Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/xMnMGktTXIx63IShPoL3yNVzZ3Q.roa
File:                     xMnMGktTXIx63IShPoL3yNVzZ3Q.roa (raw, json)
Hash identifier:          zDfi8Mte9POpjg8pjmKInf2yp9hUwV04iD+hK1HKD7k=
Subject key identifier:   C4:C9:CC:1A:4B:53:5C:8C:7A:DC:84:A1:3E:82:F7:C8:D5:73:67:74
Certificate issuer:       /CN=733b0728b7a0543584c2cd0b48b7478c4194ef0a
Certificate serial:       0192234E057B41AF160B0AB2A59B137ED06F
Authority key identifier: 73:3B:07:28:B7:A0:54:35:84:C2:CD:0B:48:B7:47:8C:41:94:EF:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/xMnMGktTXIx63IShPoL3yNVzZ3Q.roa
Signing time:             Tue 24 Sep 2024 09:12:48 +0000
ROA not before:           Tue 24 Sep 2024 09:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        145.83.4.0/23 maxlen: 23
                          145.83.6.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:4e:05:7b:41:af:16:0b:0a:b2:a5:9b:13:7e:d0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=733b0728b7a0543584c2cd0b48b7478c4194ef0a
        Validity
            Not Before: Sep 24 09:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4c9cc1a4b535c8c7adc84a13e82f7c8d5736774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d4:68:e6:06:e2:92:a7:42:99:ee:3f:d5:5f:
                    14:fd:f8:80:38:6e:19:f0:c9:c9:18:e0:41:86:35:
                    9c:43:44:78:c1:69:fb:15:21:95:6c:3e:eb:50:b1:
                    c6:5d:3a:d8:11:ac:8d:0a:16:63:c4:85:25:cd:4f:
                    c1:be:2f:b6:5c:6f:b9:21:93:f7:79:9d:d9:04:d8:
                    91:a9:60:c3:f0:6e:c9:24:f6:da:59:b4:53:7a:a1:
                    08:fd:de:e8:cc:71:30:52:1b:19:f4:82:f4:89:b5:
                    c1:ad:d5:ab:9c:ed:c6:2d:2d:96:73:87:39:07:a7:
                    4c:f1:19:b5:8b:fd:3f:d8:fd:06:62:f0:14:2c:3c:
                    e7:ee:08:68:35:0e:5c:fa:15:a6:31:4e:cf:53:d3:
                    b8:8f:14:e2:b6:83:6f:cf:4a:b6:c4:89:c0:3e:f6:
                    1a:76:6b:e6:de:85:97:00:4c:65:c0:78:17:02:e4:
                    59:52:5d:d3:9a:a8:17:75:bd:f4:60:16:ce:4b:62:
                    be:ce:fe:2a:35:d6:90:f4:a0:10:dc:8e:16:7e:6f:
                    77:d3:1d:23:fc:2b:03:47:21:29:8d:64:b6:55:33:
                    c3:b8:e4:f7:80:3a:53:39:3c:dd:50:59:e1:05:76:
                    74:5a:f0:b2:7b:63:f8:9c:31:bc:a2:88:c1:8d:aa:
                    d2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C9:CC:1A:4B:53:5C:8C:7A:DC:84:A1:3E:82:F7:C8:D5:73:67:74
            X509v3 Authority Key Identifier:
