Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/0vq4_ElkrVM5CZdxCMRidoDNT-k.roa
File:                     0vq4_ElkrVM5CZdxCMRidoDNT-k.roa (raw, json)
Hash identifier:          IdRmAwoUI7ktGC4AOcB1KJ48w+OaApOWZbxzEquEJ7E=
Subject key identifier:   D2:FA:B8:FC:49:64:AD:53:39:09:97:71:08:C4:62:76:80:CD:4F:E9
Certificate issuer:       /CN=ebf385ced090dbf1d044734e12a270ee6b841c96
Certificate serial:       018F574C69FFCF79C6B93DA423E715F9CEB0
Authority key identifier: EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/0vq4_ElkrVM5CZdxCMRidoDNT-k.roa
Signing time:             Wed 08 May 2024 08:22:56 +0000
ROA not before:           Wed 08 May 2024 08:22:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        45.141.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:4c:69:ff:cf:79:c6:b9:3d:a4:23:e7:15:f9:ce:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf385ced090dbf1d044734e12a270ee6b841c96
        Validity
            Not Before: May  8 08:22:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2fab8fc4964ad533909977108c4627680cd4fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:28:bc:51:07:e5:b3:7c:5e:bf:83:32:4a:f4:
                    7b:69:67:22:d8:64:41:3d:1f:d0:60:13:b2:1e:16:
                    c3:4d:b1:cc:0a:cc:8b:f0:a3:b8:5f:de:b2:76:67:
                    30:ce:c8:f5:82:fb:2c:c3:47:fe:68:10:73:23:e5:
                    82:93:17:3f:8e:a5:f8:1a:41:a7:a9:c6:26:76:93:
                    c5:53:48:7c:67:2b:3a:46:48:39:30:73:9a:8e:ee:
                    a5:af:30:5f:b3:a8:22:18:2f:76:bf:3b:b2:ee:41:
                    e7:47:1a:ea:ab:05:fb:f3:19:cf:c9:dc:5c:c9:eb:
                    9b:40:c7:07:d5:cd:73:b6:de:c5:74:57:10:6d:af:
                    57:99:bd:c8:e0:12:4d:f6:c4:61:b0:b6:da:4d:50:
                    aa:79:8b:06:90:8e:14:4c:68:76:30:9e:7f:9a:ad:
                    0d:63:96:6b:3d:d9:95:7c:f7:1a:6c:50:c8:54:2e:
                    d6:50:80:74:e7:76:3f:c2:7b:70:8e:6b:20:aa:e6:
                    78:b6:85:b4:36:7e:40:76:37:67:67:6b:3f:bb:8c:
                    38:4a:69:8c:9c:bd:13:67:55:c6:d9:75:9a:6d:2b:
                    49:54:2b:44:ed:ba:09:ba:a5:3f:95:7d:62:ba:75:
                    ba:9b:7f:d3:39:f2:2c:94:a1:5c:52:9f:e3:96:c4:
                    15:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FA:B8:FC:49:64:AD:53:39:09:97:71:08:C4:62:76:80:CD:4F:E9
            X509v3 Authority Key Identifier:
                keyid:EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/0vq4_ElkrVM5CZdxCMRidoDNT-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:0e:16:0f:f5:52:ee:ef:46:8d:54:ca:e7:ee:1f:71:c5:aa:
         af:81:47:b6:b2:5d:29:6d:4d:b6:f4:d0:6b:c5:ca:bc:fb:13:
         6e:32:6d:6e:9f:94:e3:40:e0:3f:50:1d:cb:a1:3b:13:5b:e6:
         bd:a8:62:b2:ef:2e:52:06:da:6c:20:68:8d:6d:5d:28:46:8e:
         ca:79:f8:58:75:f1:65:50:e2:d8:2f:35:29:da:43:72:66:b0:
         6b:9c:f3:f1:60:cd:f0:e5:f5:60:c8:7c:bf:11:e9:f6:90:1b:
         6d:ff:64:45:3f:7f:a8:c6:a1:61:9e:95:be:b6:92:97:40:14:
         b4:9d:06:87:84:3f:44:5d:f6:92:1d:a8:f1:6f:30:f9:3e:89:
         e1:e3:0b:ae:cb:5e:a7:4b:af:ac:3d:47:63:3a:2d:29:e6:2c:
         89:86:51:48:26:9b:c4:55:14:18:5b:51:8f:6c:ba:3c:fa:99:
         b0:51:96:6e:76:d9:66:b5:09:57:ed:9e:f1:80:c1:46:d5:f1:
         1a:4b:1c:af:5a:e1:72:b1:74:73:e5:c6:89:0a:f6:5a:2f:8d:
         40:81:c4:82:3a:a9:54:f9:29:f2:4a:d5:0b:55:61:44:69:26:
         5c:64:ed:b5:28:85:31:85:72:aa:ce:e9:af:c8:08:5d:02:ee:
         f9:e6:fd:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9XTGn/z3nGuT2kI+cV+c6wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjM4NWNlZDA5MGRiZjFkMDQ0NzM0ZTEyYTI3MGVlNmI4
NDFjOTYwHhcNMjQwNTA4MDgyMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZhYjhmYzQ5NjRhZDUzMzkwOTk3NzEwOGM0NjI3NjgwY2Q0ZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ci8UQfls3xev4MySvR7aWci2GRB
PR/QYBOyHhbDTbHMCsyL8KO4X96ydmcwzsj1gvssw0f+aBBzI+WCkxc/jqX4GkGn
qcYmdpPFU0h8Zys6Rkg5MHOaju6lrzBfs6giGC92vzuy7kHnRxrqqwX78xnPydxc
yeubQMcH1c1ztt7FdFcQba9Xmb3I4BJN9sRhsLbaTVCqeYsGkI4UTGh2MJ5/mq0N
Y5ZrPdmVfPcabFDIVC7WUIB053Y/wntwjmsgquZ4toW0Nn5AdjdnZ2s/u4w4SmmM
nL0TZ1XG2XWabStJVCtE7boJuqU/lX1iunW6m3/TOfIslKFcUp/jlsQV/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNL6uPxJZK1TOQmXcQjEYnaAzU/pMB8GA1UdIwQY
MBaAFOvzhc7QkNvx0ERzThKicO5rhByWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUt
NDY1ZDIyM2IyMzJlLzEvMHZxNF9FbGtyVk01Q1pkeENNUmlkb0ROVC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUtNDY1ZDIyM2IyMzJl
LzEvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY1bMA0G
CSqGSIb3DQEBCwUAA4IBAQAZDhYP9VLu70aNVMrn7h9xxaqvgUe2sl0pbU229NBr
xcq8+xNuMm1un5TjQOA/UB3LoTsTW+a9qGKy7y5SBtpsIGiNbV0oRo7KefhYdfFl
UOLYLzUp2kNyZrBrnPPxYM3w5fVgyHy/Een2kBtt/2RFP3+oxqFhnpW+tpKXQBS0
nQaHhD9EXfaSHajxbzD5Ponh4wuuy16nS6+sPUdjOi0p5iyJhlFIJpvEVRQYW1GP
bLo8+pmwUZZudtlmtQlX7Z7xgMFG1fEaSxyvWuFysXRz5caJCvZaL41AgcSCOqlU
+SnyStULVWFEaSZcZO21KIUxhXKqzumvyAhdAu755v3F
-----END CERTIFICATE-----