Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/t3Un8WuSsB5aWVaU3u5wkBP3DUc.roa
File:                     t3Un8WuSsB5aWVaU3u5wkBP3DUc.roa (raw, json)
Hash identifier:          xeDlUebXgYWdzMTQU5FZzynpz2MQMfzfOcklen18FaM=
Subject key identifier:   B7:75:27:F1:6B:92:B0:1E:5A:59:56:94:DE:EE:70:90:13:F7:0D:47
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       01935BCB4B2D4E819CCEEFC3621511965AA1
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/t3Un8WuSsB5aWVaU3u5wkBP3DUc.roa
Signing time:             Sun 24 Nov 2024 01:31:09 +0000
ROA not before:           Sun 24 Nov 2024 01:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204914
IP address blocks:        45.139.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 02:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5b:cb:4b:2d:4e:81:9c:ce:ef:c3:62:15:11:96:5a:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Nov 24 01:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b77527f16b92b01e5a595694deee709013f70d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1f:a6:73:84:3e:16:3d:7d:c6:87:83:70:f7:
                    ee:7a:c5:cf:c3:b6:b4:22:9f:78:11:0d:45:8f:73:
                    5c:df:bc:17:6c:b2:a7:25:f6:56:29:fd:3f:67:a4:
                    69:52:f5:b8:2f:6b:a6:12:f2:69:c1:31:66:5f:37:
                    e5:dd:34:a0:5e:42:9d:c0:36:2e:b8:cb:e5:1f:97:
                    af:6d:5f:99:ee:10:57:14:5a:95:c6:bf:ec:46:fc:
                    a7:99:fd:cf:95:de:00:07:c4:06:0b:34:06:2e:3a:
                    1a:06:7c:96:47:95:25:11:3e:8a:38:dd:df:f9:9d:
                    69:fd:c9:d1:80:73:c6:78:8a:b1:81:d5:ea:19:0b:
                    29:c7:ca:1a:6e:91:94:c9:88:02:29:17:90:a0:9e:
                    56:79:b7:f8:81:02:56:ec:4e:8d:2a:d5:5d:9a:c6:
                    24:b3:ef:cd:db:35:2f:c7:65:f4:07:50:7c:f1:1a:
                    d7:46:ac:ed:f8:e4:3d:6d:04:aa:62:d1:c7:8d:51:
                    ca:4f:ce:d0:96:9f:61:2b:93:12:4c:32:c6:20:04:
                    52:0b:81:2a:3a:7e:db:04:96:70:04:2b:77:2a:95:
                    b2:eb:2a:68:24:6c:de:92:49:ff:61:10:d5:33:e3:
                    d2:3d:03:79:bf:18:fd:a7:0b:c0:82:b1:25:fe:74:
                    67:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:75:27:F1:6B:92:B0:1E:5A:59:56:94:DE:EE:70:90:13:F7:0D:47
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/t3Un8WuSsB5aWVaU3u5wkBP3DUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d7:2b:34:b6:88:19:71:e2:cf:c6:f0:c3:85:e8:b5:67:45:
         84:1b:8a:13:f7:93:e0:55:a6:08:c1:bf:29:88:68:93:91:6d:
         7c:17:65:3b:1b:6e:69:f0:83:9c:a0:d3:2c:0d:c4:c9:88:36:
         5a:ae:de:0a:f9:6d:24:0d:1a:6e:8f:b4:7b:63:ba:f2:83:cd:
         55:f1:68:7b:0b:e3:59:ea:b6:a9:ba:82:2f:60:21:3d:44:c3:
         b6:4a:c5:66:77:5c:f0:30:fb:a2:cb:c3:9d:82:4d:2c:5c:1a:
         23:64:90:34:4f:97:5e:00:7c:bf:be:ba:59:82:b8:53:0d:c2:
         96:a9:07:59:8e:5c:7d:dd:93:aa:48:6a:96:4f:29:19:3e:4f:
         ac:88:13:6c:11:85:89:b4:92:2b:88:89:16:0b:da:75:7a:ae:
         03:a0:1e:88:8f:2b:16:1a:c3:19:52:05:4b:64:18:4a:a5:59:
         21:84:c5:72:00:df:bb:11:76:71:8c:89:38:49:7c:3b:cf:a2:
         31:5e:ca:a7:5d:ac:b9:17:fb:d3:72:21:5a:07:92:f4:07:2c:
         79:f8:c6:ea:5f:3f:d4:25:24:6c:fe:c4:00:2c:70:38:25:00:
         1f:41:bc:91:03:15:59:91:83:5d:c2:ad:1c:6b:5f:4a:e8:c0:
         8b:ba:13:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNby0stToGczu/DYhURllqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQxMTI0MDEzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzc1MjdmMTZiOTJiMDFlNWE1OTU2OTRkZWVlNzA5MDEzZjcwZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvh+mc4Q+Fj19xoeDcPfuesXPw7a0
Ip94EQ1Fj3Nc37wXbLKnJfZWKf0/Z6RpUvW4L2umEvJpwTFmXzfl3TSgXkKdwDYu
uMvlH5evbV+Z7hBXFFqVxr/sRvynmf3Pld4AB8QGCzQGLjoaBnyWR5UlET6KON3f
+Z1p/cnRgHPGeIqxgdXqGQspx8oabpGUyYgCKReQoJ5Webf4gQJW7E6NKtVdmsYk
s+/N2zUvx2X0B1B88RrXRqzt+OQ9bQSqYtHHjVHKT87Qlp9hK5MSTDLGIARSC4Eq
On7bBJZwBCt3KpWy6ypoJGzekkn/YRDVM+PSPQN5vxj9pwvAgrEl/nRnnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLd1J/FrkrAeWllWlN7ucJAT9w1HMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvdDNVbjhXdVNzQjVhV1ZhVTN1NXdrQlAzRFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYvEMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ1ys0togZceLPxvDDhei1Z0WEG4oT95PgVaYIwb8p
iGiTkW18F2U7G25p8IOcoNMsDcTJiDZart4K+W0kDRpuj7R7Y7ryg81V8Wh7C+NZ
6rapuoIvYCE9RMO2SsVmd1zwMPuiy8Odgk0sXBojZJA0T5deAHy/vrpZgrhTDcKW
qQdZjlx93ZOqSGqWTykZPk+siBNsEYWJtJIriIkWC9p1eq4DoB6IjysWGsMZUgVL
ZBhKpVkhhMVyAN+7EXZxjIk4SXw7z6IxXsqnXay5F/vTciFaB5L0Byx5+MbqXz/U
JSRs/sQALHA4JQAfQbyRAxVZkYNdwq0ca19K6MCLuhOQ
-----END CERTIFICATE-----