Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/k5ORAGKyy-t7Khx4Xzipt7gFjbc.roa
File:                     k5ORAGKyy-t7Khx4Xzipt7gFjbc.roa (raw, json)
Hash identifier:          CTMnxua87Co1DYYmZAu+W8/0KQRCT4/SSCo08YpiVOY=
Subject key identifier:   93:93:91:00:62:B2:CB:EB:7B:2A:1C:78:5F:38:A9:B7:B8:05:8D:B7
Certificate issuer:       /CN=7ba2be98438b98ee68a0d1b8c4144520bd0a623d
Certificate serial:       018CC348C05F033C619E0302946FC7C54955
Authority key identifier: 7B:A2:BE:98:43:8B:98:EE:68:A0:D1:B8:C4:14:45:20:BD:0A:62:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/k5ORAGKyy-t7Khx4Xzipt7gFjbc.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208830
IP address blocks:        45.82.236.0/22 maxlen: 24
                          2a0e:7580::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c0:5f:03:3c:61:9e:03:02:94:6f:c7:c5:49:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba2be98438b98ee68a0d1b8c4144520bd0a623d
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9393910062b2cbeb7b2a1c785f38a9b7b8058db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ca:af:b8:f5:eb:5a:2a:58:02:4c:e9:da:76:
                    70:22:e4:a4:ed:95:ea:34:f0:39:19:77:8a:a0:9d:
                    74:5f:e7:6a:33:2f:e6:82:ca:85:76:fd:ef:d2:2a:
                    e5:25:cb:2e:95:ba:77:1a:4f:ba:cd:d1:7e:fb:70:
                    f6:b5:77:00:af:c0:af:9c:12:ca:9e:f9:12:f3:20:
                    7a:58:4e:c0:c8:ef:a7:c4:a0:3d:f9:d9:10:7d:a3:
                    4a:36:87:cb:ad:ba:bb:82:21:d2:94:a6:88:32:e8:
                    69:21:87:75:be:c6:15:0b:4d:a5:d9:db:e1:52:a7:
                    e9:1e:29:ed:44:ab:74:c8:d7:ff:0a:c2:be:c5:ae:
                    6d:07:3e:d7:8b:f4:44:4f:92:e2:b0:34:ba:68:38:
                    a3:d0:fa:8d:5e:b0:e4:01:65:64:88:b9:41:5a:8c:
                    be:ed:e2:52:3a:62:87:10:ab:9d:a9:b8:4c:c7:06:
                    42:96:62:25:77:55:c7:3a:0d:4d:e7:8b:b6:b1:5f:
                    5e:08:76:0c:cf:02:18:a2:28:97:d9:bd:d1:03:a5:
                    a6:a6:b2:bd:01:ec:b1:32:5b:d6:45:fe:bf:28:53:
                    d0:38:25:90:a3:6f:7d:3e:34:63:94:ab:59:ba:94:
                    a4:b4:76:e0:08:70:ff:49:56:c7:c4:80:2c:ca:3d:
                    53:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:93:91:00:62:B2:CB:EB:7B:2A:1C:78:5F:38:A9:B7:B8:05:8D:B7
            X509v3 Authority Key Identifier:
                keyid:7B:A2:BE:98:43:8B:98:EE:68:A0:D1:B8:C4:14:45:20:BD:0A:62:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/k5ORAGKyy-t7Khx4Xzipt7gFjbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.236.0/22
                IPv6:
