Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/BxKFzkAn0jl1CuBbetgqyaHOZbc.roa
File:                     BxKFzkAn0jl1CuBbetgqyaHOZbc.roa (raw, json)
Hash identifier:          RYiUrSNpw6XZO275DAwldYLeL45l3LK4CgHySg6zbas=
Subject key identifier:   07:12:85:CE:40:27:D2:39:75:0A:E0:5B:7A:D8:2A:C9:A1:CE:65:B7
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       018CCA2AFDFE3FEC77C554B9A356967FB6A6
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/BxKFzkAn0jl1CuBbetgqyaHOZbc.roa
Signing time:             Tue 02 Jan 2024 12:34:24 +0000
ROA not before:           Tue 02 Jan 2024 12:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        45.152.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:fd:fe:3f:ec:77:c5:54:b9:a3:56:96:7f:b6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  2 12:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=071285ce4027d239750ae05b7ad82ac9a1ce65b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:3b:3a:aa:f0:85:47:ad:b7:6a:19:21:f1:
                    00:6e:b0:f1:b3:9b:eb:b0:f7:13:7d:28:66:71:5f:
                    62:29:42:b0:15:98:27:a1:f3:94:7f:31:f9:95:8e:
                    15:6b:8c:dd:d1:15:b2:33:51:2f:3a:e4:04:ed:08:
                    87:80:ff:17:b9:27:20:53:d1:50:d8:e8:27:e5:95:
                    63:59:62:c3:05:d3:c2:1c:5d:c2:e6:14:c8:16:e1:
                    33:a9:8c:56:97:ce:a7:4b:27:12:53:30:db:8f:a3:
                    f2:70:57:f5:1c:d9:36:36:e6:be:9c:ae:45:81:97:
                    a1:05:9f:13:72:ab:7f:fa:b3:1f:ea:45:85:0c:d0:
                    91:09:3a:84:e6:d3:c3:de:12:71:89:3e:cd:81:f2:
                    f3:fd:d4:5f:80:bf:e2:d0:a6:2d:34:7e:f9:b1:a0:
                    e3:aa:94:32:82:bf:26:8f:d7:69:bb:f0:30:3c:46:
                    06:0c:f7:58:f1:aa:5a:7a:7f:3c:40:78:b2:17:8d:
                    d3:71:aa:25:3e:ff:e6:51:0d:c7:df:ef:c0:53:90:
                    0a:95:fc:ab:69:8a:bf:8d:91:02:0d:8d:ff:39:65:
                    87:72:90:8d:12:71:3e:0f:d6:48:23:e5:37:bb:c9:
                    52:33:5f:9d:ea:02:1d:2d:c1:44:13:58:70:03:60:
                    80:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:12:85:CE:40:27:D2:39:75:0A:E0:5B:7A:D8:2A:C9:A1:CE:65:B7
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/BxKFzkAn0jl1CuBbetgqyaHOZbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:87:f1:d8:d0:2e:91:78:8c:af:55:89:5f:55:2b:ad:ed:dd:
         4e:6c:4c:27:f6:33:fa:b1:4b:c1:04:51:52:f8:e8:9e:1c:b4:
         9d:31:d4:0d:65:02:5f:6e:9b:0e:da:e6:09:38:c5:bd:55:9f:
         0f:96:6c:47:f4:08:16:a6:81:b2:a6:07:c7:36:33:31:b3:34:
         19:a7:ee:e0:14:d3:c8:87:9b:48:23:05:da:57:de:6d:95:25:
         18:17:48:6f:3d:0a:16:c2:74:d2:c4:69:5f:c1:6a:4e:b2:e2:
         c9:ad:2e:26:92:b9:03:50:b7:15:a2:b5:fd:d3:f8:a2:18:77:
         c6:65:fe:f8:43:d5:46:2a:ad:ab:3f:c7:2f:7d:0a:ea:e5:56:
         1c:76:65:86:25:0d:ad:6c:eb:ad:ac:de:b6:c0:f4:6a:10:0d:
         d8:55:e2:71:a6:c9:32:26:38:83:de:3f:26:03:8d:f8:4d:7a:
         5e:d4:16:6a:af:34:98:be:72:55:ed:5d:7f:30:fc:71:29:d8:
         be:e4:5e:e3:d4:27:ee:c4:4f:f5:66:10:f3:76:a4:cc:f0:45:
         27:16:86:20:20:c3:bb:d9:59:51:9a:fb:7f:0a:03:d7:92:1e:
         89:70:a3:6e:19:fd:c3:d2:65:3a:2a:32:ed:10:d7:2f:91:7e:
         d3:38:e4:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKv3+P+x3xVS5o1aWf7amMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjQwMTAyMTIzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzEyODVjZTQwMjdkMjM5NzUwYWUwNWI3YWQ4MmFjOWExY2U2NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+47OqrwhUett2oZIfEAbrDxs5vr
sPcTfShmcV9iKUKwFZgnofOUfzH5lY4Va4zd0RWyM1EvOuQE7QiHgP8XuScgU9FQ
2Ogn5ZVjWWLDBdPCHF3C5hTIFuEzqYxWl86nSycSUzDbj6PycFf1HNk2Nua+nK5F
gZehBZ8Tcqt/+rMf6kWFDNCRCTqE5tPD3hJxiT7NgfLz/dRfgL/i0KYtNH75saDj
qpQygr8mj9dpu/AwPEYGDPdY8apaen88QHiyF43TcaolPv/mUQ3H3+/AU5AKlfyr
aYq/jZECDY3/OWWHcpCNEnE+D9ZII+U3u8lSM1+d6gIdLcFEE1hwA2CAYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcShc5AJ9I5dQrgW3rYKsmhzmW3MB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvQnhLRnprQW4wamwxQ3VCYmV0Z3F5YUhPWmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZhGMA0G
CSqGSIb3DQEBCwUAA4IBAQAsh/HY0C6ReIyvVYlfVSut7d1ObEwn9jP6sUvBBFFS
+OieHLSdMdQNZQJfbpsO2uYJOMW9VZ8PlmxH9AgWpoGypgfHNjMxszQZp+7gFNPI
h5tIIwXaV95tlSUYF0hvPQoWwnTSxGlfwWpOsuLJrS4mkrkDULcVorX90/iiGHfG
Zf74Q9VGKq2rP8cvfQrq5VYcdmWGJQ2tbOutrN62wPRqEA3YVeJxpskyJjiD3j8m
A434TXpe1BZqrzSYvnJV7V1/MPxxKdi+5F7j1CfuxE/1ZhDzdqTM8EUnFoYgIMO7
2VlRmvt/CgPXkh6JcKNuGf3D0mU6KjLtENcvkX7TOOS8
-----END CERTIFICATE-----