Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/SZbsuPwiN0yqayJ-lQ-cl6frNhE.roa
File:                     SZbsuPwiN0yqayJ-lQ-cl6frNhE.roa (raw, json)
Hash identifier:          gGEWe43AIuUhbQpWWE1zg8vzUHi8tzfAmb6fqpKN5nM=
Subject key identifier:   49:96:EC:B8:FC:22:37:4C:AA:6B:22:7E:95:0F:9C:97:A7:EB:36:11
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       01924E426BF31D76325D0C1B2DDDF3E139E0
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/SZbsuPwiN0yqayJ-lQ-cl6frNhE.roa
Signing time:             Wed 02 Oct 2024 17:23:48 +0000
ROA not before:           Wed 02 Oct 2024 17:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        45.159.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4e:42:6b:f3:1d:76:32:5d:0c:1b:2d:dd:f3:e1:39:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Oct  2 17:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4996ecb8fc22374caa6b227e950f9c97a7eb3611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b7:74:68:83:f4:15:20:40:67:1b:c0:5a:0b:
                    bd:ba:93:6b:67:bc:19:b4:bc:98:48:e8:65:a4:1e:
                    e8:35:16:2f:a7:6d:af:5c:8c:9f:5e:9a:c2:af:c1:
                    49:42:3f:21:50:b7:21:f6:3a:a4:89:1d:81:b8:57:
                    4b:df:13:63:81:c5:f9:ef:19:bd:43:87:59:bd:33:
                    60:84:c5:01:1a:88:82:f8:c2:cb:e2:75:79:53:9b:
                    eb:b9:22:47:de:bc:de:8d:e5:51:02:26:ed:3e:de:
                    db:71:fd:fb:6b:d5:b1:d3:5c:b5:21:a5:78:d4:72:
                    eb:fa:d3:8f:6f:1c:34:00:97:f2:7c:da:a7:23:a8:
                    bf:7e:21:ce:0c:34:df:e0:0c:b6:9b:ce:d2:52:ab:
                    9e:53:eb:6b:62:85:8d:bb:2a:46:87:07:40:a8:62:
                    00:40:bd:04:6d:0d:1f:f4:3c:9d:16:17:dd:c3:6c:
                    f8:75:43:63:58:ea:68:eb:af:ee:87:ef:65:30:6c:
                    bd:a9:66:6e:93:22:1a:47:30:7b:76:8f:97:7d:b9:
                    a9:6a:c1:97:9b:8b:2a:f1:3c:d8:c9:f3:29:be:e0:
                    8b:4e:1b:a9:35:60:5b:31:6c:0a:a2:13:07:af:54:
                    d7:65:7f:fc:f1:97:e6:0d:20:f2:54:91:22:1a:57:
                    72:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:96:EC:B8:FC:22:37:4C:AA:6B:22:7E:95:0F:9C:97:A7:EB:36:11
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/SZbsuPwiN0yqayJ-lQ-cl6frNhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:1a:4f:31:a9:4d:50:52:6a:4f:54:ac:3b:40:b1:a4:ac:d1:
         f9:af:92:fa:b0:96:de:13:ef:02:b1:fd:f6:29:b9:e9:b2:56:
         e0:be:5e:00:f2:97:2b:3f:1d:3f:fb:46:47:a0:e7:72:13:9f:
         41:bd:48:f8:9d:5c:41:b4:28:e3:79:29:c4:c0:00:63:bb:ac:
         1b:b8:ba:32:d4:5d:a7:b0:1c:d0:75:ae:5e:21:14:cc:83:5d:
         92:50:53:d2:ec:f0:e0:f0:a6:c5:77:1c:17:7c:4b:5a:fd:9b:
         e4:e4:ac:66:3e:fa:a6:d7:cf:09:63:45:03:8f:6a:d2:44:f0:
         99:e9:a1:38:4c:b6:82:80:ed:f4:5f:ae:ef:05:4f:50:e7:66:
         c2:46:aa:0a:d1:26:9a:81:e9:73:d5:7a:cb:08:62:54:08:50:
         bf:4d:55:4a:88:aa:72:6e:18:18:e1:3e:42:a5:9b:6c:1f:f5:
         7f:df:f7:6e:2a:a5:f1:28:54:39:75:de:3a:56:9c:e0:06:f3:
         da:92:98:7a:06:e5:86:f7:ee:8f:e3:32:2e:90:e3:30:7f:d2:
         95:b3:96:dd:12:af:a7:49:ff:8e:77:6a:fe:b0:e9:03:49:cb:
         3a:03:dc:43:8a:59:3b:ff:72:35:f6:c5:8a:f9:94:99:f0:e7:
         3f:a9:79:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJOQmvzHXYyXQwbLd3z4TngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjQxMDAyMTcyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk2ZWNiOGZjMjIzNzRjYWE2YjIyN2U5NTBmOWM5N2E3ZWIzNjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbd0aIP0FSBAZxvAWgu9upNrZ7wZ
tLyYSOhlpB7oNRYvp22vXIyfXprCr8FJQj8hULch9jqkiR2BuFdL3xNjgcX57xm9
Q4dZvTNghMUBGoiC+MLL4nV5U5vruSJH3rzejeVRAibtPt7bcf37a9Wx01y1IaV4
1HLr+tOPbxw0AJfyfNqnI6i/fiHODDTf4Ay2m87SUqueU+trYoWNuypGhwdAqGIA
QL0EbQ0f9DydFhfdw2z4dUNjWOpo66/uh+9lMGy9qWZukyIaRzB7do+XfbmpasGX
m4sq8TzYyfMpvuCLThupNWBbMWwKohMHr1TXZX/88ZfmDSDyVJEiGldyvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmW7Lj8IjdMqmsifpUPnJen6zYRMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvU1pic3VQd2lOMHlxYXlKLWxRLWNsNmZyTmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ8PMA0G
CSqGSIb3DQEBCwUAA4IBAQCPGk8xqU1QUmpPVKw7QLGkrNH5r5L6sJbeE+8Csf32
Kbnpslbgvl4A8pcrPx0/+0ZHoOdyE59BvUj4nVxBtCjjeSnEwABju6wbuLoy1F2n
sBzQda5eIRTMg12SUFPS7PDg8KbFdxwXfEta/Zvk5KxmPvqm188JY0UDj2rSRPCZ
6aE4TLaCgO30X67vBU9Q52bCRqoK0Saagelz1XrLCGJUCFC/TVVKiKpybhgY4T5C
pZtsH/V/3/duKqXxKFQ5dd46VpzgBvPakph6BuWG9+6P4zIukOMwf9KVs5bdEq+n
Sf+Od2r+sOkDScs6A9xDilk7/3I19sWK+ZSZ8Oc/qXkO
-----END CERTIFICATE-----