Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/cbTcKreGfkHMTpStn69A8-Bbuww.roa
File:                     cbTcKreGfkHMTpStn69A8-Bbuww.roa (raw, json)
Hash identifier:          o/KDdTNu/RfywgrfDPX4/OLlCa8nOdOtU0b2HqNGNYM=
Subject key identifier:   71:B4:DC:2A:B7:86:7E:41:CC:4E:94:AD:9F:AF:40:F3:E0:5B:BB:0C
Certificate issuer:       /CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
Certificate serial:       018CC80116A5CE4A49C6C2D0A49F511998E2
Authority key identifier: 9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/cbTcKreGfkHMTpStn69A8-Bbuww.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208526
IP address blocks:        45.131.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:16:a5:ce:4a:49:c6:c2:d0:a4:9f:51:19:98:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71b4dc2ab7867e41cc4e94ad9faf40f3e05bbb0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1f:e5:33:12:b6:1e:21:d3:92:99:0c:1a:c7:
                    c7:5a:63:d2:7c:fd:9e:16:fe:2d:07:ca:f1:f1:a1:
                    68:b9:94:5a:d9:a1:a3:5a:38:ef:6a:da:c3:15:8d:
                    93:54:d1:3e:59:2f:07:ad:7e:5b:cc:05:c5:7a:42:
                    85:bc:e6:29:8c:57:f4:b5:a6:f4:2c:46:6d:07:69:
                    bf:d4:0b:1b:93:fe:df:7c:f1:05:06:42:6b:6f:c7:
                    bf:e1:f5:ca:8c:13:db:16:fc:f3:a5:b4:c8:f1:ee:
                    9a:30:4b:19:7e:9a:f4:55:f1:95:29:94:e9:18:ba:
                    56:e2:d3:b6:42:24:83:50:c8:79:8d:68:ab:d6:77:
                    d2:1c:16:b1:a4:e1:0b:d9:47:c8:b0:0b:ae:f9:eb:
                    06:1a:50:50:52:83:7e:1e:07:fb:56:56:f5:bc:26:
                    08:0b:40:e7:0e:40:b7:3c:90:c4:7c:af:46:8f:15:
                    ef:90:7a:2e:a6:c9:47:e7:6e:05:5c:90:d4:b1:1b:
                    9d:bc:ec:25:09:bd:08:ce:d6:0a:ed:c2:a3:f0:cf:
                    d6:77:e3:b3:52:0e:b1:80:02:1b:42:01:7d:91:38:
                    37:88:ce:b5:4a:e9:c6:85:8c:a3:27:b7:8f:da:83:
                    0c:e5:0b:19:e4:b6:d9:3f:80:fb:20:20:25:46:65:
                    43:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B4:DC:2A:B7:86:7E:41:CC:4E:94:AD:9F:AF:40:F3:E0:5B:BB:0C
            X509v3 Authority Key Identifier:
                keyid:9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/cbTcKreGfkHMTpStn69A8-Bbuww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:f3:17:6c:19:ab:21:ba:2b:c8:b6:f2:c5:21:08:5f:8a:5e:
         62:5b:c5:90:b0:18:9d:64:f7:a9:89:6f:14:89:98:06:6b:b7:
         2b:90:da:19:fc:7b:7f:bc:f4:33:03:d5:52:e1:6e:96:26:a6:
         2d:28:19:7d:6d:d1:42:a2:8f:80:a7:6e:8a:20:88:4f:ef:7a:
         68:bf:8e:44:6c:99:01:78:d2:83:3d:9f:b8:72:3f:2d:50:36:
         92:8a:72:40:3c:d4:50:04:f7:b6:e2:0f:4a:56:ec:29:ef:9a:
         41:24:ab:86:c8:e7:06:fc:b6:f1:ed:35:02:c0:26:c2:b6:f2:
         06:27:23:02:28:24:c0:8a:78:f1:71:b0:c9:66:19:c2:42:5c:
         fb:10:80:0f:31:c0:75:44:51:2f:1d:58:9b:a6:c0:77:44:e1:
         15:a9:7a:1d:c9:df:10:0e:2d:f7:1b:64:83:2a:a5:e9:6f:da:
         f3:b2:24:a9:d4:5b:73:b8:71:89:08:bf:70:af:52:e1:d1:df:
         27:3c:aa:77:5f:42:52:32:4b:a9:7e:84:9d:0f:7e:b4:77:ac:
         92:ec:62:92:e9:ef:74:de:9d:0a:36:ab:99:ef:45:6b:20:3a:
         5c:87:fa:40:39:73:b4:79:d6:01:57:75:91:f7:9e:95:ce:30:
         71:7c:85:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARalzkpJxsLQpJ9RGZjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZjYwOGZmYWRmNjAwMDgxZWU5MjIyOThlNGIyYWU5NmFm
ZjQ4ZTgwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI0ZGMyYWI3ODY3ZTQxY2M0ZTk0YWQ5ZmFmNDBmM2UwNWJiYjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/lMxK2HiHTkpkMGsfHWmPSfP2e
Fv4tB8rx8aFouZRa2aGjWjjvatrDFY2TVNE+WS8HrX5bzAXFekKFvOYpjFf0tab0
LEZtB2m/1Asbk/7ffPEFBkJrb8e/4fXKjBPbFvzzpbTI8e6aMEsZfpr0VfGVKZTp
GLpW4tO2QiSDUMh5jWir1nfSHBaxpOEL2UfIsAuu+esGGlBQUoN+Hgf7Vlb1vCYI
C0DnDkC3PJDEfK9GjxXvkHoupslH524FXJDUsRudvOwlCb0IztYK7cKj8M/Wd+Oz
Ug6xgAIbQgF9kTg3iM61SunGhYyjJ7eP2oMM5QsZ5LbZP4D7ICAlRmVDQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHG03Cq3hn5BzE6UrZ+vQPPgW7sMMB8GA1UdIwQY
MBaAFJz2CP+t9gAIHukiKY5LKulq/0joMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMt
ODkxZWI1NDhiODkxLzEvY2JUY0tyZUdma0hNVHBTdG42OUE4LUJidXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMtODkxZWI1NDhiODkx
LzEvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYN8MA0G
CSqGSIb3DQEBCwUAA4IBAQDW8xdsGashuivItvLFIQhfil5iW8WQsBidZPepiW8U
iZgGa7crkNoZ/Ht/vPQzA9VS4W6WJqYtKBl9bdFCoo+Ap26KIIhP73pov45EbJkB
eNKDPZ+4cj8tUDaSinJAPNRQBPe24g9KVuwp75pBJKuGyOcG/Lbx7TUCwCbCtvIG
JyMCKCTAinjxcbDJZhnCQlz7EIAPMcB1RFEvHVibpsB3ROEVqXodyd8QDi33G2SD
KqXpb9rzsiSp1FtzuHGJCL9wr1Lh0d8nPKp3X0JSMkupfoSdD360d6yS7GKS6e90
3p0KNquZ70VrIDpch/pAOXO0edYBV3WR956VzjBxfIXS
-----END CERTIFICATE-----