Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/LAlFXCC-JwHltwFAYmr02s4pWqM.roa
File:                     LAlFXCC-JwHltwFAYmr02s4pWqM.roa (raw, json)
Hash identifier:          uZqIQKsIYGbEz7tomrBewcx6xPnYDOlZo/865PuMEBs=
Subject key identifier:   2C:09:45:5C:20:BE:27:01:E5:B7:01:40:62:6A:F4:DA:CE:29:5A:A3
Certificate issuer:       /CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
Certificate serial:       019054917B852475AE297E4789A02E1C2EF0
Authority key identifier: AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/LAlFXCC-JwHltwFAYmr02s4pWqM.roa
Signing time:             Wed 26 Jun 2024 12:42:18 +0000
ROA not before:           Wed 26 Jun 2024 12:42:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31019
IP address blocks:        45.92.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:54:91:7b:85:24:75:ae:29:7e:47:89:a0:2e:1c:2e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
        Validity
            Not Before: Jun 26 12:42:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c09455c20be2701e5b70140626af4dace295aa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6b:b0:d3:3c:e5:8c:4b:bd:83:64:56:37:d7:
                    41:4d:b4:a8:17:78:59:f2:2a:ba:c7:50:f6:55:64:
                    1a:76:db:22:ea:21:e1:19:0f:1d:cd:49:bc:68:8b:
                    d3:bb:f0:12:2a:dc:de:c0:63:0f:b8:56:6c:19:1a:
                    5d:4f:de:18:65:07:38:5d:40:71:35:a2:c0:39:64:
                    a0:b6:77:62:1a:b1:76:7f:f7:7d:2e:ba:fc:0b:42:
                    df:32:a8:d3:67:e5:5c:4b:64:a6:c3:79:6d:6c:03:
                    41:e5:55:cb:36:ef:50:09:d1:c5:d8:c9:a5:fd:48:
                    00:19:d0:77:28:70:76:16:5a:ed:2e:d3:5e:8f:8a:
                    b7:40:99:3c:c4:49:61:2d:5c:e0:d4:9a:f3:87:a5:
                    9c:1c:b6:4b:1a:81:50:f0:56:e1:41:e9:1f:b0:f2:
                    30:a2:a4:fe:f1:84:2c:18:ee:91:18:3b:b1:c9:c5:
                    ce:45:84:23:68:02:c6:bf:ef:fe:b9:db:20:a8:6d:
                    9c:df:b3:82:ef:8b:35:32:88:13:1d:c6:b1:5f:3b:
                    1a:0a:fb:25:6f:81:14:98:2c:86:7a:07:73:97:5d:
                    66:94:d5:73:fe:a6:18:6b:33:19:66:80:5b:7d:06:
                    86:32:0e:51:cb:90:ee:6e:34:79:ae:4e:14:5a:47:
                    18:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:09:45:5C:20:BE:27:01:E5:B7:01:40:62:6A:F4:DA:CE:29:5A:A3
            X509v3 Authority Key Identifier:
                keyid:AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/LAlFXCC-JwHltwFAYmr02s4pWqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:75:bb:ae:3e:84:d4:47:88:b4:41:6f:0e:de:51:bd:22:1e:
         f3:4c:e0:21:bd:d1:20:65:39:7e:33:3b:ef:d0:13:3f:75:cd:
         a6:a7:5b:40:87:34:04:09:4f:55:f6:c4:a9:61:43:95:77:2c:
         e5:b2:45:22:55:69:96:a3:19:ea:33:23:49:84:77:ab:f2:df:
         ac:44:f5:ef:30:75:e4:de:5b:68:42:43:ef:36:6c:57:e5:b5:
         bb:37:01:62:41:d1:6b:71:0e:1b:37:c7:14:f7:f1:6e:cd:33:
         6d:e2:b5:dd:45:61:8b:ce:6f:3e:cb:1c:84:0e:b1:82:10:7f:
         c1:72:63:ee:3c:fd:ab:1b:bc:3f:62:2a:07:0a:70:7f:42:18:
         46:43:3c:9f:34:53:57:de:b2:d6:81:ba:ce:09:b7:5e:67:a8:
         ee:16:5e:dd:d4:f1:b3:e9:58:e4:fd:39:81:cd:3d:a0:f1:6a:
         5a:9c:a3:98:92:fa:62:22:5d:eb:06:e9:a9:14:fe:69:30:12:
         d9:4b:1c:54:5b:1a:75:c4:4c:39:a5:b1:b7:2b:1d:1d:ef:9f:
         3c:89:13:4f:a1:e4:c2:48:2f:16:8c:74:a2:7e:d7:db:11:5c:
         e7:a0:ab:90:d8:a3:6a:49:14:b4:bc:ae:94:38:f7:95:fc:dc:
         16:d1:0c:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBUkXuFJHWuKX5HiaAuHC7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjBiNzc3ZjUzNzdiYjFjNTA2NTM4ODRiMDNlMjdkY2Rl
ZTgyOGUwHhcNMjQwNjI2MTI0MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzA5NDU1YzIwYmUyNzAxZTViNzAxNDA2MjZhZjRkYWNlMjk1YWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGuw0zzljEu9g2RWN9dBTbSoF3hZ
8iq6x1D2VWQadtsi6iHhGQ8dzUm8aIvTu/ASKtzewGMPuFZsGRpdT94YZQc4XUBx
NaLAOWSgtndiGrF2f/d9Lrr8C0LfMqjTZ+VcS2Smw3ltbANB5VXLNu9QCdHF2Mml
/UgAGdB3KHB2FlrtLtNej4q3QJk8xElhLVzg1Jrzh6WcHLZLGoFQ8FbhQekfsPIw
oqT+8YQsGO6RGDuxycXORYQjaALGv+/+udsgqG2c37OC74s1MogTHcaxXzsaCvsl
b4EUmCyGegdzl11mlNVz/qYYazMZZoBbfQaGMg5Ry5DubjR5rk4UWkcY2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwJRVwgvicB5bcBQGJq9NrOKVqjMB8GA1UdIwQY
MBaAFK6wt3f1N3uxxQZTiEsD4n3N7oKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMt
OTI2YzRhMzI2ZTA4LzEvTEFsRlhDQy1Kd0hsdHdGQVltcjAyczRwV3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMtOTI2YzRhMzI2ZTA4
LzEvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVxPMA0G
CSqGSIb3DQEBCwUAA4IBAQBudbuuPoTUR4i0QW8O3lG9Ih7zTOAhvdEgZTl+Mzvv
0BM/dc2mp1tAhzQECU9V9sSpYUOVdyzlskUiVWmWoxnqMyNJhHer8t+sRPXvMHXk
3ltoQkPvNmxX5bW7NwFiQdFrcQ4bN8cU9/FuzTNt4rXdRWGLzm8+yxyEDrGCEH/B
cmPuPP2rG7w/YioHCnB/QhhGQzyfNFNX3rLWgbrOCbdeZ6juFl7d1PGz6Vjk/TmB
zT2g8WpanKOYkvpiIl3rBumpFP5pMBLZSxxUWxp1xEw5pbG3Kx0d7588iRNPoeTC
SC8WjHSiftfbEVznoKuQ2KNqSRS0vK6UOPeV/NwW0QzH
-----END CERTIFICATE-----