Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/GHWgTmJB4ox0z-AGKc5u2VSFUJA.roa
File:                     GHWgTmJB4ox0z-AGKc5u2VSFUJA.roa (raw, json)
Hash identifier:          0ggJQzV+uHfKEqYKS30amJXOLyHsX+qCa0pzPfRoEn0=
Subject key identifier:   18:75:A0:4E:62:41:E2:8C:74:CF:E0:06:29:CE:6E:D9:54:85:50:90
Certificate issuer:       /CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
Certificate serial:       018CC56EC65E1D826DE357291D3F3627BA14
Authority key identifier: B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/GHWgTmJB4ox0z-AGKc5u2VSFUJA.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.85.95.0/24 maxlen: 24
                          45.85.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c6:5e:1d:82:6d:e3:57:29:1d:3f:36:27:ba:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1875a04e6241e28c74cfe00629ce6ed954855090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:4d:0a:e1:d5:c9:51:dc:99:d0:44:27:70:
                    36:10:05:1c:3a:b8:ea:52:5f:c1:6f:ca:db:41:54:
                    86:68:82:07:a9:ce:8b:ab:ce:cc:4f:f1:1a:38:80:
                    ae:d9:0f:27:57:83:02:c7:c4:bc:78:75:1c:e5:cb:
                    2d:27:3d:6e:5f:12:7f:d7:86:28:39:bf:9c:76:25:
                    e5:fa:0e:6b:cc:c5:15:64:ba:aa:dd:9b:bd:bc:2f:
                    6a:e7:33:c8:9f:1a:06:57:6b:56:d8:2d:b3:43:52:
                    22:40:1e:dc:61:aa:57:b5:77:5a:3a:f1:2d:bf:3f:
                    30:22:b3:66:e8:36:15:4e:58:f3:f8:5c:2f:3c:19:
                    10:47:0a:9c:e4:10:1a:48:92:37:9c:24:bc:ae:eb:
                    a3:e0:f2:a2:91:f5:42:1d:9f:cc:18:63:2c:e1:e4:
                    9b:5b:31:7c:bd:76:85:84:89:cb:d8:80:ff:ad:28:
                    d0:9b:ef:b2:0b:f3:26:3b:a0:77:bc:fb:3e:cb:c4:
                    49:5a:7c:2c:ab:0b:76:fe:7a:d6:66:e9:8c:f9:76:
                    af:68:f7:e5:42:85:3c:a0:f8:83:13:4b:57:30:05:
                    40:02:d7:5a:eb:d9:ec:ac:02:88:50:81:3e:e8:8a:
                    92:2d:e7:52:b5:7a:bb:b3:99:8a:54:ae:6e:f2:5a:
                    26:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:75:A0:4E:62:41:E2:8C:74:CF:E0:06:29:CE:6E:D9:54:85:50:90
            X509v3 Authority Key Identifier:
                keyid:B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/GHWgTmJB4ox0z-AGKc5u2VSFUJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:e4:2e:84:4d:79:99:eb:c2:67:49:a5:87:eb:40:1e:3e:31:
         3c:d6:58:db:54:f9:d7:ca:7f:4e:48:9b:a8:f7:3d:44:22:91:
         1b:e8:11:bf:16:91:9c:dd:50:fe:d6:83:43:61:d9:1e:d9:b5:
         d9:3e:2a:89:e3:1a:b0:57:5b:f3:f3:8b:4c:4c:76:a7:a0:c2:
         13:3d:d2:0d:cd:02:72:a5:bf:2b:2f:d3:73:74:63:cf:7c:01:
         93:df:26:59:a5:ae:cb:07:b3:4b:f3:6a:93:9d:64:d5:97:9e:
         af:1a:e1:40:c9:6f:a2:0d:05:8f:23:bd:60:88:bf:f2:10:dd:
         ad:ce:15:7a:6f:f5:76:fe:87:e4:51:ac:77:af:90:8b:2b:11:
         77:5d:98:3e:da:5b:b0:54:56:b2:f7:48:8c:36:35:c8:50:52:
         eb:b5:73:82:a1:bb:1b:6a:92:0f:a5:7c:94:de:f9:84:25:fe:
         be:bd:85:c6:57:20:11:0f:a4:93:87:ff:a4:ea:e2:13:78:42:
         2f:2d:6c:a1:09:6f:95:ec:42:5c:64:31:8a:95:d9:48:e5:3e:
         67:53:5d:f7:98:c2:55:26:1f:34:2b:54:95:2d:8d:84:2f:7f:
         fd:e7:ea:0d:42:b0:a6:8a:f3:3c:15:d0:dd:81:cf:a2:91:7b:
         8d:45:23:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsZeHYJt41cpHT82J7oUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjBkMzM0MzJlY2E3N2MwNTRlOGZhODcwNzI0OGRhNGU0
N2RiMGIwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODc1YTA0ZTYyNDFlMjhjNzRjZmUwMDYyOWNlNmVkOTU0ODU1MDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviFNCuHVyVHcmdBEJ3A2EAUcOrjq
Ul/Bb8rbQVSGaIIHqc6Lq87MT/EaOICu2Q8nV4MCx8S8eHUc5cstJz1uXxJ/14Yo
Ob+cdiXl+g5rzMUVZLqq3Zu9vC9q5zPInxoGV2tW2C2zQ1IiQB7cYapXtXdaOvEt
vz8wIrNm6DYVTljz+FwvPBkQRwqc5BAaSJI3nCS8ruuj4PKikfVCHZ/MGGMs4eSb
WzF8vXaFhInL2ID/rSjQm++yC/MmO6B3vPs+y8RJWnwsqwt2/nrWZumM+XavaPfl
QoU8oPiDE0tXMAVAAtda69nsrAKIUIE+6IqSLedStXq7s5mKVK5u8lom9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBh1oE5iQeKMdM/gBinObtlUhVCQMB8GA1UdIwQY
MBaAFLmw0zQy7Kd8BU6PqHBySNpOR9sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQt
ZDE5NmY5MjkxNzMyLzEvR0hXZ1RtSkI0b3gwei1BR0tjNXUyVlNGVUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQtZDE5NmY5MjkxNzMy
LzEvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVVeMA0G
CSqGSIb3DQEBCwUAA4IBAQAW5C6ETXmZ68JnSaWH60AePjE81ljbVPnXyn9OSJuo
9z1EIpEb6BG/FpGc3VD+1oNDYdke2bXZPiqJ4xqwV1vz84tMTHanoMITPdINzQJy
pb8rL9NzdGPPfAGT3yZZpa7LB7NL82qTnWTVl56vGuFAyW+iDQWPI71giL/yEN2t
zhV6b/V2/ofkUax3r5CLKxF3XZg+2luwVFay90iMNjXIUFLrtXOCobsbapIPpXyU
3vmEJf6+vYXGVyARD6STh/+k6uITeEIvLWyhCW+V7EJcZDGKldlI5T5nU133mMJV
Jh80K1SVLY2EL3/95+oNQrCmivM8FdDdgc+ikXuNRSPF
-----END CERTIFICATE-----