Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/xSwL6MexWlLC1XaZgyQ-5ny0ZvQ.roa
File:                     xSwL6MexWlLC1XaZgyQ-5ny0ZvQ.roa (raw, json)
Hash identifier:          veYKtB7upMwIMB/DSJx9alzsMCTrFzjTGjog9ldk7FQ=
Subject key identifier:   C5:2C:0B:E8:C7:B1:5A:52:C2:D5:76:99:83:24:3E:E6:7C:B4:66:F4
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01914C72397FC25CCEE7ED1D1D33B9C9B71D
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/xSwL6MexWlLC1XaZgyQ-5ny0ZvQ.roa
Signing time:             Tue 13 Aug 2024 15:53:59 +0000
ROA not before:           Tue 13 Aug 2024 15:53:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52053
IP address blocks:        45.137.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:72:39:7f:c2:5c:ce:e7:ed:1d:1d:33:b9:c9:b7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Aug 13 15:53:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c52c0be8c7b15a52c2d5769983243ee67cb466f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:dd:d7:7c:aa:e3:86:2e:ea:bc:54:6a:bf:d1:
                    44:12:93:3d:a8:55:b8:ce:eb:c7:bf:07:37:0a:c6:
                    2e:46:f8:bd:9e:5b:9f:d4:dd:9b:1e:a1:2a:50:96:
                    63:f2:16:7d:fa:6f:ea:26:d3:2b:e7:6e:c3:33:7f:
                    03:1f:e6:ce:e3:e8:c6:f1:58:7f:fc:c7:c7:9a:39:
                    cb:6b:85:87:30:07:8d:c0:af:dc:ba:dd:8e:c2:bd:
                    db:14:19:7e:90:f7:a0:e3:cd:04:ef:4d:40:c8:00:
                    79:f7:bb:b6:fc:ba:a0:90:50:a8:89:0a:1e:ed:22:
                    ed:23:e1:7c:aa:19:30:57:4f:ec:6d:f7:54:b1:6b:
                    9f:27:ca:d8:58:b8:5a:fa:8c:17:15:25:27:bd:85:
                    73:8b:56:f5:82:91:53:ca:fd:1e:d2:f7:45:07:66:
                    f0:cf:9e:e9:f5:8a:82:a3:9d:7c:2a:a6:b8:f3:4c:
                    8a:38:e5:0c:af:10:44:f2:e5:fc:c4:03:38:eb:61:
                    bd:aa:63:9e:1e:62:83:da:88:76:6a:4a:85:50:66:
                    26:09:79:9a:01:4d:40:fc:dc:1f:29:bd:74:75:7a:
                    bb:6c:e0:6f:86:28:8b:c5:f5:a6:f7:e2:49:c6:ea:
                    03:40:8f:9d:f5:d8:6d:d4:f1:14:48:8e:75:6e:df:
                    7c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2C:0B:E8:C7:B1:5A:52:C2:D5:76:99:83:24:3E:E6:7C:B4:66:F4
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/xSwL6MexWlLC1XaZgyQ-5ny0ZvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:78:dd:3f:73:d9:b9:e6:f5:59:06:c4:a3:ba:7b:47:1f:54:
         63:d9:90:89:28:f4:f6:78:3a:28:d8:92:e5:e5:ff:72:92:3f:
         ad:19:54:f8:b1:a7:d7:75:5a:51:0d:36:43:4e:d1:d7:ca:2b:
         ef:be:f4:c6:d7:3b:7d:f8:49:fb:e5:ee:1d:97:b9:c9:55:a5:
         bf:42:7f:2b:e2:e3:af:98:34:89:60:21:97:f0:c9:bf:30:d7:
         58:08:43:48:3a:67:73:0e:07:a0:6a:f2:ef:6d:23:24:d0:9c:
         95:5d:6e:a5:28:5e:1b:39:08:bd:7c:66:72:43:da:a5:e6:b1:
         31:fb:6e:74:26:a7:8d:a1:f0:29:52:25:bb:e3:c6:4e:b1:f4:
         94:18:9b:93:e8:09:0c:23:e9:b4:3c:45:78:35:26:37:c4:ce:
         72:e9:2d:46:e5:92:85:e4:24:47:e6:79:49:12:04:e9:ab:57:
         dd:03:72:d2:b7:dd:9a:8c:1b:64:fa:4d:33:b4:17:ed:84:95:
         fb:b5:6d:66:74:82:5b:59:01:2a:ed:ca:de:2f:ce:dd:f3:dd:
         60:f8:db:c1:a9:55:05:f3:70:b0:60:a9:1b:18:d7:f2:15:87:
         d1:a8:3e:4f:c4:35:db:1e:33:96:2d:74:e7:06:ff:9a:05:a4:
         23:75:1d:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFMcjl/wlzO5+0dHTO5ybcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwODEzMTU1MzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJjMGJlOGM3YjE1YTUyYzJkNTc2OTk4MzI0M2VlNjdjYjQ2NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd3XfKrjhi7qvFRqv9FEEpM9qFW4
zuvHvwc3CsYuRvi9nluf1N2bHqEqUJZj8hZ9+m/qJtMr527DM38DH+bO4+jG8Vh/
/MfHmjnLa4WHMAeNwK/cut2Owr3bFBl+kPeg480E701AyAB597u2/LqgkFCoiQoe
7SLtI+F8qhkwV0/sbfdUsWufJ8rYWLha+owXFSUnvYVzi1b1gpFTyv0e0vdFB2bw
z57p9YqCo518Kqa480yKOOUMrxBE8uX8xAM462G9qmOeHmKD2oh2akqFUGYmCXma
AU1A/NwfKb10dXq7bOBvhiiLxfWm9+JJxuoDQI+d9dht1PEUSI51bt98nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUsC+jHsVpSwtV2mYMkPuZ8tGb0MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEveFN3TDZNZXhXbExDMVhhWmd5US01bnkwWnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlFMA0G
CSqGSIb3DQEBCwUAA4IBAQBVeN0/c9m55vVZBsSjuntHH1Rj2ZCJKPT2eDoo2JLl
5f9ykj+tGVT4safXdVpRDTZDTtHXyivvvvTG1zt9+En75e4dl7nJVaW/Qn8r4uOv
mDSJYCGX8Mm/MNdYCENIOmdzDgegavLvbSMk0JyVXW6lKF4bOQi9fGZyQ9ql5rEx
+250JqeNofApUiW748ZOsfSUGJuT6AkMI+m0PEV4NSY3xM5y6S1G5ZKF5CRH5nlJ
EgTpq1fdA3LSt92ajBtk+k0ztBfthJX7tW1mdIJbWQEq7creL87d891g+NvBqVUF
83CwYKkbGNfyFYfRqD5PxDXbHjOWLXTnBv+aBaQjdR3t
-----END CERTIFICATE-----