Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/tN1FI2S2OWyMS511MNqmVwctCVA.roa
File:                     tN1FI2S2OWyMS511MNqmVwctCVA.roa (raw, json)
Hash identifier:          Sr1DavjwuURarUf1UPCbiGXKoT7TD5vQg7AFVTDk5r8=
Subject key identifier:   B4:DD:45:23:64:B6:39:6C:8C:4B:9D:75:30:DA:A6:57:07:2D:09:50
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       01909CB87C44D77121AD4CC10244A0A55858
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/tN1FI2S2OWyMS511MNqmVwctCVA.roa
Signing time:             Wed 10 Jul 2024 12:57:34 +0000
ROA not before:           Wed 10 Jul 2024 12:57:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5413
IP address blocks:        45.132.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:b8:7c:44:d7:71:21:ad:4c:c1:02:44:a0:a5:58:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jul 10 12:57:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4dd452364b6396c8c4b9d7530daa657072d0950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:69:ea:cd:79:9e:fc:5b:15:f0:7a:a0:e1:d2:
                    ec:3b:32:c0:7f:1a:8e:78:58:b1:c2:d5:79:48:27:
                    15:9f:2f:1f:ee:92:10:e7:f1:0c:d6:ff:d6:67:57:
                    c3:35:55:f7:a2:33:94:c6:aa:df:ac:4d:a2:92:29:
                    48:13:11:8e:ef:a0:00:e3:60:4d:d0:d3:f2:5a:c5:
                    e6:a1:58:13:7b:b0:56:58:51:ed:86:ca:83:75:61:
                    c0:92:72:66:69:a4:55:84:5c:2a:e2:60:27:3a:06:
                    5e:55:00:4a:d0:0c:45:69:dc:ea:60:2d:84:f8:cb:
                    b2:9e:5a:7f:06:82:06:28:25:bb:e6:0b:16:9e:93:
                    65:53:e3:eb:82:83:66:3e:99:67:db:ab:36:01:07:
                    05:76:d8:3b:bc:a3:1c:63:31:5d:94:44:ad:db:4c:
                    fe:5c:5b:72:0e:89:ee:53:62:5b:c0:6d:d1:fe:dd:
                    89:70:49:b1:00:1f:12:76:59:68:80:cf:54:57:f0:
                    36:17:bb:b2:8a:bd:57:75:70:e2:90:7a:7b:9c:f3:
                    39:b0:14:69:8a:9e:fa:42:68:40:dd:79:d2:c1:cd:
                    57:33:cd:66:20:10:17:b8:4d:b6:52:e2:4d:3a:8f:
                    46:66:ac:eb:9d:11:7a:10:07:3d:8e:67:47:14:51:
                    6e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:DD:45:23:64:B6:39:6C:8C:4B:9D:75:30:DA:A6:57:07:2D:09:50
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/tN1FI2S2OWyMS511MNqmVwctCVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:6d:a2:1f:61:74:f8:3a:e6:08:f1:bd:f5:a7:43:a5:b2:d9:
         ea:12:1f:ac:a5:68:36:04:c8:3c:70:e6:7a:bb:43:fd:6a:4b:
         48:7e:1c:c3:4b:79:38:4c:61:fe:0a:3b:5c:03:ba:01:80:bc:
         5b:6b:9a:7c:05:58:e4:22:2b:d9:8b:8e:bb:0c:42:74:63:b7:
         f0:2e:36:00:f6:d2:ac:57:76:05:bd:47:4e:34:65:5a:d7:76:
         27:a3:f2:6d:56:92:9e:82:41:de:0a:05:65:6b:0d:58:4d:a9:
         56:d4:36:4d:74:1d:26:8c:86:55:9f:c1:30:d4:b6:14:4a:c9:
         8a:23:e4:26:c7:85:ff:f4:18:7d:b8:f6:64:85:77:ed:77:7a:
         5b:9d:bf:f0:23:79:06:07:cf:7a:c4:dd:6e:65:78:83:4a:46:
         6a:de:43:58:81:e1:c9:d6:14:f5:d4:9a:75:28:ad:80:68:48:
         eb:80:a5:d9:79:aa:57:31:76:57:27:d6:5b:99:4a:19:e2:1c:
         cc:e2:16:9a:d3:94:11:69:e9:13:f7:1c:ec:76:5a:15:a8:e5:
         7f:53:b9:6d:3b:5f:b8:fe:f0:86:18:8a:5d:38:76:a2:d7:ff:
         76:36:ec:3b:e6:67:85:aa:60:b1:b8:c2:28:b4:ba:e7:d3:3e:
         5f:dc:c3:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCcuHxE13EhrUzBAkSgpVhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwNzEwMTI1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGRkNDUyMzY0YjYzOTZjOGM0YjlkNzUzMGRhYTY1NzA3MmQwOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WnqzXme/FsV8Hqg4dLsOzLAfxqO
eFixwtV5SCcVny8f7pIQ5/EM1v/WZ1fDNVX3ojOUxqrfrE2ikilIExGO76AA42BN
0NPyWsXmoVgTe7BWWFHthsqDdWHAknJmaaRVhFwq4mAnOgZeVQBK0AxFadzqYC2E
+Muynlp/BoIGKCW75gsWnpNlU+PrgoNmPpln26s2AQcFdtg7vKMcYzFdlESt20z+
XFtyDonuU2JbwG3R/t2JcEmxAB8SdllogM9UV/A2F7uyir1XdXDikHp7nPM5sBRp
ip76QmhA3XnSwc1XM81mIBAXuE22UuJNOo9GZqzrnRF6EAc9jmdHFFFubQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTdRSNktjlsjEuddTDaplcHLQlQMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvdE4xRkkyUzJPV3lNUzUxMU1OcW1Wd2N0Q1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYSUMA0G
CSqGSIb3DQEBCwUAA4IBAQBmbaIfYXT4OuYI8b31p0OlstnqEh+spWg2BMg8cOZ6
u0P9aktIfhzDS3k4TGH+CjtcA7oBgLxba5p8BVjkIivZi467DEJ0Y7fwLjYA9tKs
V3YFvUdONGVa13Yno/JtVpKegkHeCgVlaw1YTalW1DZNdB0mjIZVn8Ew1LYUSsmK
I+Qmx4X/9Bh9uPZkhXftd3pbnb/wI3kGB896xN1uZXiDSkZq3kNYgeHJ1hT11Jp1
KK2AaEjrgKXZeapXMXZXJ9ZbmUoZ4hzM4haa05QRaekT9xzsdloVqOV/U7ltO1+4
/vCGGIpdOHai1/92Nuw75meFqmCxuMIotLrn0z5f3MO1
-----END CERTIFICATE-----