Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/bbf319-15a9-40d9-beec-36a86f0d0e13/1/aqGG_EN8mx1SLaqzQYKKNy4ORm4.roa
File:                     aqGG_EN8mx1SLaqzQYKKNy4ORm4.roa (raw, json)
Hash identifier:          9ycGkLi9zUex8ehHxcpydNEfJkWE8DzipYMIVVmp5tg=
Subject key identifier:   6A:A1:86:FC:43:7C:9B:1D:52:2D:AA:B3:41:82:8A:37:2E:0E:46:6E
Certificate issuer:       /CN=d5b6d2a0a8c538e917fb94aa96791a3be7b8063a
Certificate serial:       018CC8DF45D51521D683DB91B305654CA359
Authority key identifier: D5:B6:D2:A0:A8:C5:38:E9:17:FB:94:AA:96:79:1A:3B:E7:B8:06:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1bbSoKjFOOkX-5SqlnkaO-e4Bjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/bbf319-15a9-40d9-beec-36a86f0d0e13/1/aqGG_EN8mx1SLaqzQYKKNy4ORm4.roa
Signing time:             Tue 02 Jan 2024 06:32:04 +0000
ROA not before:           Tue 02 Jan 2024 06:32:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        45.129.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/bbf319-15a9-40d9-beec-36a86f0d0e13/1/1bbSoKjFOOkX-5SqlnkaO-e4Bjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/bbf319-15a9-40d9-beec-36a86f0d0e13/1/1bbSoKjFOOkX-5SqlnkaO-e4Bjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1bbSoKjFOOkX-5SqlnkaO-e4Bjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:45:d5:15:21:d6:83:db:91:b3:05:65:4c:a3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5b6d2a0a8c538e917fb94aa96791a3be7b8063a
        Validity
            Not Before: Jan  2 06:32:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aa186fc437c9b1d522daab341828a372e0e466e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:28:73:72:27:76:9e:13:ee:f5:fb:d8:1b:13:
                    ca:06:18:fc:fc:df:e8:9c:42:b3:7a:75:b3:fa:fd:
                    ca:c5:16:f7:57:12:dd:eb:de:d7:ce:af:9e:4b:d9:
                    06:bf:59:52:df:db:f4:dc:6d:75:4d:b0:8e:7c:5a:
                    ea:0b:8f:10:5a:9c:1a:6d:e4:47:49:e5:a5:79:4c:
                    0f:ae:60:85:3b:30:aa:2c:c7:87:0e:0c:66:cf:4c:
                    8e:5d:ac:fe:39:ed:d9:60:aa:4b:2a:9d:59:33:88:
                    81:33:95:6e:b8:58:dd:23:f4:80:d5:a6:18:f7:2c:
                    f7:46:0d:65:28:ea:06:11:3f:81:12:ad:b6:84:8b:
                    97:b0:82:cc:40:33:7f:61:2a:3b:2f:2d:56:30:1c:
                    b8:34:87:e9:11:4b:f4:0f:6c:13:81:c0:a8:24:03:
                    51:3e:e4:0b:e5:26:a6:84:83:28:c9:f5:e2:8c:6b:
                    48:08:6d:69:f5:1e:9c:05:97:b4:07:8c:a1:4d:2d:
                    68:04:61:e0:18:f0:d4:74:65:ef:24:9c:6a:6f:a9:
                    8c:5a:2c:11:a8:d2:bc:8d:66:06:97:90:47:9a:ec:
                    f3:e0:9c:03:34:8d:7a:6b:78:c0:ec:d9:72:86:11:
                    54:1c:e2:bd:3a:5d:e9:33:2c:c7:90:e0:51:ab:69:
                    98:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A1:86:FC:43:7C:9B:1D:52:2D:AA:B3:41:82:8A:37:2E:0E:46:6E
            X509v3 Authority Key Identifier:
