Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/o2Au1SbBVbM6OyN60nzOqnYGP1Y.roa
File:                     o2Au1SbBVbM6OyN60nzOqnYGP1Y.roa (raw, json)
Hash identifier:          iOegUEAVufMc25AkMAftJiJS2bh7//aUOv6cS95EG7o=
Subject key identifier:   A3:60:2E:D5:26:C1:55:B3:3A:3B:23:7A:D2:7C:CE:AA:76:06:3F:56
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018F1748BDE897C94EF96A86E2AC919BCECF
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/o2Au1SbBVbM6OyN60nzOqnYGP1Y.roa
Signing time:             Thu 25 Apr 2024 22:03:14 +0000
ROA not before:           Thu 25 Apr 2024 22:03:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211560
IP address blocks:        45.155.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:17:48:bd:e8:97:c9:4e:f9:6a:86:e2:ac:91:9b:ce:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Apr 25 22:03:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3602ed526c155b33a3b237ad27cceaa76063f56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:30:dc:4a:5b:4a:e1:7d:7f:c2:d3:9b:b7:59:
                    45:af:d0:3e:56:95:95:75:6a:48:55:32:d1:cb:db:
                    f0:bb:90:bb:68:72:02:60:f2:5f:26:81:fd:ae:bb:
                    3d:06:d1:20:b2:b6:f7:87:64:ae:c1:cf:72:fa:54:
                    0e:44:ee:53:27:2d:ca:80:7d:17:df:dd:e1:7d:39:
                    ef:2d:2f:d3:ba:c7:7f:b1:31:08:4d:22:f2:fb:8f:
                    83:34:c2:a3:2e:84:17:4f:0c:b3:3f:1d:cc:f0:d3:
                    53:f3:6c:1a:9a:28:f4:b7:71:64:57:af:1b:e1:a3:
                    6a:d1:ce:b2:49:d7:4b:f0:5e:bb:8f:63:2a:00:5c:
                    0c:89:70:d3:a3:29:aa:79:f4:c3:7c:3f:9c:de:c9:
                    d6:2f:8a:7a:c5:20:0f:99:7f:2f:5a:46:1f:37:62:
                    c1:fc:e1:ce:01:37:17:18:ab:72:4b:60:bb:0b:0c:
                    3f:23:42:df:c3:92:7b:e0:87:9b:90:dd:b1:25:9c:
                    f6:fe:e9:73:ff:a7:1f:c9:1f:9a:3d:36:07:fd:98:
                    f8:05:1a:f9:53:39:c2:c4:6c:72:d4:da:30:48:0b:
                    1c:e7:25:af:a9:1d:83:e0:20:e6:e7:52:e3:54:de:
                    08:93:b9:72:d6:a7:52:0f:de:ed:cd:05:23:9c:e1:
                    b5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:60:2E:D5:26:C1:55:B3:3A:3B:23:7A:D2:7C:CE:AA:76:06:3F:56
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/o2Au1SbBVbM6OyN60nzOqnYGP1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:fc:87:0d:77:09:e8:65:7e:2a:9a:06:e7:f8:31:75:2d:f1:
         a4:24:87:32:d7:a6:9a:12:c8:fd:9a:bf:6b:9c:c3:d2:e7:97:
         44:2c:02:8b:4d:36:57:01:ab:a4:a2:3f:37:ad:17:86:aa:40:
         c3:ae:9a:23:b5:d8:6a:c8:30:61:aa:dd:aa:5c:c9:93:92:9f:
         a7:35:43:9d:dd:50:31:66:64:5b:8a:f1:e9:d0:7d:ea:9a:fa:
         91:6f:ca:4d:6a:d9:7e:03:1c:b5:fa:57:3b:35:f0:0a:35:f5:
         27:d3:9e:fd:51:6f:4c:00:65:c9:3e:c1:b4:ab:63:16:b7:2e:
         98:3a:09:13:e3:b1:31:81:f5:a1:93:75:cf:a7:08:2c:f9:09:
         52:96:33:16:87:2d:b7:56:ee:ae:3f:36:72:a2:a1:32:21:46:
         bc:5d:ff:b1:c0:89:5b:88:2d:e4:6c:1f:7e:4a:23:82:d8:8b:
         d1:3b:92:1e:af:6e:11:91:33:34:ef:8a:31:19:6d:31:90:ca:
         06:63:ea:3d:c2:1f:c4:ac:f7:3e:67:db:ee:d2:a9:70:ea:3d:
         a0:cc:14:2b:e2:37:56:ba:41:2e:d8:0e:d2:90:00:b2:84:5c:
         0d:d1:a2:d0:46:a4:88:33:46:1c:f4:0d:7c:c6:ef:9a:e2:0a:
         63:b3:b2:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8XSL3ol8lO+WqG4qyRm87PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwNDI1MjIwMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzYwMmVkNTI2YzE1NWIzM2EzYjIzN2FkMjdjY2VhYTc2MDYzZjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDDcSltK4X1/wtObt1lFr9A+VpWV
dWpIVTLRy9vwu5C7aHICYPJfJoH9rrs9BtEgsrb3h2Suwc9y+lQORO5TJy3KgH0X
393hfTnvLS/Tusd/sTEITSLy+4+DNMKjLoQXTwyzPx3M8NNT82wamij0t3FkV68b
4aNq0c6ySddL8F67j2MqAFwMiXDToymqefTDfD+c3snWL4p6xSAPmX8vWkYfN2LB
/OHOATcXGKtyS2C7Cww/I0Lfw5J74IebkN2xJZz2/ulz/6cfyR+aPTYH/Zj4BRr5
UznCxGxy1NowSAsc5yWvqR2D4CDm51LjVN4Ik7ly1qdSD97tzQUjnOG15wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNgLtUmwVWzOjsjetJ8zqp2Bj9WMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvbzJBdTFTYkJWYk02T3lONjBuek9xbllHUDFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv/MA0G
CSqGSIb3DQEBCwUAA4IBAQC6/IcNdwnoZX4qmgbn+DF1LfGkJIcy16aaEsj9mr9r
nMPS55dELAKLTTZXAaukoj83rReGqkDDrpojtdhqyDBhqt2qXMmTkp+nNUOd3VAx
ZmRbivHp0H3qmvqRb8pNatl+Axy1+lc7NfAKNfUn0579UW9MAGXJPsG0q2MWty6Y
OgkT47ExgfWhk3XPpwgs+QlSljMWhy23Vu6uPzZyoqEyIUa8Xf+xwIlbiC3kbB9+
SiOC2IvRO5Ier24RkTM074oxGW0xkMoGY+o9wh/ErPc+Z9vu0qlw6j2gzBQr4jdW
ukEu2A7SkACyhFwN0aLQRqSIM0Yc9A18xu+a4gpjs7K6
-----END CERTIFICATE-----