Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/aBfQ3Ii5s_qCILeE909KDfunaJE.roa
File:                     aBfQ3Ii5s_qCILeE909KDfunaJE.roa (raw, json)
Hash identifier:          ggS7qt6xLY0dYFhmASSLKph0WB05BZHRiPeTnHbbE+Q=
Subject key identifier:   68:17:D0:DC:88:B9:B3:FA:82:20:B7:84:F7:4F:4A:0D:FB:A7:68:91
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019209EAB249910F462D175A554F76BA155E
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/aBfQ3Ii5s_qCILeE909KDfunaJE.roa
Signing time:             Thu 19 Sep 2024 10:53:48 +0000
ROA not before:           Thu 19 Sep 2024 10:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216459
IP address blocks:        45.130.54.0/23 maxlen: 23
                          193.109.137.0/24 maxlen: 24
                          194.156.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:ea:b2:49:91:0f:46:2d:17:5a:55:4f:76:ba:15:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Sep 19 10:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6817d0dc88b9b3fa8220b784f74f4a0dfba76891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:34:f2:11:ad:b0:c0:23:e5:3e:09:58:aa:2f:
                    98:78:ba:88:f9:bf:87:5b:7b:4d:6a:34:44:91:7e:
                    a9:f8:f5:59:0d:c3:c3:0c:22:8e:4d:8a:73:a7:33:
                    49:9d:91:6b:30:52:d7:de:09:79:b3:74:a3:71:7b:
                    91:96:ff:b1:18:c8:d3:09:0a:38:cb:fe:11:71:8f:
                    82:3b:a9:2d:ca:fd:8a:b8:b0:74:d7:84:80:32:b4:
                    3a:87:33:25:d0:a2:23:14:66:36:fd:fc:e0:bb:bf:
                    2e:bf:17:f0:51:fb:49:2d:b4:23:16:34:e9:9d:93:
                    58:50:b4:52:d5:db:fc:ad:f5:0f:0e:fd:d3:6f:39:
                    62:18:8a:8b:58:80:95:72:9c:7d:31:30:37:40:94:
                    d5:ac:e9:81:e7:cc:4e:81:41:ee:97:2d:f8:47:34:
                    2c:e5:5a:ab:8d:cb:de:ef:5f:6d:e3:ab:49:32:39:
                    65:cc:eb:ec:b8:00:e3:6c:b9:0d:8b:73:eb:94:70:
                    00:fb:a2:0f:b4:81:fc:e5:a6:4d:16:8c:38:60:fd:
                    e5:3b:db:8f:66:39:60:06:40:8f:12:56:2e:f0:f9:
                    e3:6f:af:aa:fa:82:57:ca:fc:6d:9e:f2:7d:30:c0:
                    ad:f4:e0:75:85:27:e5:e8:09:d6:4f:fa:4f:ba:42:
                    ff:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:17:D0:DC:88:B9:B3:FA:82:20:B7:84:F7:4F:4A:0D:FB:A7:68:91
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/aBfQ3Ii5s_qCILeE909KDfunaJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.54.0/23
                  193.109.137.0/24
                  194.156.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:9a:97:b1:60:78:0d:f4:b8:b7:7e:4b:90:da:71:50:78:cf:
         3a:65:4e:e4:53:06:cb:79:3a:b4:32:b8:0c:5a:54:81:33:a9:
         5b:3f:9b:39:59:43:27:80:be:50:43:3a:60:6b:d6:26:3a:2f:
         40:c9:f4:02:3f:35:80:4e:24:db:6c:01:5a:59:19:8d:28:7e:
         fe:3a:eb:9d:81:d5:56:ea:71:0f:b8:4e:de:0f:3e:6e:85:d1:
         aa:6b:f1:bf:00:5a:7a:f9:5a:03:59:db:f2:4d:fb:8a:e0:96:
         96:7c:01:83:6c:2f:62:33:82:ee:55:23:14:69:3e:91:3a:a8:
         e2:40:26:54:24:8d:20:40:af:3e:df:cc:2b:35:11:94:e5:6e:
         92:01:53:e6:0f:e0:f5:9a:a2:38:24:3f:65:d7:1a:f1:63:2d:
         3b:d1:27:c8:e9:ac:35:ff:5d:39:99:3c:d9:d9:82:0c:8f:cf:
         6c:ed:20:39:4b:64:1f:c8:e0:37:d8:b2:5c:1f:be:86:b7:bf:
         33:75:59:36:81:c6:8c:dc:48:11:47:f6:3a:7d:58:3b:b8:f7:
         68:10:38:c1:fb:43:5a:15:2c:5b:67:61:fc:a8:b7:20:20:4a:
         96:c1:6a:6e:be:85:9a:11:6d:8b:22:16:f3:95:6a:23:81:4a:
         b6:3c:bf:6c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZIJ6rJJkQ9GLRdaVU92uhVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwOTE5MTA1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE3ZDBkYzg4YjliM2ZhODIyMGI3ODRmNzRmNGEwZGZiYTc2ODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jTyEa2wwCPlPglYqi+YeLqI+b+H
W3tNajREkX6p+PVZDcPDDCKOTYpzpzNJnZFrMFLX3gl5s3SjcXuRlv+xGMjTCQo4
y/4RcY+CO6ktyv2KuLB014SAMrQ6hzMl0KIjFGY2/fzgu78uvxfwUftJLbQjFjTp
nZNYULRS1dv8rfUPDv3TbzliGIqLWICVcpx9MTA3QJTVrOmB58xOgUHuly34RzQs
5Vqrjcve719t46tJMjllzOvsuADjbLkNi3PrlHAA+6IPtIH85aZNFow4YP3lO9uP
ZjlgBkCPElYu8Pnjb6+q+oJXyvxtnvJ9MMCt9OB1hSfl6AnWT/pPukL/owIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGgX0NyIubP6giC3hPdPSg37p2iRMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvYUJmUTNJaTVzX3FDSUxlRTkwOUtEZnVuYUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLYI2AwQA
wW2JAwQAwpywMA0GCSqGSIb3DQEBCwUAA4IBAQBGmpexYHgN9Li3fkuQ2nFQeM86
ZU7kUwbLeTq0MrgMWlSBM6lbP5s5WUMngL5QQzpga9YmOi9AyfQCPzWATiTbbAFa
WRmNKH7+OuudgdVW6nEPuE7eDz5uhdGqa/G/AFp6+VoDWdvyTfuK4JaWfAGDbC9i
M4LuVSMUaT6ROqjiQCZUJI0gQK8+38wrNRGU5W6SAVPmD+D1mqI4JD9l1xrxYy07
0SfI6aw1/105mTzZ2YIMj89s7SA5S2QfyOA32LJcH76Gt78zdVk2gcaM3EgRR/Y6
fVg7uPdoEDjB+0NaFSxbZ2H8qLcgIEqWwWpuvoWaEW2LIhbzlWojgUq2PL9s
-----END CERTIFICATE-----