Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/pRZVJWnZbXzf15245J4-sqarJF8.roa
File:                     pRZVJWnZbXzf15245J4-sqarJF8.roa (raw, json)
Hash identifier:          Rqc8QXvDFgD9f2Rlds2WEHuK1D9O/F1MF2wTa8LkTDE=
Subject key identifier:   A5:16:55:25:69:D9:6D:7C:DF:D7:9D:B8:E4:9E:3E:B2:A6:AB:24:5F
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       01928C6B3F8628102337E50FBB8B50AEC936
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/pRZVJWnZbXzf15245J4-sqarJF8.roa
Signing time:             Mon 14 Oct 2024 19:04:51 +0000
ROA not before:           Mon 14 Oct 2024 19:04:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.159.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8c:6b:3f:86:28:10:23:37:e5:0f:bb:8b:50:ae:c9:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Oct 14 19:04:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a516552569d96d7cdfd79db8e49e3eb2a6ab245f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:da:9c:68:9a:f7:37:e0:2c:ac:6a:dd:55:88:
                    4a:25:93:32:3e:3b:ad:4d:d5:02:9a:f0:9e:e0:a7:
                    12:a5:77:78:bc:a3:77:99:66:9c:48:ca:72:c3:ab:
                    2a:37:69:4c:1d:19:13:99:1f:1c:c6:26:52:fe:05:
                    f1:82:81:e5:ef:d3:ab:20:61:d4:c1:f4:4c:ef:68:
                    7e:8c:0e:35:03:42:cd:f4:cb:b0:d4:2e:ce:26:a6:
                    0f:84:fb:ae:51:72:5e:e1:b4:08:09:45:9f:16:6c:
                    61:7d:38:b6:b0:1e:ba:b8:7b:5c:eb:97:c5:cd:f8:
                    32:11:5c:2b:3b:97:1a:a3:64:eb:d9:f9:b7:c5:e2:
                    db:48:aa:a2:29:93:24:d7:70:ef:cf:e5:90:2c:71:
                    68:62:91:12:31:b4:c8:0b:eb:fc:e4:58:25:ba:d9:
                    46:01:f4:16:a0:24:aa:54:65:82:74:21:f6:77:8b:
                    9f:d6:fe:7d:30:c0:25:6b:84:06:ac:be:fc:ed:1f:
                    b8:22:8d:93:9f:ce:82:5d:30:49:04:9b:46:0e:8b:
                    57:f0:bd:ca:06:f6:10:8a:a6:5d:ea:a8:ca:e6:84:
                    00:d4:d6:b2:f4:5a:d6:8c:08:e3:46:43:f4:88:d4:
                    17:23:92:98:35:96:17:a1:f2:31:27:f7:8d:e7:dd:
                    b8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:16:55:25:69:D9:6D:7C:DF:D7:9D:B8:E4:9E:3E:B2:A6:AB:24:5F
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/pRZVJWnZbXzf15245J4-sqarJF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:14:00:8e:72:79:7b:e3:0e:dd:69:d0:30:e9:f0:c2:d9:18:
         ba:c0:43:46:4e:44:83:4b:2e:b5:66:08:31:74:81:1c:f1:7c:
         7c:46:02:e6:da:a8:92:10:e2:fc:92:dd:7b:64:44:b7:72:fd:
         94:1f:c9:e3:b8:35:42:36:76:81:f3:b7:9c:b1:2d:11:12:41:
         a2:05:24:7d:c1:f9:d9:2a:3b:7d:cb:41:3c:13:61:da:cd:40:
         00:48:33:d2:80:e1:6d:9d:08:b9:2a:23:a7:f0:18:c0:58:40:
         42:dd:47:80:cc:03:a1:65:e4:8f:52:9d:e0:0d:00:76:1b:72:
         a1:e9:83:95:53:76:d0:71:47:b6:b1:b0:af:18:3b:a1:4d:be:
         ff:07:ea:82:af:18:27:3c:cb:3c:9d:e4:6e:63:17:f6:f2:85:
         1d:6c:35:67:d3:cc:be:5e:d5:f0:64:b8:5b:e5:14:22:7c:f9:
         76:ab:f7:e5:47:42:fb:d6:4a:2a:bb:2c:49:bf:02:cf:b6:f3:
         cc:69:67:a6:3b:9f:28:76:23:11:2c:be:76:d9:21:0c:77:6b:
         41:1d:00:88:6e:75:b2:b6:f2:4b:b9:47:94:81:4f:07:18:b1:
         9c:c1:1e:48:10:ac:ad:c1:97:69:6d:1e:da:7f:db:b0:2b:3b:
         85:4e:e0:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKMaz+GKBAjN+UPu4tQrsk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjQxMDE0MTkwNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTE2NTUyNTY5ZDk2ZDdjZGZkNzlkYjhlNDllM2ViMmE2YWIyNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNqcaJr3N+AsrGrdVYhKJZMyPjut
TdUCmvCe4KcSpXd4vKN3mWacSMpyw6sqN2lMHRkTmR8cxiZS/gXxgoHl79OrIGHU
wfRM72h+jA41A0LN9Muw1C7OJqYPhPuuUXJe4bQICUWfFmxhfTi2sB66uHtc65fF
zfgyEVwrO5cao2Tr2fm3xeLbSKqiKZMk13Dvz+WQLHFoYpESMbTIC+v85FglutlG
AfQWoCSqVGWCdCH2d4uf1v59MMAla4QGrL787R+4Io2Tn86CXTBJBJtGDotX8L3K
BvYQiqZd6qjK5oQA1Nay9FrWjAjjRkP0iNQXI5KYNZYXofIxJ/eN5924qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUWVSVp2W1839eduOSePrKmqyRfMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvcFJaVkpXblpiWHpmMTUyNDVKNC1zcWFySkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ8NMA0G
CSqGSIb3DQEBCwUAA4IBAQB3FACOcnl74w7dadAw6fDC2Ri6wENGTkSDSy61Zggx
dIEc8Xx8RgLm2qiSEOL8kt17ZES3cv2UH8njuDVCNnaB87ecsS0REkGiBSR9wfnZ
Kjt9y0E8E2HazUAASDPSgOFtnQi5KiOn8BjAWEBC3UeAzAOhZeSPUp3gDQB2G3Kh
6YOVU3bQcUe2sbCvGDuhTb7/B+qCrxgnPMs8neRuYxf28oUdbDVn08y+XtXwZLhb
5RQifPl2q/flR0L71koquyxJvwLPtvPMaWemO58odiMRLL522SEMd2tBHQCIbnWy
tvJLuUeUgU8HGLGcwR5IEKytwZdpbR7af9uwKzuFTuB9
-----END CERTIFICATE-----