Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CNcFfbvRrB7ctSb00sP2-nAacLo.roa
File:                     CNcFfbvRrB7ctSb00sP2-nAacLo.roa (raw, json)
Hash identifier:          7aYTs6xCNMqergwETMMmm8t8XbBZI3d/rjS/YSl2bH8=
Subject key identifier:   08:D7:05:7D:BB:D1:AC:1E:DC:B5:26:F4:D2:C3:F6:FA:70:1A:70:BA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0190E8801055347D5EBD80BFE0A091D709C7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CNcFfbvRrB7ctSb00sP2-nAacLo.roa
Signing time:             Thu 25 Jul 2024 06:07:05 +0000
ROA not before:           Thu 25 Jul 2024 06:07:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399979
IP address blocks:        45.139.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e8:80:10:55:34:7d:5e:bd:80:bf:e0:a0:91:d7:09:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 25 06:07:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08d7057dbbd1ac1edcb526f4d2c3f6fa701a70ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:61:57:49:32:e4:be:32:29:b1:14:69:24:
                    ce:24:41:41:83:66:89:65:c4:a2:73:2b:3a:51:24:
                    ba:3d:10:1a:ff:88:a3:5e:7d:9b:8a:46:a0:1c:d2:
                    3a:f9:1b:19:25:07:37:2f:a7:b1:44:8b:8d:56:dc:
                    f3:2e:36:4b:60:12:aa:e4:ad:88:0c:57:e1:cf:57:
                    7e:2b:d0:07:f6:86:f5:4d:75:fc:db:64:35:10:d5:
                    d3:ad:df:b1:56:b6:76:84:fe:b4:2e:50:29:78:a3:
                    14:b1:61:6e:d2:94:0f:ce:9d:7e:4c:02:a9:bd:a1:
                    f3:9e:d9:86:78:cd:45:32:cb:e8:c6:10:25:e0:5f:
                    dd:ba:89:98:66:17:7b:dd:66:9d:5b:0a:32:e3:33:
                    28:cc:49:c7:b4:d7:fc:30:22:52:16:6b:42:bc:be:
                    4a:c3:55:bc:8c:13:2e:bd:e8:d5:ee:7b:64:02:2f:
                    ea:68:ea:47:91:21:12:0d:70:54:7b:f3:c1:80:96:
                    55:34:9c:b2:a5:e0:d5:e3:52:5d:a6:3f:96:c4:30:
                    8b:d7:0c:35:1a:0c:5e:c3:07:21:8a:94:7d:aa:be:
                    88:db:8d:d3:a3:e2:10:37:19:49:ed:e5:56:96:6c:
                    ca:1c:aa:16:44:6c:54:5d:30:1a:fb:90:2f:33:cf:
                    57:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D7:05:7D:BB:D1:AC:1E:DC:B5:26:F4:D2:C3:F6:FA:70:1A:70:BA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CNcFfbvRrB7ctSb00sP2-nAacLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:58:0a:0b:49:82:c4:bb:04:ad:84:95:28:ef:ee:e8:52:a3:
         b8:13:56:25:53:32:08:de:54:0c:b8:eb:55:5d:b9:e1:4e:da:
         07:c2:90:cb:57:79:41:c4:58:76:80:d4:26:9e:e4:41:2f:d6:
         89:b1:d4:aa:a1:ce:6b:48:42:94:ea:4d:41:d4:ec:f0:96:e6:
         27:b8:78:ed:8a:50:39:78:43:04:2d:65:6a:e7:53:c1:b2:52:
         73:78:d9:cf:ca:6d:07:64:33:21:f4:f9:79:f9:d7:52:7a:05:
         e4:f6:4b:e8:35:7d:de:4a:a7:9e:2d:4c:41:05:71:ca:9d:dd:
         62:17:fd:d9:b8:84:65:92:97:29:c3:dc:18:ba:90:15:94:0b:
         33:15:0f:9d:26:00:dc:f4:6c:c0:d1:36:a7:0e:a0:fa:e7:bd:
         b7:3c:dc:9f:c5:9d:3d:3a:e5:6e:6e:ce:ea:80:dd:7b:52:23:
         d4:ad:1b:dd:f0:2b:77:1e:46:f5:61:81:b8:58:05:04:75:93:
         5a:6b:40:40:05:c7:76:0e:57:39:e8:5c:ec:a3:bf:d8:62:f6:
         1e:c7:6c:f2:b3:ae:05:72:c8:44:fe:bb:88:74:b5:99:1a:65:
         46:06:af:78:ef:20:aa:69:34:0d:a8:38:93:a9:2d:f5:72:ee:
         a3:fe:62:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDogBBVNH1evYC/4KCR1wnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzI1MDYwNzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ3MDU3ZGJiZDFhYzFlZGNiNTI2ZjRkMmMzZjZmYTcwMWE3MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusVhV0ky5L4yKbEUaSTOJEFBg2aJ
ZcSicys6USS6PRAa/4ijXn2bikagHNI6+RsZJQc3L6exRIuNVtzzLjZLYBKq5K2I
DFfhz1d+K9AH9ob1TXX822Q1ENXTrd+xVrZ2hP60LlApeKMUsWFu0pQPzp1+TAKp
vaHzntmGeM1FMsvoxhAl4F/duomYZhd73WadWwoy4zMozEnHtNf8MCJSFmtCvL5K
w1W8jBMuvejV7ntkAi/qaOpHkSESDXBUe/PBgJZVNJyypeDV41Jdpj+WxDCL1ww1
GgxewwchipR9qr6I243To+IQNxlJ7eVWlmzKHKoWRGxUXTAa+5AvM89X0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjXBX270awe3LUm9NLD9vpwGnC6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ05jRmZidlJyQjdjdFNiMDBzUDItbkFhY0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYtoMA0G
CSqGSIb3DQEBCwUAA4IBAQBCWAoLSYLEuwSthJUo7+7oUqO4E1YlUzII3lQMuOtV
XbnhTtoHwpDLV3lBxFh2gNQmnuRBL9aJsdSqoc5rSEKU6k1B1OzwluYnuHjtilA5
eEMELWVq51PBslJzeNnPym0HZDMh9Pl5+ddSegXk9kvoNX3eSqeeLUxBBXHKnd1i
F/3ZuIRlkpcpw9wYupAVlAszFQ+dJgDc9GzA0TanDqD65723PNyfxZ09OuVubs7q
gN17UiPUrRvd8Ct3Hkb1YYG4WAUEdZNaa0BABcd2Dlc56Fzso7/YYvYex2zys64F
cshE/ruIdLWZGmVGBq947yCqaTQNqDiTqS31cu6j/mIf
-----END CERTIFICATE-----