Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/HXyITlixjYGfL7sKVukfLgsYwFI.roa
File:                     HXyITlixjYGfL7sKVukfLgsYwFI.roa (raw, json)
Hash identifier:          eWd6xtFMMqK2yEmQQeOC4/bOEbV+0Qhrbjd/CE+t00Y=
Subject key identifier:   1D:7C:88:4E:58:B1:8D:81:9F:2F:BB:0A:56:E9:1F:2E:0B:18:C0:52
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       019242FAD9D8260700B86C5B5D09FE725344
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/HXyITlixjYGfL7sKVukfLgsYwFI.roa
Signing time:             Mon 30 Sep 2024 12:49:48 +0000
ROA not before:           Mon 30 Sep 2024 12:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        45.129.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:fa:d9:d8:26:07:00:b8:6c:5b:5d:09:fe:72:53:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Sep 30 12:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d7c884e58b18d819f2fbb0a56e91f2e0b18c052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f5:89:35:7d:03:ac:6d:85:22:07:d8:2a:2d:
                    53:2f:74:e9:8d:aa:6c:92:dd:75:f7:e8:4b:41:5d:
                    8d:dd:ec:84:3c:01:d2:95:89:77:c3:8e:ff:51:5a:
                    f8:b5:12:a6:1a:07:2b:42:75:c2:cf:c4:ad:0c:c9:
                    c9:55:bc:a6:01:38:94:e4:c3:d9:fa:4b:81:e6:41:
                    3e:06:53:0c:04:0a:67:1a:38:b2:58:f7:eb:5c:f3:
                    ca:08:e4:a8:46:79:9e:e8:ac:c3:ba:7a:17:f3:f6:
                    e4:b6:62:55:6a:c4:d4:06:65:d3:dc:69:46:9a:d2:
                    0c:be:94:b6:1c:f8:64:16:74:d1:a5:18:39:5d:74:
                    a1:85:de:c2:7c:df:31:5f:48:00:cc:ed:be:46:35:
                    53:18:ab:34:7a:ce:d2:92:c5:14:f9:84:35:78:49:
                    cf:a6:de:fa:5a:ec:2c:9c:a6:7a:89:13:8f:39:90:
                    be:7c:cb:1d:96:15:6d:fc:d2:ed:49:2a:83:c3:3d:
                    90:ba:0b:7e:ed:36:bb:2e:ea:db:97:53:d8:ec:dc:
                    da:47:6a:78:33:db:a8:b4:51:62:5b:42:1b:9d:91:
                    53:09:4b:29:87:d0:3d:e0:3c:09:ce:66:2e:9a:c4:
                    3f:67:98:5e:2b:4f:ea:d0:e2:63:a4:29:ff:65:a0:
                    d6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7C:88:4E:58:B1:8D:81:9F:2F:BB:0A:56:E9:1F:2E:0B:18:C0:52
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/HXyITlixjYGfL7sKVukfLgsYwFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:64:d3:6e:ac:72:14:39:b0:3d:7b:f3:8a:7d:18:b6:43:41:
         d6:36:35:ed:9a:48:6c:7e:70:dd:de:23:cb:4a:2f:d7:42:f5:
         73:48:8c:bd:77:c9:c1:d8:d7:ab:3a:d8:cd:8e:54:6b:83:8d:
         c4:2b:ee:02:9f:02:76:3c:8e:bd:50:c8:43:8b:d4:ca:26:5a:
         88:71:f2:e7:65:80:f0:9e:b3:e3:2b:b1:4c:2d:85:6c:f0:6e:
         9e:84:9b:ed:b2:ff:1c:49:13:b7:37:0a:6e:d1:54:dc:75:ae:
         50:c3:8f:30:fb:f9:87:0d:e2:2f:91:97:97:a5:5f:fc:b8:7b:
         a7:0a:c0:65:96:85:3a:65:6b:b3:1c:23:16:f8:66:21:53:01:
         bb:e1:47:09:e8:91:57:d6:1a:8a:fa:86:b4:68:ce:3a:15:f9:
         f1:ee:ea:2a:bd:05:04:13:20:07:b2:6e:9b:9b:e1:8d:e1:7d:
         11:2d:f3:13:42:74:02:74:5c:a6:25:40:d3:b8:5c:53:60:61:
         83:52:4c:56:90:b6:d7:f0:0f:d6:c3:39:f9:cd:42:b8:40:80:
         ed:50:f6:dd:86:f8:9d:04:0b:1f:4e:af:9a:bc:b2:1a:8a:19:
         6f:d1:f6:c7:34:a4:96:5b:34:ec:72:25:ed:c8:9f:40:37:f3:
         45:8c:98:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJC+tnYJgcAuGxbXQn+clNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwOTMwMTI0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdjODg0ZTU4YjE4ZDgxOWYyZmJiMGE1NmU5MWYyZTBiMThjMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/WJNX0DrG2FIgfYKi1TL3Tpjaps
kt119+hLQV2N3eyEPAHSlYl3w47/UVr4tRKmGgcrQnXCz8StDMnJVbymATiU5MPZ
+kuB5kE+BlMMBApnGjiyWPfrXPPKCOSoRnme6KzDunoX8/bktmJVasTUBmXT3GlG
mtIMvpS2HPhkFnTRpRg5XXShhd7CfN8xX0gAzO2+RjVTGKs0es7SksUU+YQ1eEnP
pt76WuwsnKZ6iROPOZC+fMsdlhVt/NLtSSqDwz2Qugt+7Ta7Lurbl1PY7NzaR2p4
M9uotFFiW0IbnZFTCUsph9A94DwJzmYumsQ/Z5heK0/q0OJjpCn/ZaDWQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB18iE5YsY2Bny+7ClbpHy4LGMBSMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvSFh5SVRsaXhqWUdmTDdzS1Z1a2ZMZ3NZd0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYHyMA0G
CSqGSIb3DQEBCwUAA4IBAQA6ZNNurHIUObA9e/OKfRi2Q0HWNjXtmkhsfnDd3iPL
Si/XQvVzSIy9d8nB2NerOtjNjlRrg43EK+4CnwJ2PI69UMhDi9TKJlqIcfLnZYDw
nrPjK7FMLYVs8G6ehJvtsv8cSRO3Nwpu0VTcda5Qw48w+/mHDeIvkZeXpV/8uHun
CsBlloU6ZWuzHCMW+GYhUwG74UcJ6JFX1hqK+oa0aM46Ffnx7uoqvQUEEyAHsm6b
m+GN4X0RLfMTQnQCdFymJUDTuFxTYGGDUkxWkLbX8A/Wwzn5zUK4QIDtUPbdhvid
BAsfTq+avLIaihlv0fbHNKSWWzTsciXtyJ9AN/NFjJj7
-----END CERTIFICATE-----