Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/i5Kz6Bz7thMwbhxjbXDFCcNQ5Ew.roa
File:                     i5Kz6Bz7thMwbhxjbXDFCcNQ5Ew.roa (raw, json)
Hash identifier:          9jweq6qE9JNVm8aPFrLiNgoiPI8+MMSdd8X1ShB1UFI=
Subject key identifier:   8B:92:B3:E8:1C:FB:B6:13:30:6E:1C:63:6D:70:C5:09:C3:50:E4:4C
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       01909CB8802CC4CB8F0AFA54AE96F1707CDB
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/i5Kz6Bz7thMwbhxjbXDFCcNQ5Ew.roa
Signing time:             Wed 10 Jul 2024 12:57:35 +0000
ROA not before:           Wed 10 Jul 2024 12:57:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201119
IP address blocks:        45.132.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:b8:80:2c:c4:cb:8f:0a:fa:54:ae:96:f1:70:7c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jul 10 12:57:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b92b3e81cfbb613306e1c636d70c509c350e44c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d8:58:2a:7d:1a:56:f2:32:5d:19:c4:6a:8f:
                    71:d1:38:a6:6d:12:9a:43:76:1f:7e:d6:ae:34:28:
                    3d:aa:02:ec:a0:5a:72:05:e0:31:82:17:c4:ec:74:
                    5c:1b:38:e9:8c:38:6a:46:14:22:b5:c2:81:2f:69:
                    ba:2e:fb:7a:59:90:e8:e6:94:cc:88:86:c5:7b:82:
                    55:dc:02:a8:1d:7f:f0:af:13:41:01:16:2d:2b:0d:
                    ce:da:0a:ef:09:44:8e:7c:42:1b:27:b9:84:9d:d8:
                    b2:f1:3e:4e:26:cd:0d:09:4a:6a:0d:7a:fa:64:38:
                    8f:79:fe:87:4e:e6:35:e5:cd:84:d0:75:85:10:52:
                    0d:46:8a:03:17:1a:71:31:38:79:33:ff:93:0f:41:
                    ee:14:6f:31:71:29:87:73:e6:09:bf:02:42:7d:91:
                    d3:1a:8f:d1:c6:41:7a:10:a1:19:ef:91:e5:ba:4a:
                    1c:20:75:15:88:96:10:b9:77:9c:97:9c:86:60:9a:
                    95:7b:90:85:ad:d7:d4:81:3b:6a:21:86:8c:94:60:
                    81:ca:ff:58:71:9c:9c:fe:8e:50:82:6b:f2:53:cc:
                    2b:e2:be:fd:25:26:92:f8:1e:2b:74:2b:f9:79:ac:
                    77:be:5d:5c:db:77:50:a6:ff:f2:98:41:1c:0f:f8:
                    00:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:92:B3:E8:1C:FB:B6:13:30:6E:1C:63:6D:70:C5:09:C3:50:E4:4C
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/i5Kz6Bz7thMwbhxjbXDFCcNQ5Ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:9d:e3:75:6c:77:94:09:d5:72:ea:06:f7:22:9f:7c:fc:1b:
         12:09:41:13:57:29:03:e8:d9:72:6a:4f:76:77:a4:e1:77:4b:
         43:6f:ba:9b:c6:7a:2f:af:54:77:f2:4d:2c:d6:a5:85:4d:50:
         92:2e:47:75:e5:93:f2:16:69:44:03:c5:df:5c:99:ce:db:31:
         23:87:9b:32:3d:4d:f9:5d:16:bd:39:c0:9c:33:90:cf:8a:f6:
         74:f4:77:2a:9d:35:cb:14:d3:32:f8:8a:f1:71:4b:44:70:83:
         52:51:b5:11:c2:5f:58:5e:6f:da:57:1c:21:df:5d:96:57:94:
         f9:03:fd:47:aa:3f:9b:cc:3a:5e:03:2c:34:77:21:77:d1:68:
         57:f9:e2:0d:c4:9a:d8:39:23:61:e3:2b:d1:98:1e:de:97:d3:
         3b:50:ae:1c:f9:e3:73:33:a9:3e:8f:74:6a:0b:e0:e9:b5:78:
         77:8f:00:95:9d:5d:59:76:24:84:f3:93:e6:e2:69:9a:60:c9:
         66:48:cf:d4:d0:54:09:a4:13:76:9a:1e:9a:03:64:7d:3e:d9:
         46:bf:fa:6e:91:ac:3b:f0:3b:94:9c:cb:00:8f:2c:56:ed:44:
         ae:9d:96:1b:aa:9b:ea:82:ce:2f:45:8d:77:d0:96:e1:df:58:
         7f:e8:4e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCcuIAsxMuPCvpUrpbxcHzbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwNzEwMTI1NzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkyYjNlODFjZmJiNjEzMzA2ZTFjNjM2ZDcwYzUwOWMzNTBlNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9hYKn0aVvIyXRnEao9x0TimbRKa
Q3YfftauNCg9qgLsoFpyBeAxghfE7HRcGzjpjDhqRhQitcKBL2m6Lvt6WZDo5pTM
iIbFe4JV3AKoHX/wrxNBARYtKw3O2grvCUSOfEIbJ7mEndiy8T5OJs0NCUpqDXr6
ZDiPef6HTuY15c2E0HWFEFINRooDFxpxMTh5M/+TD0HuFG8xcSmHc+YJvwJCfZHT
Go/RxkF6EKEZ75HlukocIHUViJYQuXecl5yGYJqVe5CFrdfUgTtqIYaMlGCByv9Y
cZyc/o5QgmvyU8wr4r79JSaS+B4rdCv5eax3vl1c23dQpv/ymEEcD/gAZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuSs+gc+7YTMG4cY21wxQnDUORMMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvaTVLejZCejd0aE13Ymh4amJYREZDY05RNUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYSXMA0G
CSqGSIb3DQEBCwUAA4IBAQCJneN1bHeUCdVy6gb3Ip98/BsSCUETVykD6Nlyak92
d6Thd0tDb7qbxnovr1R38k0s1qWFTVCSLkd15ZPyFmlEA8XfXJnO2zEjh5syPU35
XRa9OcCcM5DPivZ09HcqnTXLFNMy+IrxcUtEcINSUbURwl9YXm/aVxwh312WV5T5
A/1Hqj+bzDpeAyw0dyF30WhX+eINxJrYOSNh4yvRmB7el9M7UK4c+eNzM6k+j3Rq
C+DptXh3jwCVnV1ZdiSE85Pm4mmaYMlmSM/U0FQJpBN2mh6aA2R9PtlGv/pukaw7
8DuUnMsAjyxW7USunZYbqpvqgs4vRY130Jbh31h/6E6E
-----END CERTIFICATE-----