                keyid:D5:B6:D2:A0:A8:C5:38:E9:17:FB:94:AA:96:79:1A:3B:E7:B8:06:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1bbSoKjFOOkX-5SqlnkaO-e4Bjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/bbf319-15a9-40d9-beec-36a86f0d0e13/1/aqGG_EN8mx1SLaqzQYKKNy4ORm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/bbf319-15a9-40d9-beec-36a86f0d0e13/1/1bbSoKjFOOkX-5SqlnkaO-e4Bjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f7:a3:c8:30:38:c0:31:3d:b3:b9:a0:8b:3d:92:5f:3d:14:
         fb:c9:f4:50:c8:42:01:fe:56:ce:76:88:1d:10:62:b4:44:7a:
         f5:ec:6a:04:bb:21:d2:eb:f4:9e:b8:d6:aa:66:9b:df:9a:f2:
         af:bf:00:97:df:b8:a8:28:3a:8a:ea:5d:e2:39:23:a8:fb:2a:
         d1:c7:42:64:28:0d:2a:be:3e:f8:c5:2d:53:4d:80:ae:e6:92:
         6e:20:e6:9c:f6:2f:db:4d:9f:68:d2:81:6f:c9:9f:6e:a8:00:
         ec:e5:b1:43:96:b8:f0:d4:2a:39:25:85:ea:67:bc:67:42:43:
         7f:f6:8b:d9:dd:df:d2:84:61:93:1b:16:7a:b5:5f:7f:0d:85:
         3c:ed:9f:27:11:f7:33:6d:d7:21:af:10:47:6c:a7:71:b3:fa:
         d9:f4:a4:14:e7:19:12:47:e4:32:5d:b3:04:46:af:24:94:b2:
         48:9f:f9:c2:83:d3:69:f5:47:38:29:22:2c:5c:b7:d3:49:00:
         59:b4:8c:ac:a4:56:0a:ec:3b:01:e2:1a:ab:95:0c:1e:65:1c:
         30:cd:eb:fe:40:12:09:d4:aa:ba:27:5e:85:28:c7:85:0a:e2:
         56:10:d9:37:30:99:d9:88:a7:50:13:78:4b:de:1c:fc:90:b2:
         ee:6f:e0:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI30XVFSHWg9uRswVlTKNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YjZkMmEwYThjNTM4ZTkxN2ZiOTRhYTk2NzkxYTNiZTdi
ODA2M2EwHhcNMjQwMTAyMDYzMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWExODZmYzQzN2M5YjFkNTIyZGFhYjM0MTgyOGEzNzJlMGU0NjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsihzcid2nhPu9fvYGxPKBhj8/N/o
nEKzenWz+v3KxRb3VxLd697Xzq+eS9kGv1lS39v03G11TbCOfFrqC48QWpwabeRH
SeWleUwPrmCFOzCqLMeHDgxmz0yOXaz+Oe3ZYKpLKp1ZM4iBM5VuuFjdI/SA1aYY
9yz3Rg1lKOoGET+BEq22hIuXsILMQDN/YSo7Ly1WMBy4NIfpEUv0D2wTgcCoJANR
PuQL5SamhIMoyfXijGtICG1p9R6cBZe0B4yhTS1oBGHgGPDUdGXvJJxqb6mMWiwR
qNK8jWYGl5BHmuzz4JwDNI16a3jA7NlyhhFUHOK9Ol3pMyzHkOBRq2mY0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqhhvxDfJsdUi2qs0GCijcuDkZuMB8GA1UdIwQY
MBaAFNW20qCoxTjpF/uUqpZ5GjvnuAY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWJiU29LakZPT2tYLTVTcWxua2FPLWU0QmpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9iYmYzMTktMTVhOS00MGQ5LWJlZWMt
MzZhODZmMGQwZTEzLzEvYXFHR19FTjhteDFTTGFxelFZS0tOeTRPUm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9iYmYzMTktMTVhOS00MGQ5LWJlZWMtMzZhODZmMGQwZTEz
LzEvMWJiU29LakZPT2tYLTVTcWxua2FPLWU0QmpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYEQMA0G
CSqGSIb3DQEBCwUAA4IBAQB/96PIMDjAMT2zuaCLPZJfPRT7yfRQyEIB/lbOdogd
EGK0RHr17GoEuyHS6/SeuNaqZpvfmvKvvwCX37ioKDqK6l3iOSOo+yrRx0JkKA0q
vj74xS1TTYCu5pJuIOac9i/bTZ9o0oFvyZ9uqADs5bFDlrjw1Co5JYXqZ7xnQkN/
9ovZ3d/ShGGTGxZ6tV9/DYU87Z8nEfczbdchrxBHbKdxs/rZ9KQU5xkSR+QyXbME
Rq8klLJIn/nCg9Np9Uc4KSIsXLfTSQBZtIyspFYK7DsB4hqrlQweZRwwzev+QBIJ
1Kq6J16FKMeFCuJWENk3MJnZiKdQE3hL3hz8kLLub+DU
-----END CERTIFICATE-----