Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c0878d-afc6-4e70-90d3-f53c5c1756d7/1/AAfImUG31EpRWSSHubXlOxvUqIA.roa
File:                     AAfImUG31EpRWSSHubXlOxvUqIA.roa (raw, json)
Hash identifier:          IUf9F6J85tjQOeLqM6LjGUDpixaCazRjuahizhJ4+ak=
Subject key identifier:   00:07:C8:99:41:B7:D4:4A:51:59:24:87:B9:B5:E5:3B:1B:D4:A8:80
Certificate issuer:       /CN=bea3d265351b65f239f2997de1e8a80677933a5e
Certificate serial:       01904BB50A9CD285BB5237333932D932975F
Authority key identifier: BE:A3:D2:65:35:1B:65:F2:39:F2:99:7D:E1:E8:A8:06:77:93:3A:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqPSZTUbZfI58pl94eioBneTOl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/c0878d-afc6-4e70-90d3-f53c5c1756d7/1/AAfImUG31EpRWSSHubXlOxvUqIA.roa
Signing time:             Mon 24 Jun 2024 19:24:34 +0000
ROA not before:           Mon 24 Jun 2024 19:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208576
IP address blocks:        45.86.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/c0878d-afc6-4e70-90d3-f53c5c1756d7/1/vqPSZTUbZfI58pl94eioBneTOl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/c0878d-afc6-4e70-90d3-f53c5c1756d7/1/vqPSZTUbZfI58pl94eioBneTOl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqPSZTUbZfI58pl94eioBneTOl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4b:b5:0a:9c:d2:85:bb:52:37:33:39:32:d9:32:97:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea3d265351b65f239f2997de1e8a80677933a5e
        Validity
            Not Before: Jun 24 19:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0007c89941b7d44a51592487b9b5e53b1bd4a880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:df:0c:27:0b:6a:79:7b:6c:ee:df:46:f5:f0:
                    2a:76:c4:91:9f:08:b4:75:9a:63:af:d4:21:a8:aa:
                    12:16:0f:98:cf:92:d5:d5:69:f8:d0:77:b0:fd:a9:
                    ed:16:b9:8a:74:39:a2:78:50:30:38:ab:1a:e7:be:
                    d9:92:9f:82:8c:c1:12:1b:18:d1:99:fe:96:27:96:
                    b6:11:6d:e1:b1:d1:26:65:83:09:a1:5f:18:ed:aa:
                    4d:68:6a:bd:ef:59:32:9b:e0:8d:80:0c:34:40:94:
                    ff:80:f6:99:97:02:3a:90:7a:bb:4e:66:06:7e:5a:
                    56:f0:8a:92:8f:ba:5a:27:8b:79:74:87:c8:b3:aa:
                    7a:a7:8d:9e:9a:1c:56:7c:fb:a9:0a:bd:05:42:3a:
                    5c:6d:88:7b:f0:52:8f:6e:12:4c:81:62:ce:8e:06:
                    9a:8a:03:8a:20:ee:ec:60:57:e1:94:65:dc:a1:e8:
                    5c:f4:99:b0:f0:f9:ba:6c:ae:2d:16:f4:db:68:1c:
                    54:fe:14:8a:cc:04:c0:fa:84:07:5f:0f:94:96:87:
                    3c:5b:9d:46:4e:b0:a7:b9:53:98:94:85:92:de:95:
                    2c:f4:2c:fd:fd:21:6c:0d:9a:55:d3:ba:68:c3:ca:
                    72:11:8c:72:ff:1c:5d:4f:ba:5f:ec:5d:ef:00:98:
                    f6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:07:C8:99:41:B7:D4:4A:51:59:24:87:B9:B5:E5:3B:1B:D4:A8:80
            X509v3 Authority Key Identifier:
