Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/xztdvHZdEwmJOpL7Zwdew4htxe8.roa
File:                     xztdvHZdEwmJOpL7Zwdew4htxe8.roa (raw, json)
Hash identifier:          ueSQpVHIPNpaqo1C9GS5kjreXxSFOetnCH2ivICAdwM=
Subject key identifier:   C7:3B:5D:BC:76:5D:13:09:89:3A:92:FB:67:07:5E:C3:88:6D:C5:EF
Certificate issuer:       /CN=8bd4bcbf35db7fe2ef663522a5a3a3979a4f1ff8
Certificate serial:       018CC34943C721023AD4E25F70209BF3671E
Authority key identifier: 8B:D4:BC:BF:35:DB:7F:E2:EF:66:35:22:A5:A3:A3:97:9A:4F:1F:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9S8vzXbf-LvZjUipaOjl5pPH_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/xztdvHZdEwmJOpL7Zwdew4htxe8.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208591
IP address blocks:        45.84.208.0/22 maxlen: 24
                          2a0e:a180::/29 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/i9S8vzXbf-LvZjUipaOjl5pPH_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/i9S8vzXbf-LvZjUipaOjl5pPH_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9S8vzXbf-LvZjUipaOjl5pPH_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:43:c7:21:02:3a:d4:e2:5f:70:20:9b:f3:67:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bd4bcbf35db7fe2ef663522a5a3a3979a4f1ff8
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c73b5dbc765d1309893a92fb67075ec3886dc5ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a6:8f:c3:ed:97:9d:38:94:e0:39:99:ca:41:
                    59:a6:c0:79:50:c1:5a:d4:38:a5:a3:2f:73:7d:c4:
                    d5:1e:f7:81:39:07:ed:ea:09:c3:61:3f:0e:7f:41:
                    8b:86:d1:9e:bb:0e:c3:e0:65:b4:dd:ca:37:3f:5d:
                    44:15:94:74:ea:54:fb:1c:6b:7f:87:1c:22:04:c1:
                    ec:e0:53:2c:8a:61:6b:ac:ac:e5:b6:40:69:9a:9f:
                    a2:3e:3a:7b:dc:15:d5:f0:b8:7b:dd:f7:6d:51:08:
                    85:16:95:59:19:c7:ab:c7:5c:da:a2:5d:47:37:49:
                    04:d5:f2:76:c1:1e:56:0d:5f:f3:da:64:e6:49:62:
                    8c:29:48:99:94:37:e2:1f:04:db:c6:b0:bf:7a:54:
                    d4:14:1e:c6:86:57:32:00:f1:fb:4e:0f:1c:35:c9:
                    ed:16:27:ff:61:53:46:27:04:36:7b:f0:66:59:53:
                    9b:20:1d:20:4b:c0:ad:8d:e9:24:4e:8b:42:a5:3c:
                    19:c0:b7:81:13:9e:0a:1f:7b:0c:8b:d5:b9:53:d6:
                    cd:37:1d:dd:d3:09:27:7a:f4:19:af:18:aa:2c:e1:
                    cd:1d:c9:cd:e8:62:06:d1:e4:ab:95:89:e8:b7:27:
                    67:c2:91:33:0f:ed:4a:00:90:64:92:0b:a2:f4:16:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:3B:5D:BC:76:5D:13:09:89:3A:92:FB:67:07:5E:C3:88:6D:C5:EF
            X509v3 Authority Key Identifier:
