Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/FtiJXEJu3hjNgm2kn_7MZx1xo_8.roa
File:                     FtiJXEJu3hjNgm2kn_7MZx1xo_8.roa (raw, json)
Hash identifier:          dQgfafNF8H+A1HFHoOs+vbDR2xTHYmnsPKpOwQOV8xQ=
Subject key identifier:   16:D8:89:5C:42:6E:DE:18:CD:82:6D:A4:9F:FE:CC:67:1D:71:A3:FF
Certificate issuer:       /CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
Certificate serial:       018CC2DB2C155E566BCA16FCE4D07580719B
Authority key identifier: B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/FtiJXEJu3hjNgm2kn_7MZx1xo_8.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199524
IP address blocks:        45.135.231.0/24 maxlen: 24
                          45.135.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2c:15:5e:56:6b:ca:16:fc:e4:d0:75:80:71:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16d8895c426ede18cd826da49ffecc671d71a3ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cf:80:37:95:a0:d1:66:04:6e:f0:7d:2b:1d:
                    19:04:4b:0c:91:37:5a:bd:e6:0f:21:38:9a:ac:5b:
                    75:81:61:35:18:51:2f:b8:41:db:8d:d6:fd:a7:02:
                    7e:5b:16:e8:c3:ef:d0:a9:ca:7c:0b:f2:d1:2f:aa:
                    b1:40:00:14:d1:04:99:4a:b6:e2:11:69:36:a5:54:
                    34:f3:a1:de:84:ac:3d:d0:ca:fb:d1:a2:91:1c:88:
                    8a:56:7a:1e:12:37:01:4e:81:4d:6e:14:47:4c:06:
                    01:19:9b:b1:c2:0e:63:32:a1:98:70:45:65:60:81:
                    23:98:cf:b9:7e:c6:55:d3:c0:20:86:85:39:e4:6d:
                    1b:7a:9c:9d:e5:82:59:ab:bc:df:f9:0a:08:52:52:
                    44:9e:b7:35:e2:ba:40:7b:7b:e5:ac:8f:bf:e4:e2:
                    40:ad:d9:ee:29:5e:fe:70:de:70:7e:d9:09:94:b1:
                    a1:80:17:c3:8b:42:df:9f:77:f2:54:ab:e8:36:73:
                    b1:cf:87:d4:d4:62:04:3d:ef:26:b2:1a:58:bd:33:
                    aa:e2:41:31:3b:10:9f:18:fb:b9:d4:14:79:06:5e:
                    4b:89:18:29:36:d6:7c:7d:25:98:97:68:5c:bc:ec:
                    f8:23:ad:9d:08:b5:46:1c:dc:2c:21:09:5d:82:ee:
                    09:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D8:89:5C:42:6E:DE:18:CD:82:6D:A4:9F:FE:CC:67:1D:71:A3:FF
            X509v3 Authority Key Identifier:
                keyid:B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/FtiJXEJu3hjNgm2kn_7MZx1xo_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.228.0/24
                  45.135.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:1b:25:ae:45:3e:fc:38:14:44:f5:f2:6c:1f:02:c7:d1:ea:
         a4:52:0b:85:a2:c4:23:cd:ea:c4:4d:89:b4:e7:15:54:50:f9:
         19:e2:40:75:68:c1:d0:2c:01:d3:4a:ed:b5:c8:3f:2d:15:2e:
         66:04:82:9d:20:26:8c:97:76:27:a5:0e:9a:2f:d2:62:7f:40:
         ca:b7:c4:ca:0e:8f:03:f3:df:8d:0e:83:12:83:ac:d1:4d:4e:
         86:61:22:0f:be:27:64:ee:e0:50:6d:bb:90:fe:7e:f2:5c:d1:
         45:01:2a:03:1d:a0:27:73:99:0c:07:7a:a4:3b:0e:be:18:d8:
         62:c9:14:0b:a8:55:c1:32:d1:1f:f8:a6:3f:12:f0:0d:72:08:
         1f:fe:f0:c9:ba:a4:16:ec:1e:b6:33:7e:96:1d:37:21:5d:49:
         2f:7d:67:ef:5c:c9:e6:8e:ef:ab:28:da:a5:4b:55:69:21:38:
         ea:26:6f:75:5f:f6:12:55:8c:32:62:df:72:80:16:ef:fd:f2:
         92:2a:8c:0c:5a:a2:70:01:92:2b:e7:dc:fe:c0:b8:5b:31:f4:
         cc:fa:83:ce:97:bc:0d:01:96:96:45:c8:a4:ce:9c:00:78:a6:
         a3:8b:50:8a:20:00:d8:e4:7c:f3:d1:22:90:5d:db:c2:1d:b2:
         8e:c8:81:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2ywVXlZryhb85NB1gHGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOGFjZTBlYjNlMmRmNDlmZGJiNzc3MjY3MTZmYjY1ZTc3
Nzc5NjQwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ4ODk1YzQyNmVkZTE4Y2Q4MjZkYTQ5ZmZlY2M2NzFkNzFhM2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc+AN5Wg0WYEbvB9Kx0ZBEsMkTda
veYPITiarFt1gWE1GFEvuEHbjdb9pwJ+Wxbow+/Qqcp8C/LRL6qxQAAU0QSZSrbi
EWk2pVQ086HehKw90Mr70aKRHIiKVnoeEjcBToFNbhRHTAYBGZuxwg5jMqGYcEVl
YIEjmM+5fsZV08AghoU55G0bepyd5YJZq7zf+QoIUlJEnrc14rpAe3vlrI+/5OJA
rdnuKV7+cN5wftkJlLGhgBfDi0Lfn3fyVKvoNnOxz4fU1GIEPe8mshpYvTOq4kEx
OxCfGPu51BR5Bl5LiRgpNtZ8fSWYl2hcvOz4I62dCLVGHNwsIQldgu4JeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBbYiVxCbt4YzYJtpJ/+zGcdcaP/MB8GA1UdIwQY
MBaAFLCKzg6z4t9J/bt3cmcW+2Xnd3lkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQt
ODY1YjRjZmJkNGNkLzEvRnRpSlhFSnUzaGpOZ20ya25fN01aeDF4b184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQtODY1YjRjZmJkNGNk
LzEvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYfkAwQA
LYfnMA0GCSqGSIb3DQEBCwUAA4IBAQBYGyWuRT78OBRE9fJsHwLH0eqkUguFosQj
zerETYm05xVUUPkZ4kB1aMHQLAHTSu21yD8tFS5mBIKdICaMl3YnpQ6aL9Jif0DK
t8TKDo8D89+NDoMSg6zRTU6GYSIPvidk7uBQbbuQ/n7yXNFFASoDHaAnc5kMB3qk
Ow6+GNhiyRQLqFXBMtEf+KY/EvANcggf/vDJuqQW7B62M36WHTchXUkvfWfvXMnm
ju+rKNqlS1VpITjqJm91X/YSVYwyYt9ygBbv/fKSKowMWqJwAZIr59z+wLhbMfTM
+oPOl7wNAZaWRcikzpwAeKaji1CKIADY5Hzz0SKQXdvCHbKOyIEj
-----END CERTIFICATE-----