Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/jSE2xGPhi0sOJXn8Aju6yhWoqpk.roa
File:                     jSE2xGPhi0sOJXn8Aju6yhWoqpk.roa (raw, json)
Hash identifier:          1wi0rcQ0gLh+M0g1McQUZGhD03Mtv0X0uIa+0K7804w=
Subject key identifier:   8D:21:36:C4:63:E1:8B:4B:0E:25:79:FC:02:3B:BA:CA:15:A8:AA:99
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       0192B9D32ABE145A310640BEEC03926C0943
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/jSE2xGPhi0sOJXn8Aju6yhWoqpk.roa
Signing time:             Wed 23 Oct 2024 14:41:16 +0000
ROA not before:           Wed 23 Oct 2024 14:41:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        45.155.53.0/24 maxlen: 24
                          45.155.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:d3:2a:be:14:5a:31:06:40:be:ec:03:92:6c:09:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Oct 23 14:41:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d2136c463e18b4b0e2579fc023bbaca15a8aa99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:24:19:82:83:d0:22:58:9c:bb:3e:01:af:26:
                    78:91:a3:6a:27:1d:9d:93:0c:2d:11:38:b7:b3:4c:
                    1b:58:5b:f4:71:81:7b:22:bd:5a:8c:36:05:a2:67:
                    09:41:f5:54:e2:52:26:56:af:64:9e:f6:a6:3d:25:
                    b1:8c:75:33:e8:d9:6e:43:98:45:89:06:d9:84:09:
                    d9:5b:2e:99:36:cf:b5:99:8d:04:0b:96:53:02:cc:
                    33:8e:1c:93:76:25:cd:c2:8d:54:e3:d6:f6:a8:b1:
                    4e:98:1e:e5:fb:14:1d:20:f4:7f:c4:94:83:22:d5:
                    c1:04:7a:b7:24:34:ba:4c:85:4f:2d:b4:23:f2:77:
                    3f:14:f2:81:40:3e:b6:0f:9b:dd:28:04:35:88:37:
                    b9:7d:94:d9:e8:28:9b:9c:c3:cb:ee:ff:87:16:e8:
                    16:9c:9e:f7:a7:18:2c:24:b7:5e:2d:78:59:47:13:
                    d9:1c:68:bd:d3:c1:30:86:31:00:30:67:31:7a:b4:
                    7f:35:8e:6d:df:95:f7:d8:c9:af:27:91:47:c8:d3:
                    b8:8b:0a:1d:4b:a3:94:71:fd:50:71:95:28:20:d3:
                    48:93:a8:d4:d0:b8:83:d4:5a:07:c9:2d:27:48:70:
                    f6:b4:21:1a:fb:f8:8f:3a:10:2f:8f:d6:c5:1b:da:
                    30:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:21:36:C4:63:E1:8B:4B:0E:25:79:FC:02:3B:BA:CA:15:A8:AA:99
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/jSE2xGPhi0sOJXn8Aju6yhWoqpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.53.0-45.155.54.255

    Signature Algorithm: sha256WithRSAEncryption
         31:1d:18:15:5f:c9:11:32:df:d0:42:c4:d9:2a:64:93:cc:13:
         0e:1f:fa:63:48:26:91:67:45:b9:df:f9:19:7a:6a:c5:2b:16:
         0d:b8:b8:72:c1:54:c1:97:c7:2d:00:16:f7:f0:0f:50:26:b7:
         77:f8:10:16:e9:e8:cd:39:8a:ac:1a:18:6a:c8:08:f2:9b:90:
         9b:c4:da:4b:00:6f:90:0e:45:4c:cc:dc:7c:3b:c0:85:5d:57:
         90:6d:e6:6d:33:d5:53:40:1e:79:b7:9d:0e:fa:08:4f:bc:5c:
         a1:de:91:21:13:9a:14:b2:83:2f:0d:d7:14:92:25:5f:d1:65:
         9b:3e:63:8a:1c:34:d8:56:8d:ee:c4:7b:46:df:b9:64:ff:62:
         13:b7:d4:e9:ae:2a:32:e1:32:35:61:2f:d9:e8:17:e6:11:b9:
         97:a0:43:f5:a3:63:1d:50:e5:00:fc:67:fb:73:f4:84:8d:7c:
         19:74:a4:63:e3:26:58:71:6e:b3:71:b3:ad:85:be:ce:df:35:
         9c:03:df:c2:27:13:e4:66:7b:10:12:ac:5b:92:85:e9:16:d9:
         b5:b3:90:1f:74:6f:c0:c1:04:fe:e3:2d:63:0a:3c:a2:6e:ed:
         19:b5:98:c8:f0:e0:79:5d:52:2d:33:3e:75:81:43:ee:29:26:
         d4:cd:36:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZK50yq+FFoxBkC+7AOSbAlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQxMDIzMTQ0MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDIxMzZjNDYzZTE4YjRiMGUyNTc5ZmMwMjNiYmFjYTE1YThhYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSQZgoPQIlicuz4BryZ4kaNqJx2d
kwwtETi3s0wbWFv0cYF7Ir1ajDYFomcJQfVU4lImVq9knvamPSWxjHUz6NluQ5hF
iQbZhAnZWy6ZNs+1mY0EC5ZTAswzjhyTdiXNwo1U49b2qLFOmB7l+xQdIPR/xJSD
ItXBBHq3JDS6TIVPLbQj8nc/FPKBQD62D5vdKAQ1iDe5fZTZ6CibnMPL7v+HFugW
nJ73pxgsJLdeLXhZRxPZHGi908EwhjEAMGcxerR/NY5t35X32MmvJ5FHyNO4iwod
S6OUcf1QcZUoINNIk6jU0LiD1FoHyS0nSHD2tCEa+/iPOhAvj9bFG9owhwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI0hNsRj4YtLDiV5/AI7usoVqKqZMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvalNFMnhHUGhpMHNPSlhuOEFqdTZ5aFdvcXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtmzUD
BAAtmzYwDQYJKoZIhvcNAQELBQADggEBADEdGBVfyREy39BCxNkqZJPMEw4f+mNI
JpFnRbnf+Rl6asUrFg24uHLBVMGXxy0AFvfwD1Amt3f4EBbp6M05iqwaGGrICPKb
kJvE2ksAb5AORUzM3Hw7wIVdV5Bt5m0z1VNAHnm3nQ76CE+8XKHekSETmhSygy8N
1xSSJV/RZZs+Y4ocNNhWje7Ee0bfuWT/YhO31OmuKjLhMjVhL9noF+YRuZegQ/Wj
Yx1Q5QD8Z/tz9ISNfBl0pGPjJlhxbrNxs62Fvs7fNZwD38InE+RmexASrFuShekW
2bWzkB90b8DBBP7jLWMKPKJu7Rm1mMjw4HldUi0zPnWBQ+4pJtTNNgk=
-----END CERTIFICATE-----