                keyid:8B:D4:BC:BF:35:DB:7F:E2:EF:66:35:22:A5:A3:A3:97:9A:4F:1F:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9S8vzXbf-LvZjUipaOjl5pPH_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/xztdvHZdEwmJOpL7Zwdew4htxe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/i9S8vzXbf-LvZjUipaOjl5pPH_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.208.0/22
                IPv6:
                  2a0e:a180::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:e3:be:2f:eb:80:ac:f4:5f:30:ac:c7:87:62:ef:a4:67:44:
         4c:f0:a2:55:bc:4c:f8:52:17:9b:a6:f2:f0:ca:3a:dd:17:6e:
         79:65:78:14:01:36:6a:fa:bb:a1:3e:30:eb:bc:96:0e:b2:9f:
         f1:6d:fd:31:86:7f:69:07:93:cd:ec:20:49:94:9a:05:16:3e:
         ba:9b:8f:fc:5f:98:e1:a4:31:34:b0:53:61:c4:13:8a:fb:f3:
         be:6a:cc:5d:e0:ee:3a:8d:bf:bc:0a:6f:77:cc:c8:f3:ef:2c:
         66:fe:fb:08:95:d9:0f:19:36:a9:c8:1b:2e:4f:09:d3:5a:99:
         ff:71:38:0b:32:44:ae:c1:59:64:9a:90:5a:38:5b:7b:cd:ef:
         84:45:b7:80:02:e6:d6:94:53:6f:c6:f7:f1:65:5f:94:e3:1e:
         e4:1b:da:96:c3:ce:1b:8c:b7:2c:5e:c5:9d:58:e4:5a:27:b2:
         7f:53:20:74:12:f8:21:e3:c6:14:9f:5d:73:1b:95:66:e8:0f:
         d9:2a:b2:75:d9:23:08:96:cc:c7:d5:de:b6:31:44:d7:27:84:
         ae:c9:45:e3:61:fd:ea:b2:1e:9c:bb:ef:9a:f4:90:b6:c5:9c:
         70:7f:75:df:64:2a:c8:9e:53:2f:36:3b:38:ae:8a:e3:31:64:
         b4:03:58:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSUPHIQI61OJfcCCb82ceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZDRiY2JmMzVkYjdmZTJlZjY2MzUyMmE1YTNhMzk3OWE0
ZjFmZjgwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzNiNWRiYzc2NWQxMzA5ODkzYTkyZmI2NzA3NWVjMzg4NmRjNWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqaPw+2XnTiU4DmZykFZpsB5UMFa
1Diloy9zfcTVHveBOQft6gnDYT8Of0GLhtGeuw7D4GW03co3P11EFZR06lT7HGt/
hxwiBMHs4FMsimFrrKzltkBpmp+iPjp73BXV8Lh73fdtUQiFFpVZGcerx1zaol1H
N0kE1fJ2wR5WDV/z2mTmSWKMKUiZlDfiHwTbxrC/elTUFB7GhlcyAPH7Tg8cNcnt
Fif/YVNGJwQ2e/BmWVObIB0gS8CtjekkTotCpTwZwLeBE54KH3sMi9W5U9bNNx3d
0wknevQZrxiqLOHNHcnN6GIG0eSrlYnotydnwpEzD+1KAJBkkgui9BZ8/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMc7Xbx2XRMJiTqS+2cHXsOIbcXvMB8GA1UdIwQY
MBaAFIvUvL8123/i72Y1IqWjo5eaTx/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlTOHZ6WGJmLUx2WmpVaXBhT2psNXBQSF9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9hMTQyNzItMjc5NC00ZjM4LTk2NDAt
NDc4ZWQ3ZjhkMDVlLzEveHp0ZHZIWmRFd21KT3BMN1p3ZGV3NGh0eGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9hMTQyNzItMjc5NC00ZjM4LTk2NDAtNDc4ZWQ3ZjhkMDVl
LzEvaTlTOHZ6WGJmLUx2WmpVaXBhT2psNXBQSF9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVTQMA0E
AgACMAcDBQMqDqGAMA0GCSqGSIb3DQEBCwUAA4IBAQCK474v64Cs9F8wrMeHYu+k
Z0RM8KJVvEz4UhebpvLwyjrdF255ZXgUATZq+ruhPjDrvJYOsp/xbf0xhn9pB5PN
7CBJlJoFFj66m4/8X5jhpDE0sFNhxBOK+/O+asxd4O46jb+8Cm93zMjz7yxm/vsI
ldkPGTapyBsuTwnTWpn/cTgLMkSuwVlkmpBaOFt7ze+ERbeAAubWlFNvxvfxZV+U
4x7kG9qWw84bjLcsXsWdWORaJ7J/UyB0Evgh48YUn11zG5Vm6A/ZKrJ12SMIlszH
1d62MUTXJ4SuyUXjYf3qsh6cu++a9JC2xZxwf3XfZCrInlMvNjs4rorjMWS0A1ij
-----END CERTIFICATE-----