Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/24R_E0WjYN8Sc_e1GxAbuIOieBA.roa
File:                     24R_E0WjYN8Sc_e1GxAbuIOieBA.roa (raw, json)
Hash identifier:          A/JUqaw8BAuLOXIYFmvFIH3nVGP5sIdG63gKAgxC7N4=
Subject key identifier:   DB:84:7F:13:45:A3:60:DF:12:73:F7:B5:1B:10:1B:B8:83:A2:78:10
Certificate issuer:       /CN=28178243a0866b091272d1e1eb451e71e413b99a
Certificate serial:       018FA4F220700DD0853D76175435D5ED24E9
Authority key identifier: 28:17:82:43:A0:86:6B:09:12:72:D1:E1:EB:45:1E:71:E4:13:B9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBeCQ6CGawkSctHh60UeceQTuZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/24R_E0WjYN8Sc_e1GxAbuIOieBA.roa
Signing time:             Thu 23 May 2024 10:14:42 +0000
ROA not before:           Thu 23 May 2024 10:14:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        45.85.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/KBeCQ6CGawkSctHh60UeceQTuZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/KBeCQ6CGawkSctHh60UeceQTuZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBeCQ6CGawkSctHh60UeceQTuZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a4:f2:20:70:0d:d0:85:3d:76:17:54:35:d5:ed:24:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28178243a0866b091272d1e1eb451e71e413b99a
        Validity
            Not Before: May 23 10:14:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db847f1345a360df1273f7b51b101bb883a27810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:76:b5:24:0f:41:2d:07:9a:6f:1a:f0:18:bd:
                    40:8b:03:c3:a9:22:42:5a:57:b3:74:cb:a2:94:bf:
                    4d:78:d1:92:17:2e:e0:6c:b2:a8:a4:52:6b:16:15:
                    f4:01:94:8a:a3:e5:b6:36:17:87:e6:33:b8:f5:01:
                    6d:0e:f0:26:ad:a1:0d:00:c8:02:0d:9f:43:52:e6:
                    47:39:ad:61:1f:6f:0e:9f:a9:07:f9:ad:9f:c8:85:
                    07:96:28:f0:e4:be:77:63:a6:c7:0d:29:82:58:ab:
                    8c:cb:ff:80:a9:f5:bc:80:9b:7a:f9:93:cc:58:83:
                    be:27:2d:10:a6:80:1c:ad:ef:5e:4b:32:f5:0f:38:
                    2f:dd:16:f0:3d:70:1d:5e:6b:40:59:38:b7:b8:32:
                    4a:26:78:dc:61:70:31:f4:5c:17:02:e0:4e:ad:32:
                    cc:cf:85:58:cb:cd:61:75:6f:0f:36:04:3b:f2:8f:
                    ee:2e:24:61:a3:49:0e:ba:00:cf:bd:14:d6:cd:97:
                    a7:ef:45:59:03:8a:e6:4f:a1:df:12:40:db:bf:92:
                    bf:43:04:78:d9:60:19:e6:14:ca:8e:64:ed:2e:de:
                    14:fd:f8:fe:32:f8:9c:f7:64:62:a3:17:f7:98:5c:
                    f0:2f:95:ce:e1:e9:cc:e6:81:6a:d7:e6:b9:07:1c:
                    6e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:84:7F:13:45:A3:60:DF:12:73:F7:B5:1B:10:1B:B8:83:A2:78:10
            X509v3 Authority Key Identifier:
