Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/pYuvdBV4Zi8j-cvSZf59BpRV3DU.roa
File:                     pYuvdBV4Zi8j-cvSZf59BpRV3DU.roa (raw, json)
Hash identifier:          Ppi3cV/W59tWxLF26fKryTwqREdXCmjo75jndsKhzSA=
Subject key identifier:   A5:8B:AF:74:15:78:66:2F:23:F9:CB:D2:65:FE:7D:06:94:55:DC:35
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01900DAE24181F819D83CA6E08F00880F74C
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/pYuvdBV4Zi8j-cvSZf59BpRV3DU.roa
Signing time:             Wed 12 Jun 2024 18:20:34 +0000
ROA not before:           Wed 12 Jun 2024 18:20:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209132
IP address blocks:        147.45.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0d:ae:24:18:1f:81:9d:83:ca:6e:08:f0:08:80:f7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 12 18:20:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a58baf741578662f23f9cbd265fe7d069455dc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3b:71:b5:47:44:0f:ef:6a:14:d8:f8:24:a8:
                    3d:d6:be:f4:bd:2a:d3:9e:31:66:29:f1:08:82:f7:
                    1f:4b:8a:e5:9c:e5:8b:57:50:2e:f6:3a:1c:df:e8:
                    fa:c7:2e:0d:e6:ba:86:eb:3c:be:26:5d:3a:14:39:
                    31:d1:ce:1f:aa:20:a4:91:5f:e8:e9:d2:99:76:8e:
                    75:4e:60:48:0d:e0:6a:f7:9d:7e:60:e2:40:76:e4:
                    f9:39:5f:56:b0:15:e4:3a:c2:45:c8:7f:95:5e:e7:
                    20:3a:aa:e6:a0:45:be:68:99:ea:9c:e4:28:c1:30:
                    26:d4:8d:7d:39:a3:14:a1:88:04:04:b6:b0:f5:16:
                    d5:c3:e3:17:75:1c:52:a2:53:cb:10:33:b1:dd:da:
                    78:a0:e0:8a:05:0e:13:a3:20:c1:26:1a:99:27:5a:
                    47:fd:34:42:b5:bd:37:3e:3c:fa:a0:08:30:22:4d:
                    6b:3a:62:81:51:f7:d3:96:b4:e7:cd:ab:8a:c3:bf:
                    2a:11:b4:23:1b:49:d0:c2:9e:eb:0c:a4:7c:50:a0:
                    ff:30:4c:4b:c9:b0:8e:0e:14:a6:f2:be:af:cf:66:
                    f7:19:14:92:8a:e6:51:c3:d6:e9:53:de:0a:73:cd:
                    21:a2:ef:62:58:e7:3d:41:cb:7a:5e:bf:36:9a:a1:
                    0b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:8B:AF:74:15:78:66:2F:23:F9:CB:D2:65:FE:7D:06:94:55:DC:35
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/pYuvdBV4Zi8j-cvSZf59BpRV3DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:8c:e6:a9:34:08:6c:92:90:4d:b3:6b:47:81:0c:3e:7c:96:
         9c:f2:67:dc:e4:86:ff:f2:f3:eb:9b:a1:90:c2:43:64:6a:f1:
         7f:f6:50:07:16:b1:7f:69:12:f0:13:5f:ac:c6:2a:56:64:84:
         a1:53:0c:76:e4:54:08:7d:d1:a7:0b:fa:66:46:a2:b6:22:ed:
         a4:8e:b2:a2:ac:e3:ee:9e:2a:f0:be:be:86:fc:3d:b4:7b:c4:
         f1:fa:14:30:8f:91:09:e5:a7:70:a9:62:2d:e7:59:f2:9d:3b:
         38:f2:f0:af:1a:fc:b7:b1:d2:57:4a:7e:da:9a:86:35:cd:da:
         4f:d7:06:e0:f2:b8:f4:75:6c:3b:8b:e6:b2:a0:ea:20:2a:85:
         9f:a1:7e:50:9d:e5:df:53:eb:0d:07:7c:dd:14:5b:7b:5e:d8:
         76:25:ac:6a:03:81:9d:d5:e8:65:04:58:8b:d6:0c:78:ca:1b:
         04:0c:a8:44:61:dc:b8:e6:8d:ac:5d:46:5a:d9:9f:f0:80:98:
         3c:65:40:05:e6:68:25:bc:23:c4:d4:6f:f1:fc:76:65:5b:64:
         ab:17:f9:9c:e8:cb:c3:05:b3:aa:05:6b:fc:34:3d:1a:2d:7f:
         f3:e8:9e:ac:e2:ca:f1:c0:f5:cd:f0:0b:6e:76:e6:6b:72:2d:
         24:39:57:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZANriQYH4Gdg8puCPAIgPdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNjEyMTgyMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNThiYWY3NDE1Nzg2NjJmMjNmOWNiZDI2NWZlN2QwNjk0NTVkYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDtxtUdED+9qFNj4JKg91r70vSrT
njFmKfEIgvcfS4rlnOWLV1Au9joc3+j6xy4N5rqG6zy+Jl06FDkx0c4fqiCkkV/o
6dKZdo51TmBIDeBq951+YOJAduT5OV9WsBXkOsJFyH+VXucgOqrmoEW+aJnqnOQo
wTAm1I19OaMUoYgEBLaw9RbVw+MXdRxSolPLEDOx3dp4oOCKBQ4ToyDBJhqZJ1pH
/TRCtb03Pjz6oAgwIk1rOmKBUffTlrTnzauKw78qEbQjG0nQwp7rDKR8UKD/MExL
ybCODhSm8r6vz2b3GRSSiuZRw9bpU94Kc80hou9iWOc9Qct6Xr82mqELVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWLr3QVeGYvI/nL0mX+fQaUVdw1MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcFl1dmRCVjRaaThqLWN2U1pmNTlCcFJWM0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky1wMA0G
CSqGSIb3DQEBCwUAA4IBAQAXjOapNAhskpBNs2tHgQw+fJac8mfc5Ib/8vPrm6GQ
wkNkavF/9lAHFrF/aRLwE1+sxipWZIShUwx25FQIfdGnC/pmRqK2Iu2kjrKirOPu
nirwvr6G/D20e8Tx+hQwj5EJ5adwqWIt51nynTs48vCvGvy3sdJXSn7amoY1zdpP
1wbg8rj0dWw7i+ayoOogKoWfoX5QneXfU+sNB3zdFFt7Xth2JaxqA4Gd1ehlBFiL
1gx4yhsEDKhEYdy45o2sXUZa2Z/wgJg8ZUAF5mglvCPE1G/x/HZlW2SrF/mc6MvD
BbOqBWv8ND0aLX/z6J6s4srxwPXN8AtuduZrci0kOVcq
-----END CERTIFICATE-----