Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SyBuKnjos9OX75L_RJqKiaY5n1o.roa
File:                     SyBuKnjos9OX75L_RJqKiaY5n1o.roa (raw, json)
Hash identifier:          jRJAC7NpgA1q3OgGNXbM+SqymM0n/fSujtDyhmqsRMY=
Subject key identifier:   4B:20:6E:2A:78:E8:B3:D3:97:EF:92:FF:44:9A:8A:89:A6:39:9F:5A
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018FBEAA9AA88E2B9B0DB8BF8CF368ADD8D5
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SyBuKnjos9OX75L_RJqKiaY5n1o.roa
Signing time:             Tue 28 May 2024 10:06:42 +0000
ROA not before:           Tue 28 May 2024 10:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        45.151.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:aa:9a:a8:8e:2b:9b:0d:b8:bf:8c:f3:68:ad:d8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: May 28 10:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b206e2a78e8b3d397ef92ff449a8a89a6399f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:70:b5:e6:f3:ee:78:6b:2f:36:25:f7:f5:06:
                    70:61:fb:6d:b1:b2:63:59:94:d6:d2:9a:89:01:7d:
                    98:26:f2:f1:bf:a6:c2:f9:8a:af:42:f7:47:89:cc:
                    ab:56:8f:09:1d:79:f9:65:04:9b:3e:d6:ea:e1:e5:
                    93:53:dc:b5:93:71:e1:e8:a0:28:66:24:ad:79:38:
                    2d:3b:d8:86:0e:ed:e4:ce:c4:c9:97:89:f5:38:1a:
                    64:53:4d:b9:b0:60:c2:c4:2c:6f:e2:82:6e:d1:b3:
                    0e:d8:0a:ae:a7:7d:b5:15:d1:2d:b4:e1:41:d2:b1:
                    56:01:80:59:7c:d2:65:aa:5a:84:b8:dc:2f:76:fb:
                    73:aa:10:39:a6:0d:be:f8:b0:2d:ca:e2:94:e3:eb:
                    41:e7:df:1b:5f:94:17:2a:00:7d:7f:16:62:46:94:
                    11:0c:1a:9c:5d:70:c2:aa:a9:35:e2:3d:db:4d:2a:
                    94:03:51:b9:f9:55:5b:97:fc:75:91:85:af:3b:ff:
                    20:eb:18:78:85:32:e5:61:1f:da:dc:84:cc:b2:42:
                    33:ed:7f:a8:bb:2d:0e:5e:c0:c2:8c:d7:8d:d4:80:
                    bf:d0:16:57:19:2a:69:ac:51:27:8f:e3:ca:28:fa:
                    45:8d:30:cc:65:4c:77:85:6c:62:84:50:23:d1:10:
                    e2:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:20:6E:2A:78:E8:B3:D3:97:EF:92:FF:44:9A:8A:89:A6:39:9F:5A
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SyBuKnjos9OX75L_RJqKiaY5n1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:64:39:c6:a2:a6:30:eb:b2:f9:c2:10:a5:b9:12:52:f8:52:
         49:27:93:78:3d:ed:21:51:f3:25:44:5c:ca:70:a8:0a:b8:c1:
         be:04:f7:9d:1a:dd:bf:70:c0:ee:40:e4:bf:a6:e5:94:53:f9:
         92:cf:02:63:0f:d3:a2:c3:11:28:4f:94:ff:e5:52:92:37:e2:
         24:c2:88:ac:59:ca:91:03:b5:78:04:07:c9:21:c3:3f:d3:5d:
         f8:b0:b8:6d:29:f6:ad:47:fe:e3:8a:52:ad:67:90:5c:02:5f:
         ab:8a:5a:18:41:6c:4a:d7:9c:61:2a:3e:96:39:e0:16:c2:05:
         b5:51:f7:a7:17:46:97:31:6f:20:e3:2b:9a:9b:6a:d0:97:28:
         d9:05:03:22:d5:a5:da:3c:f8:03:91:e1:e0:d4:2d:fe:b7:7d:
         be:e2:52:11:59:3a:1a:4e:c3:93:da:4e:c3:8f:85:ae:02:20:
         96:af:c3:4f:48:92:2e:aa:b0:75:1d:d4:e5:8a:1b:30:bc:14:
         b3:12:ac:2d:99:22:22:f6:23:f8:53:35:47:85:4c:7d:c1:dd:
         6e:d2:78:71:fc:76:63:d7:b7:08:76:69:7d:65:f9:8a:f0:07:
         f7:d0:f7:bc:c5:bd:07:dd:33:58:f8:b9:1e:9f:e5:92:3d:9e:
         5c:9f:9b:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY++qpqojiubDbi/jPNordjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNTI4MTAwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjIwNmUyYTc4ZThiM2QzOTdlZjkyZmY0NDlhOGE4OWE2Mzk5ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23C15vPueGsvNiX39QZwYfttsbJj
WZTW0pqJAX2YJvLxv6bC+YqvQvdHicyrVo8JHXn5ZQSbPtbq4eWTU9y1k3Hh6KAo
ZiSteTgtO9iGDu3kzsTJl4n1OBpkU025sGDCxCxv4oJu0bMO2Aqup321FdEttOFB
0rFWAYBZfNJlqlqEuNwvdvtzqhA5pg2++LAtyuKU4+tB598bX5QXKgB9fxZiRpQR
DBqcXXDCqqk14j3bTSqUA1G5+VVbl/x1kYWvO/8g6xh4hTLlYR/a3ITMskIz7X+o
uy0OXsDCjNeN1IC/0BZXGSpprFEnj+PKKPpFjTDMZUx3hWxihFAj0RDi7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsgbip46LPTl++S/0SaiommOZ9aMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvU3lCdUtuam9zOU9YNzVMX1JKcUtpYVk1bjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc7MA0G
CSqGSIb3DQEBCwUAA4IBAQAAZDnGoqYw67L5whCluRJS+FJJJ5N4Pe0hUfMlRFzK
cKgKuMG+BPedGt2/cMDuQOS/puWUU/mSzwJjD9OiwxEoT5T/5VKSN+IkwoisWcqR
A7V4BAfJIcM/0134sLhtKfatR/7jilKtZ5BcAl+riloYQWxK15xhKj6WOeAWwgW1
UfenF0aXMW8g4yuam2rQlyjZBQMi1aXaPPgDkeHg1C3+t32+4lIRWToaTsOT2k7D
j4WuAiCWr8NPSJIuqrB1HdTlihswvBSzEqwtmSIi9iP4UzVHhUx9wd1u0nhx/HZj
17cIdml9ZfmK8Af30Pe8xb0H3TNY+Lken+WSPZ5cn5vp
-----END CERTIFICATE-----