Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/ZI1Nx5vt473rgQxaUq9AUmPmZGw.roa
File:                     ZI1Nx5vt473rgQxaUq9AUmPmZGw.roa (raw, json)
Hash identifier:          nT4toadWgr3D/yD/cOA22YpQvBcgANZetNC6Oj1IsdI=
Subject key identifier:   64:8D:4D:C7:9B:ED:E3:BD:EB:81:0C:5A:52:AF:40:52:63:E6:64:6C
Certificate issuer:       /CN=ecd6bdacc521edca4c076048da86fed5dcd61220
Certificate serial:       018EF6981582595800804149E081ECBDD949
Authority key identifier: EC:D6:BD:AC:C5:21:ED:CA:4C:07:60:48:DA:86:FE:D5:DC:D6:12:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Na9rMUh7cpMB2BI2ob-1dzWEiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/ZI1Nx5vt473rgQxaUq9AUmPmZGw.roa
Signing time:             Fri 19 Apr 2024 13:42:25 +0000
ROA not before:           Fri 19 Apr 2024 13:42:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56851
IP address blocks:        45.83.192.0/22 maxlen: 24
                          176.105.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/7Na9rMUh7cpMB2BI2ob-1dzWEiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/7Na9rMUh7cpMB2BI2ob-1dzWEiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Na9rMUh7cpMB2BI2ob-1dzWEiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:98:15:82:59:58:00:80:41:49:e0:81:ec:bd:d9:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecd6bdacc521edca4c076048da86fed5dcd61220
        Validity
            Not Before: Apr 19 13:42:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=648d4dc79bede3bdeb810c5a52af405263e6646c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:96:04:3c:be:30:0d:ef:ef:4c:c0:fb:ed:af:
                    1e:46:fa:55:ca:7e:fe:19:ab:65:f1:03:3a:3c:e4:
                    93:63:a3:be:ce:b4:13:d9:1e:f5:f0:48:e1:a0:b5:
                    f5:7d:ca:12:b6:01:86:af:10:a3:25:b0:15:93:f6:
                    45:f6:ff:35:cb:f2:fd:19:ba:6d:c2:cf:f6:af:1e:
                    78:8a:b1:45:bd:ca:c9:4e:da:b2:d0:d0:ff:4f:65:
                    eb:3f:cb:23:36:62:73:3c:4f:61:27:ca:61:8e:cf:
                    51:a5:5c:0c:64:0c:35:53:4f:76:d0:3f:15:9f:a5:
                    dd:41:0c:e9:42:d7:04:31:53:15:3b:b9:3b:d3:a7:
                    df:56:6d:33:33:0b:95:77:13:ec:22:4f:6a:9b:a8:
                    79:80:75:75:6c:b0:9e:9a:e0:bd:1b:6e:f5:0b:07:
                    97:0e:2e:03:60:bd:19:a5:6c:22:b7:a4:35:4a:bf:
                    86:21:0a:d0:78:18:db:d5:2a:63:9a:8f:4d:74:64:
                    cf:11:b5:46:a9:8b:24:2d:1b:be:17:3c:47:fa:a1:
                    ca:25:4d:06:0b:63:4a:75:63:8a:05:a6:5d:5e:89:
                    a0:5a:02:ac:11:51:38:4b:a1:bb:15:c5:c9:f1:32:
                    fb:5c:13:5c:33:21:e9:8e:b0:0a:1e:e3:29:8c:bc:
                    de:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8D:4D:C7:9B:ED:E3:BD:EB:81:0C:5A:52:AF:40:52:63:E6:64:6C
            X509v3 Authority Key Identifier:
