Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0s-Sd2WFLKD9eYy7RiTDm1F21s8.roa
File:                     0s-Sd2WFLKD9eYy7RiTDm1F21s8.roa (raw, json)
Hash identifier:          aWZd5q+fLz2cedOyHGdi4Nr1hzcGfYo2vWSMqGeN35E=
Subject key identifier:   D2:CF:92:77:65:85:2C:A0:FD:79:8C:BB:46:24:C3:9B:51:76:D6:CF
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       018F54D946EFC113863B32D4A8D8D29269DF
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0s-Sd2WFLKD9eYy7RiTDm1F21s8.roa
Signing time:             Tue 07 May 2024 20:57:56 +0000
ROA not before:           Tue 07 May 2024 20:57:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        45.136.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:54:d9:46:ef:c1:13:86:3b:32:d4:a8:d8:d2:92:69:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May  7 20:57:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2cf927765852ca0fd798cbb4624c39b5176d6cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:74:ad:5e:bb:8e:54:70:dc:db:df:84:92:12:
                    07:f8:a6:aa:56:cc:5c:b2:60:36:f7:c6:6b:b2:2b:
                    fb:83:c7:d6:63:83:39:ed:44:27:15:ba:50:c7:76:
                    28:32:64:01:8a:49:a7:36:0c:b0:a6:f4:50:b4:72:
                    0b:97:bf:46:ee:78:96:fc:61:55:1c:e4:ac:2d:67:
                    4f:cd:5a:ca:4b:e2:94:4c:55:09:ac:9e:01:42:78:
                    b5:2d:59:82:6f:7b:53:e9:b4:e4:0c:05:9e:42:19:
                    2c:05:26:bf:9a:1e:90:ae:4d:70:dc:14:c9:f7:36:
                    e7:8d:7b:29:c2:73:a4:5b:b7:b1:9f:66:47:18:96:
                    b9:a7:fa:18:e6:8d:d8:75:8f:43:d5:93:1f:5f:64:
                    2e:c4:4f:bd:d1:eb:a9:0d:63:6c:3c:6b:55:6e:9d:
                    19:ae:e1:8f:a1:80:bc:a0:e8:ce:b1:a7:37:72:ab:
                    42:46:dd:5c:c9:f7:ab:15:64:e0:9f:25:59:80:e7:
                    1b:1c:b7:ac:25:4e:3c:04:48:7e:1a:1c:a5:83:0c:
                    6d:20:38:2e:d8:cf:53:47:dd:4b:a9:75:6f:cb:fd:
                    d6:0e:e1:b2:20:d4:d9:29:13:a4:c4:d3:65:2f:e3:
                    5f:04:b4:81:ee:5c:e0:d8:6c:49:ee:57:80:a3:6e:
                    3c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CF:92:77:65:85:2C:A0:FD:79:8C:BB:46:24:C3:9B:51:76:D6:CF
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0s-Sd2WFLKD9eYy7RiTDm1F21s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ee:56:14:5c:c2:c2:15:9b:5f:48:2c:51:99:a8:53:83:74:
         ae:e3:33:36:65:64:35:81:c1:45:11:c5:50:47:92:fe:2c:58:
         47:33:29:67:87:57:4c:7a:aa:44:28:6d:4a:f4:d3:09:62:23:
         07:b6:7c:21:43:2e:5e:41:78:e4:94:c2:55:24:69:2c:2f:15:
         10:7d:c8:f6:52:f6:e9:67:50:61:d3:70:17:bf:09:a4:5d:10:
         eb:8f:07:a7:1f:f0:f8:bf:77:a3:6d:ad:6a:a2:8d:8b:24:0a:
         52:2d:ff:03:6d:e4:61:84:d3:db:f2:36:85:1c:0e:f8:fb:19:
         82:42:cc:a8:51:d9:26:a5:6c:90:58:73:c1:f7:1a:cd:b2:22:
         d8:0a:2b:68:57:27:63:52:06:d1:b2:ea:ad:f5:60:a9:fd:f8:
         30:53:d4:8e:44:fe:7e:da:59:b8:43:1c:dd:65:c6:f7:ef:db:
         f4:d4:7a:8d:c3:26:41:f3:d9:97:b3:f6:c6:1b:58:c0:5b:b4:
         67:67:6f:4c:28:ae:09:0a:4b:77:83:e6:43:77:39:80:22:1b:
         08:f6:52:47:79:91:0a:36:cb:4d:42:8b:48:3b:5f:d3:2e:c3:
         ec:1b:5b:0c:6a:d6:c9:04:42:fe:26:02:96:81:e2:b4:e0:6e:
         cd:73:5e:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9U2UbvwROGOzLUqNjSkmnfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjQwNTA3MjA1NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmNmOTI3NzY1ODUyY2EwZmQ3OThjYmI0NjI0YzM5YjUxNzZkNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHStXruOVHDc29+EkhIH+KaqVsxc
smA298Zrsiv7g8fWY4M57UQnFbpQx3YoMmQBikmnNgywpvRQtHILl79G7niW/GFV
HOSsLWdPzVrKS+KUTFUJrJ4BQni1LVmCb3tT6bTkDAWeQhksBSa/mh6Qrk1w3BTJ
9zbnjXspwnOkW7exn2ZHGJa5p/oY5o3YdY9D1ZMfX2QuxE+90eupDWNsPGtVbp0Z
ruGPoYC8oOjOsac3cqtCRt1cyferFWTgnyVZgOcbHLesJU48BEh+GhylgwxtIDgu
2M9TR91LqXVvy/3WDuGyINTZKROkxNNlL+NfBLSB7lzg2GxJ7leAo248GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLPkndlhSyg/XmMu0Ykw5tRdtbPMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvMHMtU2QyV0ZMS0Q5ZVl5N1JpVERtMUYyMXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYgFMA0G
CSqGSIb3DQEBCwUAA4IBAQCh7lYUXMLCFZtfSCxRmahTg3Su4zM2ZWQ1gcFFEcVQ
R5L+LFhHMylnh1dMeqpEKG1K9NMJYiMHtnwhQy5eQXjklMJVJGksLxUQfcj2Uvbp
Z1Bh03AXvwmkXRDrjwenH/D4v3ejba1qoo2LJApSLf8DbeRhhNPb8jaFHA74+xmC
QsyoUdkmpWyQWHPB9xrNsiLYCitoVydjUgbRsuqt9WCp/fgwU9SORP5+2lm4Qxzd
Zcb379v01HqNwyZB89mXs/bGG1jAW7RnZ29MKK4JCkt3g+ZDdzmAIhsI9lJHeZEK
NstNQotIO1/TLsPsG1sMatbJBEL+JgKWgeK04G7Nc14X
-----END CERTIFICATE-----