Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/gCTJIPdZkNTrbjtxvKNrXCCa0X0.roa
File:                     gCTJIPdZkNTrbjtxvKNrXCCa0X0.roa (raw, json)
Hash identifier:          8h0oQ1BI7ZS3YrzfO/MNrv0NoicX+qEYAlo51kcjtG0=
Subject key identifier:   80:24:C9:20:F7:59:90:D4:EB:6E:3B:71:BC:A3:6B:5C:20:9A:D1:7D
Certificate issuer:       /CN=bfff419659f54df378792b602c0092c353988ec8
Certificate serial:       018CC94E41D51508E68E036CF91DA82F90EB
Authority key identifier: BF:FF:41:96:59:F5:4D:F3:78:79:2B:60:2C:00:92:C3:53:98:8E:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v_9Blln1TfN4eStgLACSw1OYjsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/gCTJIPdZkNTrbjtxvKNrXCCa0X0.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207790
IP address blocks:        45.129.244.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/v_9Blln1TfN4eStgLACSw1OYjsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/v_9Blln1TfN4eStgLACSw1OYjsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v_9Blln1TfN4eStgLACSw1OYjsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:41:d5:15:08:e6:8e:03:6c:f9:1d:a8:2f:90:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfff419659f54df378792b602c0092c353988ec8
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8024c920f75990d4eb6e3b71bca36b5c209ad17d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:57:5b:68:f9:19:bb:e9:30:5c:ad:4a:f7:9c:
                    2a:60:ff:e0:ec:04:20:00:4f:42:27:39:fd:6f:62:
                    97:b5:b5:c6:dd:05:a3:5c:b6:09:e2:d0:fd:74:6c:
                    38:39:d6:ab:66:40:11:36:c2:06:5b:3b:f7:3a:1b:
                    65:5c:98:d9:b4:bf:57:40:8e:9f:30:9b:76:52:7f:
                    3c:ae:cd:33:30:f6:7c:a9:5e:c0:72:23:48:91:27:
                    7e:28:c6:ed:4b:76:0b:b5:09:8e:98:b5:3f:bc:80:
                    5b:79:94:53:53:64:08:dc:cd:cb:06:b8:7a:b4:2e:
                    b2:1f:be:50:8a:13:70:eb:05:18:a8:cd:03:9e:05:
                    dd:84:a5:9d:3b:cb:6e:c4:63:7d:ea:69:8a:3b:dd:
                    b0:23:56:34:bc:16:7f:2c:36:64:39:96:a0:1d:87:
                    ce:37:ba:66:d6:90:41:5c:f4:fd:cf:e4:da:95:0e:
                    53:bd:58:8c:93:75:f2:00:a9:4c:59:cb:99:6f:a7:
                    c4:07:0f:8d:71:a2:7a:ba:3e:b7:1f:f7:6a:3e:c0:
                    f6:79:58:f7:a0:27:bd:a2:9a:c6:b9:15:99:81:33:
                    29:a4:88:d4:10:51:94:1f:29:95:90:0a:d5:61:f6:
                    28:68:28:74:56:ce:ff:1b:f4:06:dc:8b:31:14:cb:
                    a8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:24:C9:20:F7:59:90:D4:EB:6E:3B:71:BC:A3:6B:5C:20:9A:D1:7D
            X509v3 Authority Key Identifier:
