Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/KbARNEHl6aQRzXOaG7OJ-SxMlu0.roa
File:                     KbARNEHl6aQRzXOaG7OJ-SxMlu0.roa (raw, json)
Hash identifier:          qhMPz8ji1C+6VTnhUPDSymGuxMVSRvCJddq5NW1zpC8=
Subject key identifier:   29:B0:11:34:41:E5:E9:A4:11:CD:73:9A:1B:B3:89:F9:2C:4C:96:ED
Certificate issuer:       /CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
Certificate serial:       0193410951C7960659F994467D2E379270DF
Authority key identifier: B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/KbARNEHl6aQRzXOaG7OJ-SxMlu0.roa
Signing time:             Mon 18 Nov 2024 20:49:09 +0000
ROA not before:           Mon 18 Nov 2024 20:49:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        45.156.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:41:09:51:c7:96:06:59:f9:94:46:7d:2e:37:92:70:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
        Validity
            Not Before: Nov 18 20:49:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29b0113441e5e9a411cd739a1bb389f92c4c96ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c5:a5:64:63:07:76:9c:6f:52:b8:32:24:2a:
                    45:34:21:46:98:7c:cb:8e:cc:2e:9f:29:95:6c:ac:
                    74:b7:31:84:42:6f:e3:41:53:1b:02:df:22:4c:e9:
                    55:c9:ef:6e:f6:c3:6a:e8:ff:4b:04:4e:d7:dd:27:
                    d3:0f:91:0a:e7:cf:d4:2e:99:aa:ff:3a:8e:8c:a8:
                    1f:4c:44:d0:3c:be:bb:71:23:d2:97:73:d3:81:6c:
                    9e:e1:3d:20:1a:74:56:62:99:2e:f9:23:8e:27:b2:
                    51:95:df:c7:fb:af:d2:81:b3:a0:9f:ea:f6:bb:96:
                    86:1a:eb:dc:eb:e6:0a:f9:cd:a2:36:ad:1c:d4:ba:
                    e1:00:12:87:1a:b9:b7:e5:5c:85:fd:0f:7d:02:67:
                    1b:d6:7c:93:0a:f9:a5:54:16:6b:b0:74:95:77:a6:
                    1b:76:cc:37:ca:ee:47:7d:b9:c9:56:74:76:8d:66:
                    a3:ba:70:81:1c:3a:27:be:3f:7d:e2:0c:2e:af:15:
                    e2:ba:75:3b:5c:09:20:83:a9:5b:86:d5:b4:7f:03:
                    06:ef:dd:fe:88:87:29:13:6b:e6:5a:75:db:0f:e6:
                    6e:aa:e1:b9:15:57:3b:41:f8:a4:f9:8a:3b:c4:05:
                    bf:71:2e:f2:05:df:4a:f9:d7:98:1a:23:ec:a7:8e:
                    ff:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B0:11:34:41:E5:E9:A4:11:CD:73:9A:1B:B3:89:F9:2C:4C:96:ED
            X509v3 Authority Key Identifier:
                keyid:B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/KbARNEHl6aQRzXOaG7OJ-SxMlu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:6d:71:c6:2b:bf:2e:9c:92:ed:88:24:21:90:28:e7:bc:3d:
         94:96:b7:05:87:c1:6a:33:6c:f4:5e:85:a0:c9:75:b5:2b:ec:
         5c:b1:b8:3c:e2:c9:71:72:55:ce:31:19:ce:0d:31:be:a6:e9:
         f0:e9:a7:6f:b1:bd:b1:bf:40:af:3f:d9:15:18:17:19:db:46:
         ff:a8:2c:d6:5e:15:7c:bc:ae:d3:26:3f:ff:9c:fe:63:45:e0:
         18:22:f4:8b:09:eb:82:cd:ab:5e:ed:0a:4a:9b:41:82:c4:3b:
         f1:34:18:da:aa:b4:fd:5a:94:81:a6:f0:19:1e:bb:31:76:e8:
         a9:13:6d:33:c1:39:2c:98:c4:a3:87:89:00:e9:c4:7f:52:4b:
         21:53:f4:af:0a:93:d1:28:46:e3:f5:3a:7c:f9:5b:68:b5:ee:
         ea:1c:80:f3:24:4c:9b:68:bb:49:41:43:c1:ee:79:2d:27:9d:
         c8:2b:0c:ee:15:a9:93:c5:48:81:96:07:7f:b9:fc:4b:b0:3e:
         08:d2:da:4d:78:fb:95:a1:ef:aa:b3:c9:3e:08:61:71:dd:6c:
         dc:d6:77:6c:79:dc:ac:51:fa:25:09:ac:2f:18:4f:f0:3a:7e:
         9d:c5:d9:99:83:c4:2f:f8:29:f3:53:fa:ab:0f:de:81:a8:96:
         a5:da:18:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNBCVHHlgZZ+ZRGfS43knDfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYzBiZGFmYWRlYTc4ZGNlMzEyZjg2MmRkZjQyYjFiZDRj
NGY2NDUwHhcNMjQxMTE4MjA0OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWIwMTEzNDQxZTVlOWE0MTFjZDczOWExYmIzODlmOTJjNGM5NmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcWlZGMHdpxvUrgyJCpFNCFGmHzL
jswunymVbKx0tzGEQm/jQVMbAt8iTOlVye9u9sNq6P9LBE7X3SfTD5EK58/ULpmq
/zqOjKgfTETQPL67cSPSl3PTgWye4T0gGnRWYpku+SOOJ7JRld/H+6/SgbOgn+r2
u5aGGuvc6+YK+c2iNq0c1LrhABKHGrm35VyF/Q99Amcb1nyTCvmlVBZrsHSVd6Yb
dsw3yu5HfbnJVnR2jWajunCBHDonvj994gwurxXiunU7XAkgg6lbhtW0fwMG793+
iIcpE2vmWnXbD+ZuquG5FVc7Qfik+Yo7xAW/cS7yBd9K+deYGiPsp47/aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmwETRB5emkEc1zmhuzifksTJbtMB8GA1UdIwQY
MBaAFLLAva+t6njc4xL4Yt30KxvUxPZFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMt
ZmNjMzM2ZWVkOGQ3LzEvS2JBUk5FSGw2YVFSelhPYUc3T0otU3hNbHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMtZmNjMzM2ZWVkOGQ3
LzEvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZwcMA0G
CSqGSIb3DQEBCwUAA4IBAQA/bXHGK78unJLtiCQhkCjnvD2UlrcFh8FqM2z0XoWg
yXW1K+xcsbg84slxclXOMRnODTG+punw6advsb2xv0CvP9kVGBcZ20b/qCzWXhV8
vK7TJj//nP5jReAYIvSLCeuCzate7QpKm0GCxDvxNBjaqrT9WpSBpvAZHrsxduip
E20zwTksmMSjh4kA6cR/UkshU/SvCpPRKEbj9Tp8+Vtote7qHIDzJEybaLtJQUPB
7nktJ53IKwzuFamTxUiBlgd/ufxLsD4I0tpNePuVoe+qs8k+CGFx3Wzc1ndsedys
UfolCawvGE/wOn6dxdmZg8Qv+CnzU/qrD96BqJal2hhZ
-----END CERTIFICATE-----