Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/hFriE5HZxoJg9KCL78a13Ro_8qg.roa
File:                     hFriE5HZxoJg9KCL78a13Ro_8qg.roa (raw, json)
Hash identifier:          jglNafhYgQ+GbNC6LnJXz/RG3BQqxTwfnHOmz/okX+U=
Subject key identifier:   84:5A:E2:13:91:D9:C6:82:60:F4:A0:8B:EF:C6:B5:DD:1A:3F:F2:A8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B63B20E96E707BBF96B99FA95042A
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/hFriE5HZxoJg9KCL78a13Ro_8qg.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209060
IP address blocks:        45.12.161.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:63:b2:0e:96:e7:07:bb:f9:6b:99:fa:95:04:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=845ae21391d9c68260f4a08befc6b5dd1a3ff2a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cc:13:d3:7c:6e:be:85:0a:df:c4:9b:eb:46:
                    25:83:53:0a:56:e0:c1:b3:17:ae:85:53:32:c3:d0:
                    50:a0:83:dc:25:96:7f:7e:71:d6:76:aa:0b:c9:8c:
                    57:df:b5:20:90:0e:cf:54:4a:5c:76:ec:56:49:53:
                    33:3c:33:38:57:f7:02:45:11:20:a0:bb:f6:85:bb:
                    61:5d:95:c8:06:8e:4a:71:0e:bb:94:4c:c0:d3:f2:
                    d5:be:77:08:2a:d7:f1:c2:95:ec:94:53:20:50:44:
                    1f:da:fd:d4:e8:2c:c4:eb:65:6a:e6:4f:ab:97:71:
                    5c:f1:5b:b5:f7:43:ec:bc:b5:06:32:26:54:55:71:
                    23:1e:ee:a0:39:6f:e6:3e:41:e1:80:6d:71:7d:f5:
                    32:25:77:dd:1d:b0:f3:65:81:93:27:ce:d6:a4:46:
                    01:1b:90:76:c6:bf:2a:5e:5b:28:45:44:c5:56:13:
                    d1:86:3c:9b:85:b2:d9:26:33:67:fa:64:89:00:ed:
                    25:4c:4a:75:e9:f7:d1:e3:97:db:c8:bc:d6:72:2c:
                    41:0c:b4:02:3f:9a:ff:ca:4d:4b:a3:f0:f7:7d:48:
                    5b:3c:b4:b5:f8:a7:8f:4e:1d:b6:75:c3:e0:6c:ba:
                    5a:53:ad:a4:c7:d8:f5:8b:e9:e9:4d:99:73:79:15:
                    0b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:5A:E2:13:91:D9:C6:82:60:F4:A0:8B:EF:C6:B5:DD:1A:3F:F2:A8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/hFriE5HZxoJg9KCL78a13Ro_8qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:94:68:2f:92:c6:c3:fe:2f:60:fb:b3:13:5f:5b:42:4e:ef:
         c6:5f:17:63:a9:7f:48:bc:64:fa:8c:dd:8d:c6:d2:fe:b1:ef:
         2a:00:56:6d:bc:d9:04:aa:f1:4c:89:92:66:8e:9d:c6:27:4d:
         0f:b6:4f:c1:45:ac:02:dd:e3:db:c7:e5:55:b0:92:c3:54:13:
         a8:9c:75:aa:2a:fb:d7:38:cc:73:f4:ce:58:8a:8e:1f:20:11:
         ac:e2:0e:ed:61:fb:a9:19:18:c1:45:c2:d3:dd:ed:64:8b:b2:
         69:eb:58:e0:9d:53:41:b6:e5:e5:05:41:5f:ae:e9:f8:64:38:
         af:5c:df:95:24:0d:e0:2b:3c:fc:7d:07:2c:f1:3c:cf:12:d2:
         27:8c:28:79:94:4e:69:58:4b:ec:26:bb:ab:36:b2:7e:69:45:
         33:7d:42:2f:0c:30:d7:9e:3d:61:48:db:50:5a:68:fc:09:42:
         9f:e3:bc:e3:cc:99:67:08:60:96:10:be:46:fd:9c:32:65:e8:
         9f:75:4b:88:77:ee:46:39:f5:95:64:9d:08:a8:b4:fb:79:af:
         8b:a6:79:77:19:25:09:a2:ad:fb:6f:23:7c:d2:62:7b:12:f5:
         24:b0:74:18:71:db:08:da:48:6d:a3:ee:4c:ab:4c:48:6e:89:
         80:d0:1a:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2OyDpbnB7v5a5n6lQQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDVhZTIxMzkxZDljNjgyNjBmNGEwOGJlZmM2YjVkZDFhM2ZmMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMwT03xuvoUK38Sb60Ylg1MKVuDB
sxeuhVMyw9BQoIPcJZZ/fnHWdqoLyYxX37UgkA7PVEpcduxWSVMzPDM4V/cCRREg
oLv2hbthXZXIBo5KcQ67lEzA0/LVvncIKtfxwpXslFMgUEQf2v3U6CzE62Vq5k+r
l3Fc8Vu190PsvLUGMiZUVXEjHu6gOW/mPkHhgG1xffUyJXfdHbDzZYGTJ87WpEYB
G5B2xr8qXlsoRUTFVhPRhjybhbLZJjNn+mSJAO0lTEp16ffR45fbyLzWcixBDLQC
P5r/yk1Lo/D3fUhbPLS1+KePTh22dcPgbLpaU62kx9j1i+npTZlzeRULaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRa4hOR2caCYPSgi+/Gtd0aP/KoMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvaEZyaUU1SFp4b0pnOUtDTDc4YTEzUm9fOHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQyhMA0G
CSqGSIb3DQEBCwUAA4IBAQCglGgvksbD/i9g+7MTX1tCTu/GXxdjqX9IvGT6jN2N
xtL+se8qAFZtvNkEqvFMiZJmjp3GJ00Ptk/BRawC3ePbx+VVsJLDVBOonHWqKvvX
OMxz9M5Yio4fIBGs4g7tYfupGRjBRcLT3e1ki7Jp61jgnVNBtuXlBUFfrun4ZDiv
XN+VJA3gKzz8fQcs8TzPEtInjCh5lE5pWEvsJrurNrJ+aUUzfUIvDDDXnj1hSNtQ
Wmj8CUKf47zjzJlnCGCWEL5G/ZwyZeifdUuId+5GOfWVZJ0IqLT7ea+Lpnl3GSUJ
oq37byN80mJ7EvUksHQYcdsI2khto+5Mq0xIbomA0Bpo
-----END CERTIFICATE-----