                keyid:EC:D6:BD:AC:C5:21:ED:CA:4C:07:60:48:DA:86:FE:D5:DC:D6:12:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Na9rMUh7cpMB2BI2ob-1dzWEiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/ZI1Nx5vt473rgQxaUq9AUmPmZGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/7Na9rMUh7cpMB2BI2ob-1dzWEiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.192.0/22
                  176.105.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:6c:d5:b5:06:cd:16:98:96:76:d8:ae:6a:29:84:4a:fd:78:
         f8:7b:25:92:83:18:62:54:9e:3d:c3:22:89:2d:8b:cd:ef:0b:
         c0:16:73:4b:80:a3:e0:44:70:5a:20:6e:39:2f:1a:c8:4f:b8:
         9d:3b:ce:1a:3d:2e:e3:89:05:27:c1:97:b1:51:8e:b5:d4:f3:
         b6:12:01:c1:e5:cb:73:0c:46:ae:9e:7c:5b:8f:f9:80:1b:dd:
         2b:3e:3e:c9:c5:0b:21:bf:d2:0a:d3:6c:f6:18:9c:c8:8c:40:
         35:23:16:9d:09:b5:bf:93:16:b1:9c:9e:99:a6:fb:e6:a5:36:
         77:d8:37:50:68:58:cb:0d:77:13:06:95:f5:c2:d1:e8:a7:91:
         d8:b5:4d:58:dc:cb:fa:8d:64:a7:06:dc:4f:d0:ec:d4:83:88:
         1b:3f:da:a3:f0:b8:f8:74:84:32:d9:f9:f7:59:53:71:5b:fc:
         bb:4a:22:d7:9e:ba:6b:f6:d2:57:d3:cf:ac:b7:0f:40:ac:d2:
         f2:c8:64:18:3c:92:86:86:44:14:6c:33:3f:33:ae:c9:f2:07:
         1a:8a:08:95:16:03:ce:c1:82:d0:8e:bb:12:ff:41:78:4a:a2:
         49:17:1a:f3:b8:b1:5a:73:6e:9e:ad:88:96:94:c9:7f:09:20:
         c5:36:e6:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY72mBWCWVgAgEFJ4IHsvdlJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZDZiZGFjYzUyMWVkY2E0YzA3NjA0OGRhODZmZWQ1ZGNk
NjEyMjAwHhcNMjQwNDE5MTM0MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhkNGRjNzliZWRlM2JkZWI4MTBjNWE1MmFmNDA1MjYzZTY2NDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpYEPL4wDe/vTMD77a8eRvpVyn7+
Gatl8QM6POSTY6O+zrQT2R718EjhoLX1fcoStgGGrxCjJbAVk/ZF9v81y/L9Gbpt
ws/2rx54irFFvcrJTtqy0ND/T2XrP8sjNmJzPE9hJ8phjs9RpVwMZAw1U0920D8V
n6XdQQzpQtcEMVMVO7k706ffVm0zMwuVdxPsIk9qm6h5gHV1bLCemuC9G271CweX
Di4DYL0ZpWwit6Q1Sr+GIQrQeBjb1Spjmo9NdGTPEbVGqYskLRu+FzxH+qHKJU0G
C2NKdWOKBaZdXomgWgKsEVE4S6G7FcXJ8TL7XBNcMyHpjrAKHuMpjLzeCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGSNTceb7eO964EMWlKvQFJj5mRsMB8GA1UdIwQY
MBaAFOzWvazFIe3KTAdgSNqG/tXc1hIgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN05hOXJNVWg3Y3BNQjJCSTJvYi0xZHpXRWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9iOWYyOWItZWUzZC00YmRlLWFkYzYt
NDNlOTFlNWVmMTQ1LzEvWkkxTng1dnQ0NzNyZ1F4YVVxOUFVbVBtWkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9iOWYyOWItZWUzZC00YmRlLWFkYzYtNDNlOTFlNWVmMTQ1
LzEvN05hOXJNVWg3Y3BNQjJCSTJvYi0xZHpXRWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVPAAwQA
sGnpMA0GCSqGSIb3DQEBCwUAA4IBAQAAbNW1Bs0WmJZ22K5qKYRK/Xj4eyWSgxhi
VJ49wyKJLYvN7wvAFnNLgKPgRHBaIG45LxrIT7idO84aPS7jiQUnwZexUY611PO2
EgHB5ctzDEaunnxbj/mAG90rPj7JxQshv9IK02z2GJzIjEA1IxadCbW/kxaxnJ6Z
pvvmpTZ32DdQaFjLDXcTBpX1wtHop5HYtU1Y3Mv6jWSnBtxP0OzUg4gbP9qj8Lj4
dIQy2fn3WVNxW/y7SiLXnrpr9tJX08+stw9ArNLyyGQYPJKGhkQUbDM/M67J8gca
igiVFgPOwYLQjrsS/0F4SqJJFxrzuLFac26erYiWlMl/CSDFNuY6
-----END CERTIFICATE-----