Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/M6EEoxY2Y56SCEO_bsmUHnaYj8Q.roa
File:                     M6EEoxY2Y56SCEO_bsmUHnaYj8Q.roa (raw, json)
Hash identifier:          HoFF2ynGjkp6594oaRcRO/9i7YbKBtExxErptj3Hk/c=
Subject key identifier:   33:A1:04:A3:16:36:63:9E:92:08:43:BF:6E:C9:94:1E:76:98:8F:C4
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       01928A5977C0352C416F58A4F7343BC07329
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/M6EEoxY2Y56SCEO_bsmUHnaYj8Q.roa
Signing time:             Mon 14 Oct 2024 09:26:12 +0000
ROA not before:           Mon 14 Oct 2024 09:26:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212271
IP address blocks:        152.89.168.0/24 maxlen: 24
                          152.89.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:59:77:c0:35:2c:41:6f:58:a4:f7:34:3b:c0:73:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Oct 14 09:26:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a104a31636639e920843bf6ec9941e76988fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:56:f7:2e:d0:64:ae:af:5a:cb:cc:ee:52:77:
                    3e:ce:e4:d2:c0:1b:ec:11:31:bb:8d:56:58:71:f0:
                    1c:d0:c4:e9:c4:6a:8d:95:4d:13:a2:89:9c:40:97:
                    f6:43:88:14:e7:2d:19:b7:ce:cf:d7:66:6e:df:88:
                    1d:4c:c5:a2:c4:ff:65:9e:42:aa:76:69:9c:06:fa:
                    a5:67:75:27:af:4c:64:4f:4d:0a:6d:b2:86:87:c0:
                    4a:25:c9:13:e9:05:34:a8:03:8a:06:e1:d1:00:13:
                    68:8a:28:0e:ae:c1:2c:ca:81:3c:07:f5:8a:2c:40:
                    65:ca:07:ad:a7:f1:51:1b:2d:dc:b4:d6:50:29:b0:
                    19:d1:79:39:fa:ae:73:2b:a3:83:b0:0d:40:ab:5c:
                    d9:a5:93:a2:01:47:78:4b:ec:51:d5:73:6f:cb:89:
                    a2:cf:c3:1b:f5:cd:1b:da:90:44:cd:90:2a:7c:84:
                    a2:cb:e1:5d:4a:40:17:55:b3:37:ad:a0:83:e8:0b:
                    5e:91:49:e5:b8:97:6a:4f:2a:9d:4c:53:0e:26:e0:
                    91:6f:7d:a4:97:64:db:9b:a8:1a:82:48:cc:7f:38:
                    3d:e8:0f:b9:a5:d3:02:6a:ad:5a:fa:38:91:15:e3:
                    65:f9:c4:02:8e:8c:dd:85:c8:bc:82:d2:4f:fa:1b:
                    5f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A1:04:A3:16:36:63:9E:92:08:43:BF:6E:C9:94:1E:76:98:8F:C4
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/M6EEoxY2Y56SCEO_bsmUHnaYj8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:a9:f9:ed:e3:af:50:19:49:18:72:ad:8e:20:c4:94:c9:1e:
         be:6b:e2:82:a2:3d:e9:2b:d1:5f:32:3a:14:19:75:a7:06:e8:
         14:5e:3a:86:af:b1:13:22:d7:2a:ad:c8:86:68:10:20:04:7d:
         fc:aa:e0:0d:50:1d:64:36:70:a5:c5:94:ec:cb:89:f3:7c:4c:
         95:5c:93:13:21:8b:b7:b3:43:13:83:cf:29:bb:95:3f:bb:4e:
         da:33:63:a7:05:3c:b7:80:8a:a9:f8:c3:3f:21:32:1a:35:45:
         b6:f0:9d:16:7e:44:21:60:92:72:52:81:89:c2:c6:8c:7e:7e:
         79:9b:47:d3:80:ab:4b:28:57:fc:20:0f:46:ca:c8:d9:ea:27:
         ab:48:ab:bf:b7:d5:43:40:2a:74:0d:28:c3:4b:1d:88:17:51:
         fc:67:e8:af:3a:87:68:73:b0:a6:61:3a:af:4e:6f:ed:3e:ad:
         d0:de:e4:7b:1a:a1:c4:ce:fb:a1:13:e6:77:48:23:7d:6b:86:
         5a:d9:2d:b8:0a:0d:20:9c:ce:f2:8c:2e:e5:ae:52:bd:a6:f7:
         be:fd:70:fe:92:f0:3b:43:31:aa:5f:ac:27:08:db:37:84:db:
         d8:40:ad:e0:97:06:96:ab:75:b3:41:05:44:7c:0e:d2:35:c6:
         93:e0:46:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKKWXfANSxBb1ik9zQ7wHMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQxMDE0MDkyNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2ExMDRhMzE2MzY2MzllOTIwODQzYmY2ZWM5OTQxZTc2OTg4ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlb3LtBkrq9ay8zuUnc+zuTSwBvs
ETG7jVZYcfAc0MTpxGqNlU0ToomcQJf2Q4gU5y0Zt87P12Zu34gdTMWixP9lnkKq
dmmcBvqlZ3Unr0xkT00KbbKGh8BKJckT6QU0qAOKBuHRABNoiigOrsEsyoE8B/WK
LEBlygetp/FRGy3ctNZQKbAZ0Xk5+q5zK6ODsA1Aq1zZpZOiAUd4S+xR1XNvy4mi
z8Mb9c0b2pBEzZAqfISiy+FdSkAXVbM3raCD6AtekUnluJdqTyqdTFMOJuCRb32k
l2Tbm6gagkjMfzg96A+5pdMCaq1a+jiRFeNl+cQCjozdhci8gtJP+htfnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOhBKMWNmOekghDv27JlB52mI/EMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvTTZFRW94WTJZNTZTQ0VPX2JzbVVIbmFZajhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmFmoMA0G
CSqGSIb3DQEBCwUAA4IBAQCdqfnt469QGUkYcq2OIMSUyR6+a+KCoj3pK9FfMjoU
GXWnBugUXjqGr7ETItcqrciGaBAgBH38quANUB1kNnClxZTsy4nzfEyVXJMTIYu3
s0MTg88pu5U/u07aM2OnBTy3gIqp+MM/ITIaNUW28J0WfkQhYJJyUoGJwsaMfn55
m0fTgKtLKFf8IA9GysjZ6ierSKu/t9VDQCp0DSjDSx2IF1H8Z+ivOodoc7CmYTqv
Tm/tPq3Q3uR7GqHEzvuhE+Z3SCN9a4Za2S24Cg0gnM7yjC7lrlK9pve+/XD+kvA7
QzGqX6wnCNs3hNvYQK3glwaWq3WzQQVEfA7SNcaT4Eap
-----END CERTIFICATE-----