                keyid:BE:A3:D2:65:35:1B:65:F2:39:F2:99:7D:E1:E8:A8:06:77:93:3A:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqPSZTUbZfI58pl94eioBneTOl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c0878d-afc6-4e70-90d3-f53c5c1756d7/1/AAfImUG31EpRWSSHubXlOxvUqIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c0878d-afc6-4e70-90d3-f53c5c1756d7/1/vqPSZTUbZfI58pl94eioBneTOl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:2e:d9:b4:1b:e7:90:96:0a:8a:3d:a6:5d:41:78:fe:d9:28:
         60:20:bf:cc:af:13:12:c5:3b:c9:aa:07:90:57:23:71:4d:e8:
         b2:81:09:25:fa:40:ea:5d:fe:74:af:59:f2:f4:b8:87:ee:8d:
         c3:ea:10:e8:5b:32:60:5c:ea:99:d9:4c:74:e4:33:36:b1:8b:
         e3:5a:67:87:ff:e5:26:3e:c9:70:6a:d0:a9:3e:fc:3d:eb:76:
         7d:fc:40:b1:2c:9f:38:38:d9:16:86:76:35:97:ee:8e:cc:96:
         6a:70:eb:ba:bf:f1:e6:8f:44:56:eb:d8:54:e4:8f:94:07:39:
         16:66:c6:1d:49:e7:ea:22:b5:68:47:52:2f:f0:56:14:a1:b4:
         14:1f:1e:e4:80:c7:1d:7b:1e:f3:56:9a:e8:70:a2:c2:eb:bf:
         60:54:59:7d:7f:a5:68:7c:b4:5f:90:ea:07:d2:a0:a6:f9:19:
         61:f6:53:ad:5c:1a:13:6a:2c:ec:1d:92:88:e0:94:15:4c:0d:
         73:45:b2:7e:cb:49:c6:2a:c0:24:84:bb:52:5c:db:3b:1a:ea:
         94:f9:8a:32:63:17:7c:76:3f:8e:8c:d7:b8:16:6f:34:af:4e:
         d8:4b:63:ca:14:b5:c9:97:25:78:a2:1d:b8:d5:d3:5b:e6:42:
         ab:ec:9b:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBLtQqc0oW7UjczOTLZMpdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTNkMjY1MzUxYjY1ZjIzOWYyOTk3ZGUxZThhODA2Nzc5
MzNhNWUwHhcNMjQwNjI0MTkyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA3Yzg5OTQxYjdkNDRhNTE1OTI0ODdiOWI1ZTUzYjFiZDRhODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN8MJwtqeXts7t9G9fAqdsSRnwi0
dZpjr9QhqKoSFg+Yz5LV1Wn40Hew/antFrmKdDmieFAwOKsa577Zkp+CjMESGxjR
mf6WJ5a2EW3hsdEmZYMJoV8Y7apNaGq971kym+CNgAw0QJT/gPaZlwI6kHq7TmYG
flpW8IqSj7paJ4t5dIfIs6p6p42emhxWfPupCr0FQjpcbYh78FKPbhJMgWLOjgaa
igOKIO7sYFfhlGXcoehc9Jmw8Pm6bK4tFvTbaBxU/hSKzATA+oQHXw+Uloc8W51G
TrCnuVOYlIWS3pUs9Cz9/SFsDZpV07pow8pyEYxy/xxdT7pf7F3vAJj2bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAHyJlBt9RKUVkkh7m15Tsb1KiAMB8GA1UdIwQY
MBaAFL6j0mU1G2XyOfKZfeHoqAZ3kzpeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFQU1pUVWJaZkk1OHBsOTRlaW9CbmVUT2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jMDg3OGQtYWZjNi00ZTcwLTkwZDMt
ZjUzYzVjMTc1NmQ3LzEvQUFmSW1VRzMxRXBSV1NTSHViWGxPeHZVcUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jMDg3OGQtYWZjNi00ZTcwLTkwZDMtZjUzYzVjMTc1NmQ3
LzEvdnFQU1pUVWJaZkk1OHBsOTRlaW9CbmVUT2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBQLtm0G+eQlgqKPaZdQXj+2ShgIL/MrxMSxTvJqgeQ
VyNxTeiygQkl+kDqXf50r1ny9LiH7o3D6hDoWzJgXOqZ2Ux05DM2sYvjWmeH/+Um
PslwatCpPvw963Z9/ECxLJ84ONkWhnY1l+6OzJZqcOu6v/Hmj0RW69hU5I+UBzkW
ZsYdSefqIrVoR1Iv8FYUobQUHx7kgMcdex7zVprocKLC679gVFl9f6VofLRfkOoH
0qCm+Rlh9lOtXBoTaizsHZKI4JQVTA1zRbJ+y0nGKsAkhLtSXNs7GuqU+YoyYxd8
dj+OjNe4Fm80r07YS2PKFLXJlyV4oh241dNb5kKr7Jud
-----END CERTIFICATE-----