                  2a0e:7580::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:c3:aa:61:5f:e0:df:7a:50:10:83:da:a3:b7:11:e7:06:d7:
         f4:75:5a:6e:2c:39:69:f1:cb:26:33:cf:22:23:ea:69:c9:ec:
         f0:f7:0e:e8:26:52:51:5d:d3:50:51:f8:66:4a:d8:f8:90:da:
         48:34:23:76:cb:34:b5:74:d0:f6:f5:31:19:6b:7f:d3:80:e1:
         90:6b:a0:32:85:1a:14:76:e4:ff:33:ed:6f:63:31:f2:f3:4b:
         b3:87:c8:d1:7b:a3:15:e6:d0:69:bf:e8:bf:2b:f8:a1:54:d2:
         f2:53:ba:60:d2:42:7e:fa:1a:59:a2:0e:b4:6e:90:25:dc:76:
         88:3f:3f:67:2d:d6:27:e8:2b:f1:8e:5f:ff:23:77:fa:12:0c:
         f1:2e:13:7a:db:8e:73:0c:3e:8d:f0:e9:ed:25:80:1f:df:64:
         72:7b:24:8f:b6:04:df:a2:dc:66:98:35:c5:d7:ab:a5:17:c2:
         5f:68:f5:5c:fe:ab:4b:70:bb:f2:bc:9f:55:2f:c1:64:8e:70:
         e9:b3:b9:9e:c1:29:f3:41:67:6d:e7:c6:e1:89:c9:88:0c:ea:
         d9:8e:c6:a3:0f:46:a6:30:c9:33:23:c7:94:ec:51:36:f9:da:
         b0:01:44:b9:7c:b5:31:e9:63:8b:7c:a7:50:62:15:c5:39:2d:
         86:45:b3:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSMBfAzxhngMClG/HxUlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTJiZTk4NDM4Yjk4ZWU2OGEwZDFiOGM0MTQ0NTIwYmQw
YTYyM2QwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzkzOTEwMDYyYjJjYmViN2IyYTFjNzg1ZjM4YTliN2I4MDU4ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMqvuPXrWipYAkzp2nZwIuSk7ZXq
NPA5GXeKoJ10X+dqMy/mgsqFdv3v0irlJcsulbp3Gk+6zdF++3D2tXcAr8CvnBLK
nvkS8yB6WE7AyO+nxKA9+dkQfaNKNofLrbq7giHSlKaIMuhpIYd1vsYVC02l2dvh
UqfpHintRKt0yNf/CsK+xa5tBz7Xi/RET5LisDS6aDij0PqNXrDkAWVkiLlBWoy+
7eJSOmKHEKudqbhMxwZClmIld1XHOg1N54u2sV9eCHYMzwIYoiiX2b3RA6WmprK9
AeyxMlvWRf6/KFPQOCWQo299PjRjlKtZupSktHbgCHD/SVbHxIAsyj1TjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJOTkQBissvreyoceF84qbe4BY23MB8GA1UdIwQY
MBaAFHuivphDi5juaKDRuMQURSC9CmI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZLLW1FT0xtTzVvb05HNHhCUkZJTDBLWWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84NDVlNzYtOWMyZC00YWZmLTkyYWYt
NDkzNWIzZjVjMjA5LzEvazVPUkFHS3l5LXQ3S2h4NFh6aXB0N2dGamJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84NDVlNzYtOWMyZC00YWZmLTkyYWYtNDkzNWIzZjVjMjA5
LzEvZTZLLW1FT0xtTzVvb05HNHhCUkZJTDBLWWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVLsMA0E
AgACMAcDBQMqDnWAMA0GCSqGSIb3DQEBCwUAA4IBAQAAw6phX+DfelAQg9qjtxHn
Btf0dVpuLDlp8csmM88iI+ppyezw9w7oJlJRXdNQUfhmStj4kNpINCN2yzS1dND2
9TEZa3/TgOGQa6AyhRoUduT/M+1vYzHy80uzh8jRe6MV5tBpv+i/K/ihVNLyU7pg
0kJ++hpZog60bpAl3HaIPz9nLdYn6Cvxjl//I3f6EgzxLhN6245zDD6N8OntJYAf
32RyeySPtgTfotxmmDXF16ulF8JfaPVc/qtLcLvyvJ9VL8FkjnDps7mewSnzQWdt
58bhicmIDOrZjsajD0amMMkzI8eU7FE2+dqwAUS5fLUx6WOLfKdQYhXFOS2GRbPj
-----END CERTIFICATE-----