                keyid:73:3B:07:28:B7:A0:54:35:84:C2:CD:0B:48:B7:47:8C:41:94:EF:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/xMnMGktTXIx63IShPoL3yNVzZ3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.83.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:7e:af:26:f1:5a:f0:48:55:a6:c9:4c:76:e6:78:71:ed:12:
         fc:0d:eb:61:38:85:b8:c7:82:20:c2:b2:49:88:08:30:e0:42:
         8d:d6:aa:4a:5a:2c:e1:05:e4:31:b7:0c:a7:d3:f9:b2:4f:8b:
         91:e5:28:b2:87:a1:dc:50:75:8b:ba:b9:c5:df:16:0f:e1:2b:
         45:6a:a3:14:60:c7:ef:eb:c2:80:49:f0:57:85:27:81:93:7e:
         14:94:4d:cb:98:b3:46:14:72:78:43:38:f3:c4:95:8a:86:7e:
         56:99:97:d3:96:22:8a:82:80:05:81:fc:49:58:36:6d:6d:62:
         6d:42:69:1a:c7:31:eb:8d:3a:8f:8f:85:12:04:8e:2e:50:e5:
         42:90:be:4b:47:08:9a:80:93:5c:75:6b:25:80:f4:ce:dd:5f:
         a2:d2:d9:86:12:4c:9c:3e:b6:7c:83:68:15:f3:23:22:cd:45:
         74:60:9b:0f:93:11:7a:6f:35:5c:8e:3d:1d:ee:34:0a:66:dc:
         94:b8:ad:98:e7:09:a3:c3:c8:1c:59:04:76:88:b6:05:d3:89:
         ee:35:08:85:4f:76:9b:55:2f:1b:77:4a:91:28:3f:79:b9:32:
         21:01:eb:85:98:b0:93:3d:50:44:a3:b5:f6:0a:96:b0:e1:87:
         2b:ae:c1:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIjTgV7Qa8WCwqypZsTftBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczM2IwNzI4YjdhMDU0MzU4NGMyY2QwYjQ4Yjc0NzhjNDE5
NGVmMGEwHhcNMjQwOTI0MDkxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGM5Y2MxYTRiNTM1YzhjN2FkYzg0YTEzZTgyZjdjOGQ1NzM2Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdRo5gbikqdCme4/1V8U/fiAOG4Z
8MnJGOBBhjWcQ0R4wWn7FSGVbD7rULHGXTrYEayNChZjxIUlzU/Bvi+2XG+5IZP3
eZ3ZBNiRqWDD8G7JJPbaWbRTeqEI/d7ozHEwUhsZ9IL0ibXBrdWrnO3GLS2Wc4c5
B6dM8Rm1i/0/2P0GYvAULDzn7ghoNQ5c+hWmMU7PU9O4jxTitoNvz0q2xInAPvYa
dmvm3oWXAExlwHgXAuRZUl3TmqgXdb30YBbOS2K+zv4qNdaQ9KAQ3I4Wfm930x0j
/CsDRyEpjWS2VTPDuOT3gDpTOTzdUFnhBXZ0WvCye2P4nDG8oojBjarSSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTJzBpLU1yMetyEoT6C98jVc2d0MB8GA1UdIwQY
MBaAFHM7Byi3oFQ1hMLNC0i3R4xBlO8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3pzSEtMZWdWRFdFd3MwTFNMZEhqRUdVN3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hODM0ZGEtMWNjYS00MDE3LTkwYjgt
ZGFlZTBhZWFmYjJiLzEveE1uTUdrdFRYSXg2M0lTaFBvTDN5TlZ6WjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hODM0ZGEtMWNjYS00MDE3LTkwYjgtZGFlZTBhZWFmYjJi
LzEvY3pzSEtMZWdWRFdFd3MwTFNMZEhqRUdVN3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkVMEMA0G
CSqGSIb3DQEBCwUAA4IBAQAVfq8m8VrwSFWmyUx25nhx7RL8DethOIW4x4IgwrJJ
iAgw4EKN1qpKWizhBeQxtwyn0/myT4uR5Siyh6HcUHWLurnF3xYP4StFaqMUYMfv
68KASfBXhSeBk34UlE3LmLNGFHJ4QzjzxJWKhn5WmZfTliKKgoAFgfxJWDZtbWJt
QmkaxzHrjTqPj4USBI4uUOVCkL5LRwiagJNcdWslgPTO3V+i0tmGEkycPrZ8g2gV
8yMizUV0YJsPkxF6bzVcjj0d7jQKZtyUuK2Y5wmjw8gcWQR2iLYF04nuNQiFT3ab
VS8bd0qRKD95uTIhAeuFmLCTPVBEo7X2Cpaw4YcrrsHr
-----END CERTIFICATE-----