Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/u1XvDMBPDguciVz7OgZE2VsECb8.roa
File:                     u1XvDMBPDguciVz7OgZE2VsECb8.roa (raw, json)
Hash identifier:          fsepuXsp3um4X5PPpcvZ4KZC8yegeeHHvpabmkFWClU=
Subject key identifier:   BB:55:EF:0C:C0:4F:0E:0B:9C:89:5C:FB:3A:06:44:D9:5B:04:09:BF
Certificate issuer:       /CN=1b18e0a19ae790fa503951559f47d41b47e7fd0f
Certificate serial:       018CC3491ED1F6F4E1BD85E994751640AF67
Authority key identifier: 1B:18:E0:A1:9A:E7:90:FA:50:39:51:55:9F:47:D4:1B:47:E7:FD:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/u1XvDMBPDguciVz7OgZE2VsECb8.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9304
IP address blocks:        45.85.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1e:d1:f6:f4:e1:bd:85:e9:94:75:16:40:af:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b18e0a19ae790fa503951559f47d41b47e7fd0f
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb55ef0cc04f0e0b9c895cfb3a0644d95b0409bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ab:2c:65:29:33:68:e3:67:cb:6c:18:9d:1c:
                    2d:bd:fe:b9:ed:10:35:87:8c:12:9c:a8:d7:06:82:
                    59:b1:19:7c:99:28:61:42:21:11:03:77:02:3c:69:
                    1c:3f:9d:87:8f:81:e6:a0:d9:35:ac:40:03:c8:ab:
                    4a:22:9c:2a:89:52:a3:46:0c:ac:9f:f8:5b:09:a3:
                    8c:f5:25:ed:6a:59:df:35:89:0e:d1:15:1d:67:eb:
                    f5:5a:29:fc:d4:4e:fd:d0:82:f2:a6:dd:71:eb:91:
                    7f:60:62:56:58:81:fb:a9:d0:25:69:4c:82:2e:07:
                    03:15:fa:17:f5:b4:66:97:57:60:e1:e9:df:76:19:
                    42:8b:2f:e7:1e:a1:e7:3b:33:f3:4b:3d:cc:4b:75:
                    f0:db:1e:38:eb:8c:a7:a3:c8:2f:eb:cf:b0:04:1b:
                    50:df:87:46:37:f1:cf:3f:3e:36:e1:46:a3:f6:a9:
                    01:b7:d0:d5:3c:3a:a4:4d:6a:d5:ef:16:7f:e8:e2:
                    cc:a6:e4:c9:ae:9e:b9:25:c2:97:4b:f3:f8:46:22:
                    1f:1b:a0:19:65:23:86:fb:9d:7a:cc:0f:64:e0:c1:
                    7f:98:51:e3:65:97:17:b5:78:91:c5:d4:b7:72:0c:
                    f0:df:8c:72:76:96:21:8b:74:fb:dd:31:7e:f6:15:
                    29:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:55:EF:0C:C0:4F:0E:0B:9C:89:5C:FB:3A:06:44:D9:5B:04:09:BF
            X509v3 Authority Key Identifier:
                keyid:1B:18:E0:A1:9A:E7:90:FA:50:39:51:55:9F:47:D4:1B:47:E7:FD:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/u1XvDMBPDguciVz7OgZE2VsECb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:48:fb:3c:c0:c8:14:bd:c4:9f:e1:fe:48:77:fb:2e:d6:f3:
