Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/pL0sdsxxWmxptldg8lq7XK67EW8.roa
File:                     pL0sdsxxWmxptldg8lq7XK67EW8.roa (raw, json)
Hash identifier:          OimH241EZjmk1clX2Dr4Zdk1eJpPT7GKv5pfGIIR380=
Subject key identifier:   A4:BD:2C:76:CC:71:5A:6C:69:B6:57:60:F2:5A:BB:5C:AE:BB:11:6F
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0190360E7195D29CF37098764B8010A3D5EB
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/pL0sdsxxWmxptldg8lq7XK67EW8.roa
Signing time:             Thu 20 Jun 2024 14:30:34 +0000
ROA not before:           Thu 20 Jun 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     401190
IP address blocks:        45.129.240.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:36:0e:71:95:d2:9c:f3:70:98:76:4b:80:10:a3:d5:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jun 20 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4bd2c76cc715a6c69b65760f25abb5caebb116f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ba:b1:c6:63:b0:5a:20:92:5c:bd:34:05:01:
                    85:53:d1:07:88:e0:10:f1:11:36:6e:fa:a0:a6:61:
                    24:ab:c9:02:dd:d6:62:8f:46:9f:97:4e:94:f6:f1:
                    cb:d1:21:79:11:56:c1:cc:9d:90:63:d1:16:19:bf:
                    85:17:4d:9f:4d:42:67:75:d6:8a:e7:25:3f:cf:c2:
                    ce:8d:c6:de:b7:83:ee:a2:b0:16:79:ad:ce:e9:cf:
                    60:ce:87:cc:c2:fb:3e:1a:30:87:86:91:88:4b:de:
                    eb:67:84:6b:c4:76:de:1a:28:5a:cc:ea:46:a2:40:
                    79:0b:60:3b:51:21:37:da:e6:4e:06:a0:e8:39:83:
                    2c:b1:06:0e:48:bc:37:bf:d8:39:98:2c:8c:04:4c:
                    58:d9:88:e1:f8:a5:0a:e5:8c:2d:72:c0:6a:ca:25:
                    06:7c:14:83:b0:79:c2:03:a4:a9:96:c7:fd:b7:ca:
                    e2:9b:7c:27:e9:72:be:c5:92:fb:da:4a:3c:ba:e1:
                    6d:93:d7:7e:94:be:38:76:cf:f2:77:22:02:49:3d:
                    6e:2d:87:68:20:44:f6:2d:23:71:f6:ae:70:65:ca:
                    e8:8a:cb:66:4f:de:d6:a3:6a:a5:52:b4:57:d8:69:
                    e0:85:a7:fb:16:5e:80:03:88:d2:81:bd:5d:2a:6a:
                    be:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BD:2C:76:CC:71:5A:6C:69:B6:57:60:F2:5A:BB:5C:AE:BB:11:6F
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/pL0sdsxxWmxptldg8lq7XK67EW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:5b:b9:83:e2:3f:51:47:3b:47:3c:28:a4:5b:2f:71:9d:d9:
         74:53:62:29:5e:df:34:f4:8a:f6:bf:73:c7:73:97:8d:25:c6:
         fa:c7:92:c6:aa:b0:c8:46:e1:80:fe:fd:a0:0c:cb:2d:ca:29:
         bd:ee:8d:27:bf:32:0a:8c:a8:e4:dc:ee:85:97:24:0e:1f:9d:
         0d:da:38:22:b2:6c:a2:0a:04:6e:ff:50:ae:dd:01:4e:db:3c:
         94:7d:b2:90:2a:83:00:5b:e9:69:dd:a8:69:30:21:e9:f3:63:
         45:2f:80:1f:4d:5a:89:95:d1:58:8b:95:71:7a:5f:78:f8:32:
         9a:34:ba:87:56:1b:27:56:84:6b:6a:7e:81:b4:00:59:3d:d2:
         ec:42:28:89:a6:66:3b:93:ae:17:a8:8c:f4:4b:df:ff:6f:be:
         86:f8:ff:c0:25:31:f6:e6:f4:ef:26:cf:ae:99:12:71:ef:4a:
         06:2b:e4:25:cf:ad:64:af:1b:e3:90:55:8d:c3:91:bd:e4:f3:
         ed:e0:94:99:88:54:39:be:81:83:e2:df:40:dc:59:ee:1a:ee:
         be:5e:da:5a:5e:a9:62:06:4f:69:d3:c6:d6:f7:1a:94:a4:08:
         c3:ae:3f:85:a8:3b:cf:ae:2b:1a:a3:28:6d:0f:1b:17:2a:06:
         01:93:b0:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA2DnGV0pzzcJh2S4AQo9XrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwNjIwMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJkMmM3NmNjNzE1YTZjNjliNjU3NjBmMjVhYmI1Y2FlYmIxMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bqxxmOwWiCSXL00BQGFU9EHiOAQ
8RE2bvqgpmEkq8kC3dZij0afl06U9vHL0SF5EVbBzJ2QY9EWGb+FF02fTUJnddaK
5yU/z8LOjcbet4PuorAWea3O6c9gzofMwvs+GjCHhpGIS97rZ4RrxHbeGihazOpG
okB5C2A7USE32uZOBqDoOYMssQYOSLw3v9g5mCyMBExY2Yjh+KUK5YwtcsBqyiUG
fBSDsHnCA6Splsf9t8rim3wn6XK+xZL72ko8uuFtk9d+lL44ds/ydyICST1uLYdo
IET2LSNx9q5wZcroistmT97Wo2qlUrRX2Gnghaf7Fl6AA4jSgb1dKmq+8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS9LHbMcVpsabZXYPJau1yuuxFvMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvcEwwc2RzeHhXbXhwdGxkZzhscTdYSzY3RVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYHwMA0G
CSqGSIb3DQEBCwUAA4IBAQB6W7mD4j9RRztHPCikWy9xndl0U2IpXt809Ir2v3PH
c5eNJcb6x5LGqrDIRuGA/v2gDMstyim97o0nvzIKjKjk3O6FlyQOH50N2jgismyi
CgRu/1Cu3QFO2zyUfbKQKoMAW+lp3ahpMCHp82NFL4AfTVqJldFYi5Vxel94+DKa
NLqHVhsnVoRran6BtABZPdLsQiiJpmY7k64XqIz0S9//b76G+P/AJTH25vTvJs+u
mRJx70oGK+Qlz61krxvjkFWNw5G95PPt4JSZiFQ5voGD4t9A3FnuGu6+XtpaXqli
Bk9p08bW9xqUpAjDrj+FqDvPrisaoyhtDxsXKgYBk7D8
-----END CERTIFICATE-----