                keyid:28:17:82:43:A0:86:6B:09:12:72:D1:E1:EB:45:1E:71:E4:13:B9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBeCQ6CGawkSctHh60UeceQTuZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/24R_E0WjYN8Sc_e1GxAbuIOieBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/KBeCQ6CGawkSctHh60UeceQTuZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:61:b7:bf:d4:aa:ca:fc:22:86:d1:a1:7c:10:88:9a:0d:88:
         53:b9:d6:76:8a:d7:93:91:93:53:93:36:ac:3f:26:c8:e4:fd:
         00:2e:57:48:81:fe:ef:09:83:e9:27:7c:39:2f:c2:34:b5:ae:
         7c:53:cb:73:d7:6b:b0:4b:1b:7a:6a:f2:cc:5f:9d:75:3a:7e:
         e2:a6:b2:4b:bf:0a:fc:28:be:ec:95:11:88:42:ed:fc:aa:2c:
         3e:99:33:18:14:b7:9c:2e:f6:83:09:ea:07:fc:6e:42:7e:a0:
         c6:72:b4:32:73:20:2a:70:61:cc:eb:fc:ef:62:50:ca:72:8f:
         7a:ce:f2:da:1e:a9:0f:fb:c6:79:5b:ea:1e:88:ee:cc:21:5e:
         59:03:b6:eb:b2:af:d9:26:a9:f4:d2:2c:71:b5:d5:5b:48:3f:
         d0:8f:7b:73:2c:29:69:76:7b:16:49:8b:ff:e8:c8:ae:ca:e1:
         00:5e:69:3c:cc:25:38:63:52:f0:61:f7:00:c3:1d:13:de:f7:
         cc:e0:2f:1d:5d:ec:aa:53:f5:71:ae:25:7c:58:61:c1:ad:d0:
         76:7c:dd:cd:a9:39:03:36:8b:b1:4c:1a:b6:f1:83:7c:e1:6c:
         8c:43:72:73:e9:b0:20:1d:85:88:7d:e5:95:81:e8:7e:2d:f5:
         8b:e9:0f:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+k8iBwDdCFPXYXVDXV7STpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTc4MjQzYTA4NjZiMDkxMjcyZDFlMWViNDUxZTcxZTQx
M2I5OWEwHhcNMjQwNTIzMTAxNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjg0N2YxMzQ1YTM2MGRmMTI3M2Y3YjUxYjEwMWJiODgzYTI3ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53a1JA9BLQeabxrwGL1AiwPDqSJC
WlezdMuilL9NeNGSFy7gbLKopFJrFhX0AZSKo+W2NheH5jO49QFtDvAmraENAMgC
DZ9DUuZHOa1hH28On6kH+a2fyIUHlijw5L53Y6bHDSmCWKuMy/+AqfW8gJt6+ZPM
WIO+Jy0QpoAcre9eSzL1Dzgv3RbwPXAdXmtAWTi3uDJKJnjcYXAx9FwXAuBOrTLM
z4VYy81hdW8PNgQ78o/uLiRho0kOugDPvRTWzZen70VZA4rmT6HfEkDbv5K/QwR4
2WAZ5hTKjmTtLt4U/fj+Mvic92Rioxf3mFzwL5XO4enM5oFq1+a5Bxxu+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuEfxNFo2DfEnP3tRsQG7iDongQMB8GA1UdIwQY
MBaAFCgXgkOghmsJEnLR4etFHnHkE7maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JlQ1E2Q0dhd2tTY3RIaDYwVWVjZVFUdVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS83NDdkYjgtYWM1Ny00NmE4LWI2MzIt
NmNlM2MwM2ExMzRjLzEvMjRSX0UwV2pZTjhTY19lMUd4QWJ1SU9pZUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS83NDdkYjgtYWM1Ny00NmE4LWI2MzItNmNlM2MwM2ExMzRj
LzEvS0JlQ1E2Q0dhd2tTY3RIaDYwVWVjZVFUdVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXcMA0G
CSqGSIb3DQEBCwUAA4IBAQClYbe/1KrK/CKG0aF8EIiaDYhTudZ2iteTkZNTkzas
PybI5P0ALldIgf7vCYPpJ3w5L8I0ta58U8tz12uwSxt6avLMX511On7iprJLvwr8
KL7slRGIQu38qiw+mTMYFLecLvaDCeoH/G5CfqDGcrQycyAqcGHM6/zvYlDKco96
zvLaHqkP+8Z5W+oeiO7MIV5ZA7brsq/ZJqn00ixxtdVbSD/Qj3tzLClpdnsWSYv/
6MiuyuEAXmk8zCU4Y1LwYfcAwx0T3vfM4C8dXeyqU/VxriV8WGHBrdB2fN3NqTkD
NouxTBq28YN84WyMQ3Jz6bAgHYWIfeWVgeh+LfWL6Q+6
-----END CERTIFICATE-----