         25:34:fc:3e:4f:2c:69:b7:e4:1f:02:c0:c3:17:74:e2:ff:68:
         bc:b8:72:0c:9a:70:9b:db:7b:ab:7f:f6:cc:d5:ca:d3:6b:d2:
         52:84:81:b5:10:a0:b2:e1:03:15:79:7a:cf:e5:e1:05:b1:17:
         88:12:a4:b1:9d:5b:ff:8b:65:33:69:6f:5f:36:e2:fc:82:67:
         bb:28:bd:25:77:93:81:22:23:b1:9a:5e:89:54:1d:1d:24:5a:
         5c:fc:31:47:c9:4e:c1:1e:c5:c4:b1:7e:6b:6f:23:e5:09:af:
         2e:cd:1c:04:58:3a:0b:93:ee:f9:44:54:8e:db:fc:9a:6e:dc:
         a7:ad:c7:71:98:0c:31:d0:4f:ff:a4:c9:fb:a9:e3:55:83:3a:
         77:7f:85:cb:81:be:ec:ba:db:eb:54:6e:1e:bd:2f:cf:b4:7e:
         6c:fe:bb:20:18:62:aa:55:97:e7:8c:73:39:16:95:b2:86:7a:
         bd:18:37:04:72:0a:94:fe:84:32:12:90:ed:81:b9:b1:d0:15:
         5a:d9:9a:32:01:53:53:0d:34:8d:71:97:fd:e6:9b:49:dd:36:
         18:00:b4:8f:c3:b2:18:23:40:0b:65:53:5c:12:ec:1f:f5:b1:
         7d:4b:f9:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSR7R9vThvYXplHUWQK9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMThlMGExOWFlNzkwZmE1MDM5NTE1NTlmNDdkNDFiNDdl
N2ZkMGYwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU1ZWYwY2MwNGYwZTBiOWM4OTVjZmIzYTA2NDRkOTViMDQwOWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnassZSkzaONny2wYnRwtvf657RA1
h4wSnKjXBoJZsRl8mShhQiERA3cCPGkcP52Hj4HmoNk1rEADyKtKIpwqiVKjRgys
n/hbCaOM9SXtalnfNYkO0RUdZ+v1Win81E790ILypt1x65F/YGJWWIH7qdAlaUyC
LgcDFfoX9bRml1dg4enfdhlCiy/nHqHnOzPzSz3MS3Xw2x4464yno8gv68+wBBtQ
34dGN/HPPz424Uaj9qkBt9DVPDqkTWrV7xZ/6OLMpuTJrp65JcKXS/P4RiIfG6AZ
ZSOG+516zA9k4MF/mFHjZZcXtXiRxdS3cgzw34xydpYhi3T73TF+9hUpcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtV7wzATw4LnIlc+zoGRNlbBAm/MB8GA1UdIwQY
MBaAFBsY4KGa55D6UDlRVZ9H1BtH5/0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hqZ29acm5rUHBRT1ZGVm4wZlVHMGZuX1E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mMmUyYzktY2VhYi00ZDdiLWE5ZDgt
YTEwNTc3NmMzMzQ3LzEvdTFYdkRNQlBEZ3VjaVZ6N09nWkUyVnNFQ2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mMmUyYzktY2VhYi00ZDdiLWE5ZDgtYTEwNTc3NmMzMzQ3
LzEvR3hqZ29acm5rUHBRT1ZGVm4wZlVHMGZuX1E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVWoMA0G
CSqGSIb3DQEBCwUAA4IBAQBUSPs8wMgUvcSf4f5Id/su1vMlNPw+Tyxpt+QfAsDD
F3Ti/2i8uHIMmnCb23urf/bM1crTa9JShIG1EKCy4QMVeXrP5eEFsReIEqSxnVv/
i2UzaW9fNuL8gme7KL0ld5OBIiOxml6JVB0dJFpc/DFHyU7BHsXEsX5rbyPlCa8u
zRwEWDoLk+75RFSO2/yabtynrcdxmAwx0E//pMn7qeNVgzp3f4XLgb7sutvrVG4e
vS/PtH5s/rsgGGKqVZfnjHM5FpWyhnq9GDcEcgqU/oQyEpDtgbmx0BVa2ZoyAVNT
DTSNcZf95ptJ3TYYALSPw7IYI0ALZVNcEuwf9bF9S/lS
-----END CERTIFICATE-----