                keyid:BF:FF:41:96:59:F5:4D:F3:78:79:2B:60:2C:00:92:C3:53:98:8E:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v_9Blln1TfN4eStgLACSw1OYjsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/gCTJIPdZkNTrbjtxvKNrXCCa0X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/v_9Blln1TfN4eStgLACSw1OYjsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:2d:8a:7c:80:26:dd:f4:09:c9:e8:ec:16:bc:5d:76:e5:87:
         90:3d:a7:56:bb:71:76:63:c7:a9:e6:d7:b8:7b:ec:07:29:14:
         eb:b4:52:56:ac:fc:da:3f:19:47:b9:0f:99:ab:92:df:58:c2:
         89:57:b7:56:9d:70:f3:6c:de:6f:9c:cb:3c:c5:bb:48:0b:47:
         df:94:ed:cf:2b:c0:99:36:c1:4d:03:43:ff:d9:56:0b:bc:3a:
         3a:a9:7b:70:22:95:f4:79:d5:f6:f0:cd:58:28:f7:6d:64:56:
         a1:f4:b7:4c:d6:f8:db:67:62:4b:8f:4b:08:4e:8a:7e:c6:84:
         29:14:98:bd:91:35:8d:ec:36:0f:47:7d:f1:ef:06:30:89:c6:
         d8:9c:3d:19:cd:f3:fe:db:60:97:38:41:52:53:90:9a:ff:f2:
         eb:c4:69:0c:c5:d2:22:c5:f8:a3:72:8c:1f:77:7d:31:42:bd:
         22:05:d1:2d:c9:70:72:17:74:a1:8a:db:59:fc:8f:ba:ed:ff:
         01:b0:8c:b5:36:a0:b9:e3:55:ef:dc:d5:a2:49:6c:85:22:24:
         e8:1f:65:05:60:ae:6a:c4:17:9d:2b:38:2a:d3:01:ec:a8:00:
         24:a9:18:7a:15:11:67:54:f4:68:c9:52:58:77:b3:c1:88:25:
         e7:eb:ba:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkHVFQjmjgNs+R2oL5DrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZmY0MTk2NTlmNTRkZjM3ODc5MmI2MDJjMDA5MmMzNTM5
ODhlYzgwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDI0YzkyMGY3NTk5MGQ0ZWI2ZTNiNzFiY2EzNmI1YzIwOWFkMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVdbaPkZu+kwXK1K95wqYP/g7AQg
AE9CJzn9b2KXtbXG3QWjXLYJ4tD9dGw4OdarZkARNsIGWzv3OhtlXJjZtL9XQI6f
MJt2Un88rs0zMPZ8qV7AciNIkSd+KMbtS3YLtQmOmLU/vIBbeZRTU2QI3M3LBrh6
tC6yH75QihNw6wUYqM0DngXdhKWdO8tuxGN96mmKO92wI1Y0vBZ/LDZkOZagHYfO
N7pm1pBBXPT9z+TalQ5TvViMk3XyAKlMWcuZb6fEBw+NcaJ6uj63H/dqPsD2eVj3
oCe9oprGuRWZgTMppIjUEFGUHymVkArVYfYoaCh0Vs7/G/QG3IsxFMuooQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAkySD3WZDU6247cbyja1wgmtF9MB8GA1UdIwQY
MBaAFL//QZZZ9U3zeHkrYCwAksNTmI7IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdl85QmxsbjFUZk40ZVN0Z0xBQ1N3MU9ZanNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yYmExMzgtMTczNy00NzE0LTk2MGEt
NzBiZGYxNWRkNjE5LzEvZ0NUSklQZFprTlRyYmp0eHZLTnJYQ0NhMFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yYmExMzgtMTczNy00NzE0LTk2MGEtNzBiZGYxNWRkNjE5
LzEvdl85QmxsbjFUZk40ZVN0Z0xBQ1N3MU9ZanNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYH0MA0G
CSqGSIb3DQEBCwUAA4IBAQCwLYp8gCbd9AnJ6OwWvF125YeQPadWu3F2Y8ep5te4
e+wHKRTrtFJWrPzaPxlHuQ+Zq5LfWMKJV7dWnXDzbN5vnMs8xbtIC0fflO3PK8CZ
NsFNA0P/2VYLvDo6qXtwIpX0edX28M1YKPdtZFah9LdM1vjbZ2JLj0sITop+xoQp
FJi9kTWN7DYPR33x7wYwicbYnD0ZzfP+22CXOEFSU5Ca//LrxGkMxdIixfijcowf
d30xQr0iBdEtyXByF3ShittZ/I+67f8BsIy1NqC541Xv3NWiSWyFIiToH2UFYK5q
xBedKzgq0wHsqAAkqRh6FRFnVPRoyVJYd7PBiCXn67q2
-----END CERTIFICATE-----