Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/KrJZjiYOQ88jPV27toB3jM5jzTA.roa
File:                     KrJZjiYOQ88jPV27toB3jM5jzTA.roa (raw, json)
Hash identifier:          jk+bJPjch+IAHCOaujCVBbrK+knSr6BnnFu+BZ3CGso=
Subject key identifier:   2A:B2:59:8E:26:0E:43:CF:23:3D:5D:BB:B6:80:77:8C:CE:63:CD:30
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018EF008181CE749DF605EF594810F79EE62
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/KrJZjiYOQ88jPV27toB3jM5jzTA.roa
Signing time:             Thu 18 Apr 2024 07:07:26 +0000
ROA not before:           Thu 18 Apr 2024 07:07:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45671
IP address blocks:        45.155.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:08:18:1c:e7:49:df:60:5e:f5:94:81:0f:79:ee:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Apr 18 07:07:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ab2598e260e43cf233d5dbbb680778cce63cd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d1:60:30:af:a6:4c:29:77:a1:36:64:77:03:
                    41:0d:5f:fc:71:f6:41:32:ff:8e:2d:64:6a:d7:36:
                    8f:47:d3:f4:94:ee:c3:8c:5a:59:78:1f:80:cb:27:
                    91:c2:a5:e3:62:19:46:36:77:dd:6f:4d:6e:c0:5c:
                    af:b9:46:f6:b2:b9:89:b0:f2:a8:dc:3c:f0:06:4c:
                    27:d4:fc:af:af:29:b8:cc:21:74:a5:8e:24:f8:76:
                    d3:1c:84:77:2d:b4:14:a3:6e:dd:70:4f:e0:f2:58:
                    46:8c:da:0b:73:81:87:2c:f7:cb:cd:33:88:ff:1a:
                    1e:1b:7e:82:54:1f:c5:e6:13:b2:7a:2c:8d:85:e7:
                    29:19:50:10:87:a8:cf:ae:85:ba:2c:2b:0c:de:a8:
                    22:71:46:8c:0c:ba:a0:3f:d0:4d:25:15:f8:e9:ab:
                    5b:0f:a8:4e:2f:11:e3:26:d6:4a:2a:3b:7e:5f:a9:
                    cb:1b:4d:3d:2e:9d:4e:27:5e:bf:4d:79:10:e7:4a:
                    59:d3:20:34:d4:4c:a5:f8:1d:2a:41:7b:07:a6:cd:
                    51:ce:9d:13:a3:57:03:58:d9:9d:4e:fc:37:0f:81:
                    41:97:82:f3:2a:33:38:31:7f:de:f1:08:97:61:1b:
                    22:ee:67:11:28:be:ea:1b:81:a7:7b:29:60:f8:4d:
                    a3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B2:59:8E:26:0E:43:CF:23:3D:5D:BB:B6:80:77:8C:CE:63:CD:30
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/KrJZjiYOQ88jPV27toB3jM5jzTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:86:bd:a7:fa:de:90:fa:53:05:89:89:c9:55:44:2d:7a:9b:
         53:3b:72:26:83:32:3a:81:62:bd:88:49:49:e5:0d:62:86:31:
         1a:9d:6a:2b:42:9e:0a:cc:dc:ea:9a:0b:be:51:24:9e:68:54:
         10:03:4a:84:74:e0:b3:c1:c7:c0:32:92:e0:de:8d:75:30:fc:
         53:96:da:22:e0:72:9c:ea:a5:cf:52:b2:47:9f:65:4b:09:78:
         c0:c5:80:cc:a6:73:67:4b:e1:83:78:4b:5c:7f:34:f0:8f:ba:
         5c:93:a5:04:62:ae:bf:75:fb:95:c3:69:3c:06:8c:a7:4d:cf:
         00:1d:28:75:4b:41:8f:3e:50:08:49:32:9c:5c:f8:da:8d:3f:
         7e:6c:58:07:e1:30:3e:ed:53:bc:ca:25:49:1d:54:88:07:56:
         23:3b:3a:97:f6:de:a6:65:07:47:3d:00:bc:00:b1:9f:bf:a6:
         f6:32:ef:4b:68:47:be:e7:5a:d6:54:a8:13:81:26:d1:4b:ad:
         ef:db:01:37:86:6e:8d:ab:97:db:c3:02:01:16:fa:a3:7a:84:
         eb:39:5c:77:0b:c7:ff:4f:f5:87:1e:17:32:5f:04:23:8e:a5:
         a0:17:2b:5b:61:da:8c:2d:1d:5e:5f:dd:3a:c2:06:c1:ab:f2:
         6c:96:99:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7wCBgc50nfYF71lIEPee5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwNDE4MDcwNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWIyNTk4ZTI2MGU0M2NmMjMzZDVkYmJiNjgwNzc4Y2NlNjNjZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdFgMK+mTCl3oTZkdwNBDV/8cfZB
Mv+OLWRq1zaPR9P0lO7DjFpZeB+AyyeRwqXjYhlGNnfdb01uwFyvuUb2srmJsPKo
3DzwBkwn1Pyvrym4zCF0pY4k+HbTHIR3LbQUo27dcE/g8lhGjNoLc4GHLPfLzTOI
/xoeG36CVB/F5hOyeiyNhecpGVAQh6jProW6LCsM3qgicUaMDLqgP9BNJRX46atb
D6hOLxHjJtZKKjt+X6nLG009Lp1OJ16/TXkQ50pZ0yA01Eyl+B0qQXsHps1Rzp0T
o1cDWNmdTvw3D4FBl4LzKjM4MX/e8QiXYRsi7mcRKL7qG4Gneylg+E2jcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqyWY4mDkPPIz1du7aAd4zOY80wMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvS3JKWmppWU9RODhqUFYyN3RvQjNqTTVqelRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCrhr2n+t6Q+lMFiYnJVUQteptTO3ImgzI6gWK9iElJ
5Q1ihjEanWorQp4KzNzqmgu+USSeaFQQA0qEdOCzwcfAMpLg3o11MPxTltoi4HKc
6qXPUrJHn2VLCXjAxYDMpnNnS+GDeEtcfzTwj7pck6UEYq6/dfuVw2k8BoynTc8A
HSh1S0GPPlAISTKcXPjajT9+bFgH4TA+7VO8yiVJHVSIB1YjOzqX9t6mZQdHPQC8
ALGfv6b2Mu9LaEe+51rWVKgTgSbRS63v2wE3hm6Nq5fbwwIBFvqjeoTrOVx3C8f/
T/WHHhcyXwQjjqWgFytbYdqMLR1eX906wgbBq/JslplE
-----END CERTIFICATE-----