Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/tATkF7-XUFypg5EyJJxR2UueTfk.roa
File:                     tATkF7-XUFypg5EyJJxR2UueTfk.roa (raw, json)
Hash identifier:          G8xEvHMKw2vDdzHbAd+0kZaMGdmvfxzHh53NGP7noiU=
Subject key identifier:   B4:04:E4:17:BF:97:50:5C:A9:83:91:32:24:9C:51:D9:4B:9E:4D:F9
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01928FD2D4824290799BC7AD3B7F04464BA7
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/tATkF7-XUFypg5EyJJxR2UueTfk.roa
Signing time:             Tue 15 Oct 2024 10:56:51 +0000
ROA not before:           Tue 15 Oct 2024 10:56:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        45.150.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8f:d2:d4:82:42:90:79:9b:c7:ad:3b:7f:04:46:4b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 15 10:56:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b404e417bf97505ca9839132249c51d94b9e4df9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:14:24:7f:6b:7f:2f:e8:0d:f0:d0:a0:50:84:
                    bf:3f:c9:7b:4d:2e:6f:e0:56:7a:e4:fb:12:29:07:
                    bb:8b:52:74:f1:23:4e:4b:7d:90:57:75:47:32:79:
                    18:96:82:e2:54:7f:3e:60:26:3a:e8:51:9d:18:bb:
                    ee:80:4a:34:4d:ee:9f:04:81:ed:61:ed:79:43:1f:
                    9d:15:a5:e7:bb:7e:3f:81:f2:b0:52:6f:e6:7c:ea:
                    49:ec:19:c8:6f:35:c0:3e:96:eb:81:88:64:8e:05:
                    ef:60:b9:69:be:a4:8a:30:50:03:19:5e:00:57:67:
                    4a:68:c6:82:99:10:8a:ae:c3:08:f2:b0:c1:43:b7:
                    48:f3:4a:ff:d4:10:5e:db:b5:79:4a:26:92:8b:fc:
                    c9:4d:fa:f7:e4:a5:a9:eb:5c:0d:23:9f:20:a3:ef:
                    04:09:ed:e3:b7:78:f0:7e:85:3a:00:12:d4:bf:43:
                    6e:6e:d1:8c:db:9c:41:6d:14:94:d9:6f:82:f1:a4:
                    76:72:44:60:97:6e:c3:8c:26:2d:6e:e9:9a:c9:4d:
                    46:31:88:4b:ab:e3:85:ab:55:fa:a4:29:11:03:aa:
                    62:46:b5:21:d1:f1:2a:36:ce:e8:0e:fb:27:83:89:
                    70:a3:2c:5e:ac:1b:56:06:97:b5:c3:72:23:5b:1a:
                    e8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:04:E4:17:BF:97:50:5C:A9:83:91:32:24:9C:51:D9:4B:9E:4D:F9
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/tATkF7-XUFypg5EyJJxR2UueTfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:7a:95:f3:48:bf:3f:4f:55:39:a1:c3:bb:71:da:c1:2f:16:
         05:cf:e0:d2:ee:76:64:c5:93:d7:7a:8c:99:78:f4:e7:c1:f7:
         a4:0c:e5:b3:90:ec:98:e0:fb:52:ff:d5:c3:0b:25:bd:f9:87:
         7b:2a:32:63:ed:f6:4c:21:fa:fd:ef:93:56:95:39:f5:31:47:
         66:3b:18:29:10:c1:83:af:97:ee:5f:e1:dc:db:c2:89:b0:59:
         fe:57:a6:10:f1:9b:ad:98:d7:47:90:ef:e1:43:ea:26:29:66:
         1d:89:f8:ef:07:76:36:6e:a5:ef:75:3c:e0:3f:01:a5:f4:11:
         86:52:0a:0a:e6:18:bf:3a:89:af:18:88:40:ea:c5:d4:c7:bf:
         29:8c:f2:b0:f8:01:cf:25:4b:70:98:a8:2e:a9:a3:10:47:c1:
         7b:4b:03:0f:cd:35:7b:53:b4:8b:2d:c2:da:3f:7d:05:e3:ea:
         01:72:20:a8:17:b2:3e:1a:39:21:2c:73:e6:2f:5f:30:a1:f5:
         6d:60:64:68:69:c4:2d:22:99:2d:3d:5c:74:67:a3:a6:2b:31:
         14:9a:3b:cc:5f:6f:e1:f4:a0:2a:cf:4d:e9:2d:87:87:aa:bb:
         8d:15:6a:06:6a:40:67:a9:0e:2b:b9:18:39:89:a0:67:8b:a2:
         a2:db:3b:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKP0tSCQpB5m8etO38ERkunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMDE1MTA1NjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDA0ZTQxN2JmOTc1MDVjYTk4MzkxMzIyNDljNTFkOTRiOWU0ZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RQkf2t/L+gN8NCgUIS/P8l7TS5v
4FZ65PsSKQe7i1J08SNOS32QV3VHMnkYloLiVH8+YCY66FGdGLvugEo0Te6fBIHt
Ye15Qx+dFaXnu34/gfKwUm/mfOpJ7BnIbzXAPpbrgYhkjgXvYLlpvqSKMFADGV4A
V2dKaMaCmRCKrsMI8rDBQ7dI80r/1BBe27V5SiaSi/zJTfr35KWp61wNI58go+8E
Ce3jt3jwfoU6ABLUv0NubtGM25xBbRSU2W+C8aR2ckRgl27DjCYtbumayU1GMYhL
q+OFq1X6pCkRA6piRrUh0fEqNs7oDvsng4lwoyxerBtWBpe1w3IjWxromwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQE5Be/l1BcqYORMiScUdlLnk35MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvdEFUa0Y3LVhVRnlwZzVFeUpKeFIyVXVlVGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZYgMA0G
CSqGSIb3DQEBCwUAA4IBAQAgepXzSL8/T1U5ocO7cdrBLxYFz+DS7nZkxZPXeoyZ
ePTnwfekDOWzkOyY4PtS/9XDCyW9+Yd7KjJj7fZMIfr975NWlTn1MUdmOxgpEMGD
r5fuX+Hc28KJsFn+V6YQ8ZutmNdHkO/hQ+omKWYdifjvB3Y2bqXvdTzgPwGl9BGG
UgoK5hi/OomvGIhA6sXUx78pjPKw+AHPJUtwmKguqaMQR8F7SwMPzTV7U7SLLcLa
P30F4+oBciCoF7I+GjkhLHPmL18wofVtYGRoacQtIpktPVx0Z6OmKzEUmjvMX2/h
9KAqz03pLYeHqruNFWoGakBnqQ4ruRg5iaBni6Ki2zvc
-----END CERTIFICATE-----