Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/5Luv3ho_puLCdH7Wewugn77luOA.roa
File:                     5Luv3ho_puLCdH7Wewugn77luOA.roa (raw, json)
Hash identifier:          yYvrQ3lj3NVtfRV2xNQfrXogamomtzRE6H4N0fnTwg0=
Subject key identifier:   E4:BB:AF:DE:1A:3F:A6:E2:C2:74:7E:D6:7B:0B:A0:9F:BE:E5:B8:E0
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       01909CB88143C14222BF1E9159D730992674
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/5Luv3ho_puLCdH7Wewugn77luOA.roa
Signing time:             Wed 10 Jul 2024 12:57:35 +0000
ROA not before:           Wed 10 Jul 2024 12:57:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207475
IP address blocks:        45.12.27.0/24 maxlen: 24
                          193.38.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:b8:81:43:c1:42:22:bf:1e:91:59:d7:30:99:26:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jul 10 12:57:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4bbafde1a3fa6e2c2747ed67b0ba09fbee5b8e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2f:20:bf:32:44:03:44:22:51:fd:6f:77:8f:
                    76:6a:83:13:ee:14:8b:0f:e3:96:6a:f4:22:4f:6d:
                    95:56:be:3d:b5:c8:90:f2:e3:11:32:41:77:62:55:
                    0b:2f:d7:43:78:de:b2:79:05:fc:b8:d5:0b:db:d3:
                    fa:ed:6c:70:51:07:d7:09:35:d9:28:81:65:17:37:
                    a1:87:bf:d0:51:2e:1d:bc:9c:c2:85:7f:3c:7d:a5:
                    e0:59:a1:96:df:83:35:9c:f0:22:9f:33:a0:eb:07:
                    9c:46:e1:8f:d3:bd:ba:ad:ee:f3:e1:6b:0e:50:67:
                    a6:c4:4f:bb:9e:7c:9a:f8:32:c6:20:3a:3d:4c:1e:
                    dd:d9:63:e8:a1:5a:e9:ed:58:00:28:0e:93:94:c3:
                    e3:99:38:c9:da:53:3e:85:dd:7a:64:c5:68:92:45:
                    05:31:ca:03:1c:47:e2:f0:71:14:18:a5:b2:5e:b0:
                    18:18:ef:4d:e3:1b:f4:72:8c:75:42:7a:cb:6a:07:
                    6d:79:13:e3:58:28:23:da:0b:bb:a9:20:69:a7:25:
                    af:f7:2a:da:06:a5:51:4a:85:e9:66:e3:ab:14:a4:
                    45:34:2b:18:7f:50:18:74:9c:6c:99:97:94:5c:ba:
                    bc:f0:a2:69:9c:6e:86:c1:89:91:e3:92:d0:02:9c:
                    76:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:BB:AF:DE:1A:3F:A6:E2:C2:74:7E:D6:7B:0B:A0:9F:BE:E5:B8:E0
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/5Luv3ho_puLCdH7Wewugn77luOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.27.0/24
                  193.38.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:a6:cb:8d:66:69:a2:59:70:df:05:ef:03:b6:b2:24:52:98:
         8d:ac:f9:ae:ee:8d:47:71:9b:52:c7:ca:3f:6a:61:56:c4:d3:
         08:f1:51:f7:12:8f:1e:a5:60:fa:a2:02:5a:82:55:bd:98:23:
         06:e2:09:9b:ac:d8:c4:af:2a:0d:0d:b6:64:4a:ba:2c:3b:a6:
         fd:36:b7:5f:e0:4f:75:35:05:a9:65:c6:ce:13:f9:52:00:42:
         32:8c:a9:b7:ec:af:73:17:46:93:15:13:41:1f:a8:bd:a5:0e:
         04:24:26:74:cb:53:e8:cd:d8:dd:ec:f7:03:1f:60:5c:b4:b8:
         9a:54:95:1f:94:da:6a:a1:56:c0:e2:9a:8e:24:b7:61:13:4a:
         c1:f9:89:d6:35:07:f7:af:74:05:2e:40:23:b0:40:e8:79:52:
         ca:49:d7:5c:2c:b5:ab:65:94:f8:d6:de:fe:1c:9e:98:0b:b3:
         28:e2:d8:8c:bf:40:a9:58:9c:9a:b9:10:17:56:59:fe:69:21:
         6d:e0:3b:c6:57:ac:5f:4b:99:c2:2f:7f:b3:61:ff:fa:a9:a8:
         92:82:3f:d0:9c:b1:8f:c5:38:1a:3c:05:90:03:d7:51:8a:bd:
         df:5d:7e:c0:45:4a:86:94:7d:79:c9:e7:49:b1:43:97:10:8c:
         7f:e2:fc:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCcuIFDwUIivx6RWdcwmSZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwNzEwMTI1NzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGJiYWZkZTFhM2ZhNmUyYzI3NDdlZDY3YjBiYTA5ZmJlZTViOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly8gvzJEA0QiUf1vd492aoMT7hSL
D+OWavQiT22VVr49tciQ8uMRMkF3YlULL9dDeN6yeQX8uNUL29P67WxwUQfXCTXZ
KIFlFzehh7/QUS4dvJzChX88faXgWaGW34M1nPAinzOg6wecRuGP0726re7z4WsO
UGemxE+7nnya+DLGIDo9TB7d2WPooVrp7VgAKA6TlMPjmTjJ2lM+hd16ZMVokkUF
McoDHEfi8HEUGKWyXrAYGO9N4xv0cox1QnrLagdteRPjWCgj2gu7qSBppyWv9yra
BqVRSoXpZuOrFKRFNCsYf1AYdJxsmZeUXLq88KJpnG6GwYmR45LQApx29wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOS7r94aP6biwnR+1nsLoJ++5bjgMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvNUx1djNob19wdUxDZEg3V2V3dWduNzdsdU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQwbAwQA
wSb/MA0GCSqGSIb3DQEBCwUAA4IBAQAypsuNZmmiWXDfBe8DtrIkUpiNrPmu7o1H
cZtSx8o/amFWxNMI8VH3Eo8epWD6ogJaglW9mCMG4gmbrNjEryoNDbZkSrosO6b9
Nrdf4E91NQWpZcbOE/lSAEIyjKm37K9zF0aTFRNBH6i9pQ4EJCZ0y1Pozdjd7PcD
H2BctLiaVJUflNpqoVbA4pqOJLdhE0rB+YnWNQf3r3QFLkAjsEDoeVLKSddcLLWr
ZZT41t7+HJ6YC7Mo4tiMv0CpWJyauRAXVln+aSFt4DvGV6xfS5nCL3+zYf/6qaiS
gj/QnLGPxTgaPAWQA9dRir3fXX7ARUqGlH15yedJsUOXEIx/4vwu
-----END CERTIFICATE-----