkcNQ/91JWWoeskA=
Subject key identifier:   91:1C:4E:37:1E:02:3D:2E:21:EC:3C:25:FA:7F:43:6F:7D:6F:7B:4E
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018E5D181E0FF94BA51AF29F577A9AF0CFED
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/kRxONx4CPS4h7Dwl-n9Db31ve04.roa
Signing time:             Wed 20 Mar 2024 18:20:45 +0000
ROA not before:           Wed 20 Mar 2024 18:20:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        45.129.92.0/24 maxlen: 24
                          185.110.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5d:18:1e:0f:f9:4b:a5:1a:f2:9f:57:7a:9a:f0:cf:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Mar 20 18:20:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=911c4e371e023d2e21ec3c25fa7f436f7d6f7b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:14:ac:62:76:47:bb:11:6d:0e:c3:5b:89:45:
                    36:53:22:1d:4a:8f:73:8c:c7:6d:54:35:14:7f:e7:
                    ce:19:cc:d9:e0:b3:86:e5:54:53:7e:d8:c6:91:3b:
                    af:91:fd:d0:6c:09:85:d3:df:34:3d:4d:75:08:e6:
                    3c:e0:99:f0:90:a7:c5:9c:45:fe:aa:71:f4:95:29:
                    ef:c5:6d:17:8a:34:99:b6:5f:08:65:2f:a7:1f:88:
                    6c:08:5e:e1:3e:1e:6a:80:7d:41:fa:55:d2:00:21:
                    30:ae:c5:75:31:5f:e7:03:ba:73:44:99:8a:95:eb:
                    c7:13:05:f4:f1:85:0c:98:51:8d:e5:05:96:2d:8c:
                    6a:6d:51:83:ae:21:bf:3d:08:e4:8a:95:22:fd:fe:
                    db:0d:8f:65:f5:04:8d:01:5f:db:bc:fd:5a:ad:d2:
                    ab:9a:ec:23:5b:53:10:01:81:ff:a2:50:4e:e0:99:
                    cf:db:4c:75:a7:1c:71:fa:a8:de:42:f5:6f:b2:9f:
                    d0:37:ca:4c:88:c1:42:a3:de:25:a9:03:9d:0a:ad:
                    8d:b8:a0:2d:d1:2b:2a:e3:49:5e:85:aa:59:66:f5:
                    8f:6b:79:13:76:fa:d5:44:2c:0a:76:04:b6:d9:2b:
                    f7:0e:d7:0c:75:c9:f5:8e:75:80:5e:b4:52:db:63:
                    1d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1C:4E:37:1E:02:3D:2E:21:EC:3C:25:FA:7F:43:6F:7D:6F:7B:4E
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/kRxONx4CPS4h7Dwl-n9Db31ve04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.92.0/24
                  185.110.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:0d:70:06:fe:ec:12:b3:9a:a2:c3:3f:5a:f6:11:f0:37:a2:
         5b:47:4c:e5:2e:d7:56:f9:52:26:8b:b2:56:41:11:96:82:2a:
         19:77:89:61:cf:e0:74:5a:08:90:7e:09:44:5a:41:c5:1e:79:
         08:a4:ac:b2:0e:56:05:32:2e:19:4d:bc:5d:eb:0a:25:22:56:
         2c:31:28:2f:2e:cd:56:c4:60:f0:f6:4c:00:ac:b7:0b:60:18:
         6a:68:f4:32:88:f9:bb:21:69:77:ef:6a:e5:ff:3d:00:8d:0c:
         79:91:39:12:15:86:47:2a:c5:20:6a:84:4e:1c:3c:94:8d:50:
         7b:f2:cb:eb:ca:5f:82:53:4c:a2:10:96:1c:b2:2a:2a:51:c9:
         d1:65:3c:a2:b0:1b:2c:2a:44:92:4f:a2:b3:2b:8e:e3:2d:e4:
         2d:80:15:28:ab:1c:42:0e:3b:8c:26:ed:9e:49:27:28:7b:a5:
         e5:f8:c7:b4:59:97:77:96:2a:ae:42:2d:f3:9e:fa:af:d8:06:
         d7:e8:fa:4b:23:f8:f7:46:9a:fa:6d:ca:39:b7:26:bb:ae:83:
         aa:6f:02:72:6e:5f:59:61:3a:97:47:9b:9b:68:16:cc:eb:ed:
         39:4a:46:ce:03:c9:2e:48:32:0a:96:ef:9a:da:56:c1:e7:7b:
         02:b7:4f:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5dGB4P+UulGvKfV3qa8M/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwMzIwMTgyMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFjNGUzNzFlMDIzZDJlMjFlYzNjMjVmYTdmNDM2ZjdkNmY3YjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphSsYnZHuxFtDsNbiUU2UyIdSo9z
jMdtVDUUf+fOGczZ4LOG5VRTftjGkTuvkf3QbAmF0980PU11COY84JnwkKfFnEX+
qnH0lSnvxW0XijSZtl8IZS+nH4hsCF7hPh5qgH1B+lXSACEwrsV1MV/nA7pzRJmK
levHEwX08YUMmFGN5QWWLYxqbVGDriG/PQjkipUi/f7bDY9l9QSNAV/bvP1ardKr
muwjW1MQAYH/olBO4JnP20x1pxxx+qjeQvVvsp/QN8pMiMFCo94lqQOdCq2NuKAt
0Ssq40lehapZZvWPa3kTdvrVRCwKdgS22Sv3DtcMdcn1jnWAXrRS22Md8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJEcTjceAj0uIew8Jfp/Q299b3tOMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEva1J4T054NENQUzRoN0R3bC1uOURiMzF2ZTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYFcAwQB
uW4+MA0GCSqGSIb3DQEBCwUAA4IBAQBYDXAG/uwSs5qiwz9a9hHwN6JbR0zlLtdW
+VImi7JWQRGWgioZd4lhz+B0WgiQfglEWkHFHnkIpKyyDlYFMi4ZTbxd6wolIlYs
MSgvLs1WxGDw9kwArLcLYBhqaPQyiPm7IWl372rl/z0AjQx5kTkSFYZHKsUgaoRO
HDyUjVB78svryl+CU0yiEJYcsioqUcnRZTyisBssKkSST6KzK47jLeQtgBUoqxxC
DjuMJu2eSScoe6Xl+Me0WZd3liquQi3znvqv2AbX6PpLI/j3Rpr6bco5tya7roOq
bwJybl9ZYTqXR5ubaBbM6+05SkbOA8kuSDIKlu+a2lbB53sCt0+R
-----END CERTIFICATE-----