Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CxeD90NmYcNXQZy-Qjzej0WOf3w.roa
File:                     CxeD90NmYcNXQZy-Qjzej0WOf3w.roa (raw, json)
Hash identifier:          MdicRszN8mFEZkMouVWiYp4BVuoPTdPtjP+F5Q0jiFc=
Subject key identifier:   0B:17:83:F7:43:66:61:C3:57:41:9C:BE:42:3C:DE:8F:45:8E:7F:7C
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B64358A2A1A794848E4A8F8840486
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CxeD90NmYcNXQZy-Qjzej0WOf3w.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209537
IP address blocks:        45.67.18.0/24 maxlen: 32
                          2a06:82c5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:64:35:8a:2a:1a:79:48:48:e4:a8:f8:84:04:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b1783f7436661c357419cbe423cde8f458e7f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fe:24:4e:da:b2:0b:5b:ce:f4:c8:c7:e7:bb:
                    00:2f:9a:2c:25:c6:aa:4c:44:da:57:a7:71:2a:9c:
                    a1:5a:78:b3:c8:97:cf:45:b3:e1:66:ce:5c:eb:b0:
                    9d:45:2d:90:5b:62:0c:a5:94:14:12:99:19:08:7e:
                    ef:36:a5:a9:eb:18:c4:12:13:2e:a3:46:49:ce:7b:
                    20:b6:47:9b:35:f9:d5:99:70:eb:ed:47:28:7e:46:
                    13:a1:f3:97:ae:0e:b3:d2:6d:dc:dc:d6:03:a1:29:
                    43:1c:b2:c3:e2:07:33:40:c7:22:5d:bc:28:30:55:
                    a1:e4:2c:cf:0a:2a:96:c0:3c:0e:99:09:40:a4:ca:
                    f2:79:77:08:f2:16:93:9d:e4:fa:60:c4:8c:ee:82:
                    44:86:f4:ee:ea:19:e6:12:55:52:29:56:6a:ee:53:
                    18:0a:c0:cc:bf:3a:68:33:f1:cb:24:d3:4f:a3:80:
                    83:cb:3b:58:00:0c:b7:d2:0e:d1:02:15:ec:5d:ce:
                    0a:02:08:ba:c9:a3:40:78:b2:fb:19:f5:5b:33:44:
                    36:6c:10:b1:a2:78:78:9d:e7:d1:57:16:8b:d0:f8:
                    68:b8:68:32:3f:fd:62:e3:79:ba:45:32:e8:8d:c4:
                    1e:98:fe:cc:12:9c:82:bc:dc:60:37:02:51:1d:df:
                    f4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:17:83:F7:43:66:61:C3:57:41:9C:BE:42:3C:DE:8F:45:8E:7F:7C
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CxeD90NmYcNXQZy-Qjzej0WOf3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.18.0/24
                IPv6:
                  2a06:82c5::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:fb:ae:71:cb:a2:c9:b0:67:a5:f3:49:f4:5c:38:da:d8:68:
         12:ad:49:ec:b1:05:7c:04:bb:aa:22:63:ba:a6:54:88:14:8d:
         15:80:85:40:51:00:09:d8:2f:8e:bc:77:63:8e:46:0a:c3:27:
         08:e8:cb:f5:87:76:4f:95:a0:20:01:9d:07:2a:15:e3:37:74:
         26:e0:7e:0b:0f:06:92:db:e2:92:17:83:eb:04:7b:46:a2:d1:
         49:80:ef:e9:8c:51:f9:36:f5:6b:87:5e:b1:51:5c:5f:e4:b2:
         51:3c:fa:6f:a3:62:eb:44:fe:5d:6a:52:d8:a5:7c:d3:25:32:
         ae:70:86:93:fe:3e:0a:0f:af:6d:11:79:37:87:a4:8a:1e:18:
         d3:bb:89:0e:8d:13:64:5b:ae:94:2b:ad:08:54:df:fb:74:14:
         f0:ba:f5:1e:63:44:04:10:33:15:4c:88:28:76:6a:97:b1:6d:
         4f:4b:fc:ec:eb:38:f7:34:ed:57:03:8b:43:3e:57:33:4e:67:
         b0:4a:bf:7e:09:7f:a9:08:f1:03:2c:0f:c4:50:08:be:b1:bb:
         16:4c:be:3a:95:9d:8b:f8:1e:cc:74:27:bc:c4:a7:d5:91:90:
         36:ad:67:59:14:06:bd:9b:a1:74:31:87:34:2c:96:e0:6c:83:
         99:30:b6:50
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK2Q1iioaeUhI5Kj4hASGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE3ODNmNzQzNjY2MWMzNTc0MTljYmU0MjNjZGU4ZjQ1OGU3ZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/4kTtqyC1vO9MjH57sAL5osJcaq
TETaV6dxKpyhWnizyJfPRbPhZs5c67CdRS2QW2IMpZQUEpkZCH7vNqWp6xjEEhMu
o0ZJznsgtkebNfnVmXDr7UcofkYTofOXrg6z0m3c3NYDoSlDHLLD4gczQMciXbwo
MFWh5CzPCiqWwDwOmQlApMryeXcI8haTneT6YMSM7oJEhvTu6hnmElVSKVZq7lMY
CsDMvzpoM/HLJNNPo4CDyztYAAy30g7RAhXsXc4KAgi6yaNAeLL7GfVbM0Q2bBCx
onh4nefRVxaL0PhouGgyP/1i43m6RTLojcQemP7MEpyCvNxgNwJRHd/0ewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAsXg/dDZmHDV0GcvkI83o9Fjn98MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvQ3hlRDkwTm1ZY05YUVp5LVFqemVqMFdPZjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALUMSMA8E
AgACMAkDBwAqBoLFAAAwDQYJKoZIhvcNAQELBQADggEBACP7rnHLosmwZ6XzSfRc
ONrYaBKtSeyxBXwEu6oiY7qmVIgUjRWAhUBRAAnYL468d2OORgrDJwjoy/WHdk+V
oCABnQcqFeM3dCbgfgsPBpLb4pIXg+sEe0ai0UmA7+mMUfk29WuHXrFRXF/kslE8
+m+jYutE/l1qUtilfNMlMq5whpP+PgoPr20ReTeHpIoeGNO7iQ6NE2RbrpQrrQhU
3/t0FPC69R5jRAQQMxVMiCh2apexbU9L/OzrOPc07VcDi0M+VzNOZ7BKv34Jf6kI
8QMsD8RQCL6xuxZMvjqVnYv4Hsx0J7zEp9WRkDatZ1kUBr2boXQxhzQsluBsg5kw
tlA=
-----END CERTIFICATE-----