Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bXh_eEMCs7I31OeuZeL0Inq4a50.roa
File:                     bXh_eEMCs7I31OeuZeL0Inq4a50.roa (raw, json)
Hash identifier:          XHgZ7CG2TlU4b0mTXyipC45fHWsY8ofrlAYh4vmnGq0=
Subject key identifier:   6D:78:7F:78:43:02:B3:B2:37:D4:E7:AE:65:E2:F4:22:7A:B8:6B:9D
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56DFEF7B4F0E827B256CA691633D4B0
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bXh_eEMCs7I31OeuZeL0Inq4a50.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48266
IP address blocks:        45.67.201.0/24 maxlen: 24
                          45.67.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fe:f7:b4:f0:e8:27:b2:56:ca:69:16:33:d4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d787f784302b3b237d4e7ae65e2f4227ab86b9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:28:be:e0:bd:4a:84:9d:e8:a2:34:12:9e:12:
                    bf:47:08:01:3d:9d:49:59:a4:77:99:10:71:93:b3:
                    40:8b:8b:c4:7b:f7:9e:f4:82:a5:d4:15:cf:2e:24:
                    57:b7:75:d8:c4:09:12:bc:3e:4b:e4:dd:95:91:ec:
                    2c:55:32:de:d5:81:f8:d3:30:75:a3:14:85:05:35:
                    5b:86:ec:a9:a1:65:57:26:84:74:67:f6:75:d6:1a:
                    f9:c5:60:1b:80:91:76:6a:a1:97:58:5c:e9:26:49:
                    b0:d3:f8:f9:af:d7:5b:34:d0:2a:cf:85:2e:3f:e5:
                    ee:43:af:f1:51:25:e7:d8:a8:5f:5c:f7:3f:f5:86:
                    80:9d:68:9c:49:bc:49:db:9b:92:b2:e6:2d:69:d6:
                    ab:bf:83:8c:70:14:38:23:61:04:af:35:a9:b3:61:
                    85:19:6e:1c:22:d4:ea:e0:15:31:75:49:d6:49:ae:
                    17:ea:a7:2f:c3:37:6d:1f:4b:7d:31:f4:bc:b4:a2:
                    00:6b:5c:5c:46:b9:ee:76:05:6a:7d:9e:ac:33:17:
                    dd:3e:a8:f6:a2:94:d1:c4:b0:c4:1e:fc:9e:fe:62:
                    2c:a6:0d:19:4a:d5:86:1d:bd:22:8e:4c:72:7b:fb:
                    d3:b6:9a:c4:6b:f1:bb:13:44:19:eb:21:f5:ac:de:
                    26:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:78:7F:78:43:02:B3:B2:37:D4:E7:AE:65:E2:F4:22:7A:B8:6B:9D
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bXh_eEMCs7I31OeuZeL0Inq4a50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:bb:6a:f6:23:26:78:a2:9f:6f:77:6b:b5:fd:df:27:3e:8e:
         bf:94:81:ed:a6:fa:df:be:4e:61:c7:22:47:55:c2:ba:b3:5b:
         45:cd:1d:f1:29:a1:3a:cd:21:87:2b:50:66:80:71:ce:0b:f3:
         27:d4:9a:b7:d7:4f:45:31:e0:9e:6b:07:ee:4e:1a:f5:61:c4:
         d1:d4:1a:fe:07:f2:15:67:52:6e:27:fc:a8:7d:1c:61:6d:97:
         f2:7e:14:66:4a:1e:dc:5d:5c:42:4a:38:4b:67:c3:66:f3:4d:
         da:a8:0a:8c:4f:55:5f:78:7f:5b:04:c3:a7:d9:ed:27:1a:2b:
         4c:32:b3:5c:ea:ae:7e:a2:99:7a:cb:bd:e4:46:4d:2e:23:5e:
         03:e4:fc:d0:48:28:7f:99:8e:01:a3:11:02:9f:7c:29:f2:a1:
         e5:4b:aa:82:db:68:fd:bd:1b:26:7e:23:25:c8:52:f8:d4:3b:
         57:b5:4a:56:db:23:cf:2d:78:6c:f3:fd:9d:6a:2d:7c:07:f9:
         a2:18:2f:d8:49:05:34:07:fa:46:ba:65:35:b8:fa:ed:2e:0b:
         b3:0e:fc:96:23:18:2a:30:49:e3:2d:b3:cd:bc:ac:19:63:f9:
         a2:44:87:71:0f:b5:c4:b9:7b:53:24:42:45:3d:35:a3:b4:f4:
         1d:22:f2:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf73tPDoJ7JWymkWM9SwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDc4N2Y3ODQzMDJiM2IyMzdkNGU3YWU2NWUyZjQyMjdhYjg2YjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSi+4L1KhJ3oojQSnhK/RwgBPZ1J
WaR3mRBxk7NAi4vEe/ee9IKl1BXPLiRXt3XYxAkSvD5L5N2VkewsVTLe1YH40zB1
oxSFBTVbhuypoWVXJoR0Z/Z11hr5xWAbgJF2aqGXWFzpJkmw0/j5r9dbNNAqz4Uu
P+XuQ6/xUSXn2KhfXPc/9YaAnWicSbxJ25uSsuYtadarv4OMcBQ4I2EErzWps2GF
GW4cItTq4BUxdUnWSa4X6qcvwzdtH0t9MfS8tKIAa1xcRrnudgVqfZ6sMxfdPqj2
opTRxLDEHvye/mIspg0ZStWGHb0ijkxye/vTtprEa/G7E0QZ6yH1rN4m7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG14f3hDArOyN9TnrmXi9CJ6uGudMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvYlhoX2VFTUNzN0kzMU9ldVplTDBJbnE0YTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUPIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5u2r2IyZ4op9vd2u1/d8nPo6/lIHtpvrfvk5hxyJH
VcK6s1tFzR3xKaE6zSGHK1BmgHHOC/Mn1Jq3109FMeCeawfuThr1YcTR1Br+B/IV
Z1JuJ/yofRxhbZfyfhRmSh7cXVxCSjhLZ8Nm803aqAqMT1VfeH9bBMOn2e0nGitM
MrNc6q5+opl6y73kRk0uI14D5PzQSCh/mY4BoxECn3wp8qHlS6qC22j9vRsmfiMl
yFL41DtXtUpW2yPPLXhs8/2dai18B/miGC/YSQU0B/pGumU1uPrtLguzDvyWIxgq
MEnjLbPNvKwZY/miRIdxD7XEuXtTJEJFPTWjtPQdIvL4
-----END CERTIFICATE-----