Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/KpTd00Hd8isuOTOggJdnX7FsNW4.roa
File:                     KpTd00Hd8isuOTOggJdnX7FsNW4.roa (raw, json)
Hash identifier:          XlrznAgUlaw887KMYtabPV7XafcIZ2TgyNaRlsE2Fow=
Subject key identifier:   2A:94:DD:D3:41:DD:F2:2B:2E:39:33:A0:80:97:67:5F:B1:6C:35:6E
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       01934F0D453ABAB07C5C7F1D819C3659C8C1
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/KpTd00Hd8isuOTOggJdnX7FsNW4.roa
Signing time:             Thu 21 Nov 2024 14:08:09 +0000
ROA not before:           Thu 21 Nov 2024 14:08:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212517
IP address blocks:        45.91.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:0d:45:3a:ba:b0:7c:5c:7f:1d:81:9c:36:59:c8:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Nov 21 14:08:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a94ddd341ddf22b2e3933a08097675fb16c356e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:36:83:64:5a:47:8b:a6:2d:70:bf:66:92:4e:
                    52:4f:9b:f2:20:96:f3:6f:e0:bc:53:ca:0c:51:7f:
                    11:53:c1:4a:c4:ca:d4:ae:24:83:73:9e:56:e4:f9:
                    2d:1f:59:2b:61:17:81:01:97:1f:0b:37:64:e5:47:
                    10:cb:45:d3:19:ad:c1:d3:40:58:ae:35:5f:15:db:
                    42:8b:2a:44:78:db:7c:08:62:1b:2a:64:4e:8f:3d:
                    cf:d7:7c:fc:45:16:97:05:50:73:7a:e5:cb:de:00:
                    7b:54:d4:e2:50:33:2b:48:13:fb:54:69:b0:7f:aa:
                    f5:3f:83:61:ba:22:30:30:ce:f1:af:d1:c4:04:0d:
                    5d:24:aa:f7:69:76:e5:2f:54:a4:ea:b2:3a:aa:50:
                    b7:df:9f:13:c7:ab:1e:03:2a:a3:43:90:f8:85:c1:
                    12:83:9e:4a:44:61:64:71:09:cf:a3:2d:4b:59:c4:
                    15:70:c5:a7:e7:31:a2:c0:88:0a:ce:22:62:bd:b0:
                    a8:74:b8:9b:44:64:0b:15:d4:8c:bb:09:66:79:ca:
                    72:16:59:7d:6d:d8:fa:23:87:9d:30:d2:a1:41:02:
                    cb:3f:a8:91:01:8e:47:d5:9d:7c:7c:ab:4a:a1:d9:
                    62:e1:d1:04:85:30:0f:99:1b:36:cf:d1:8d:b4:a0:
                    8c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:94:DD:D3:41:DD:F2:2B:2E:39:33:A0:80:97:67:5F:B1:6C:35:6E
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/KpTd00Hd8isuOTOggJdnX7FsNW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:71:61:73:da:a7:cd:4a:94:80:79:ca:a8:d3:f1:6d:37:ea:
         6a:f6:24:86:66:b8:e0:92:9e:0a:24:af:48:b7:e0:5f:67:dc:
         4f:09:99:cb:36:f5:be:b6:3c:df:34:16:19:45:ba:8a:63:f7:
         03:d9:11:c0:bf:87:0e:48:b0:12:8d:51:86:d6:5b:92:bb:64:
         48:15:12:d5:a3:58:97:4e:7c:38:4c:68:27:9c:83:bd:c6:d3:
         e5:7e:13:be:e3:1e:a0:35:d6:b2:8c:3c:8f:a1:ad:02:0c:b2:
         41:ee:f4:db:22:6c:68:02:80:1c:11:63:cb:d0:ee:e6:3a:ae:
         fb:83:82:8f:4c:3d:db:ad:57:fd:2b:e8:31:08:47:56:44:0e:
         5f:61:72:a8:d9:66:4e:85:68:02:1d:e0:a5:a5:02:b2:2e:46:
         ac:13:e1:3c:aa:22:ee:c9:1e:bf:14:60:1c:57:cf:25:71:23:
         69:10:7b:7e:a9:97:ad:8f:5e:2c:57:f6:5b:3e:8c:ab:cd:18:
         d4:39:6d:0a:b8:fb:fd:a7:dc:bd:54:04:08:4e:fd:41:25:af:
         65:37:21:3f:41:52:70:7f:2d:56:be:a9:94:e5:09:1b:37:d6:
         ea:37:c2:b4:50:ee:a7:ce:65:95:2a:73:e9:8f:f7:97:81:8d:
         18:29:65:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNPDUU6urB8XH8dgZw2WcjBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQxMTIxMTQwODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk0ZGRkMzQxZGRmMjJiMmUzOTMzYTA4MDk3Njc1ZmIxNmMzNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDaDZFpHi6YtcL9mkk5ST5vyIJbz
b+C8U8oMUX8RU8FKxMrUriSDc55W5PktH1krYReBAZcfCzdk5UcQy0XTGa3B00BY
rjVfFdtCiypEeNt8CGIbKmROjz3P13z8RRaXBVBzeuXL3gB7VNTiUDMrSBP7VGmw
f6r1P4NhuiIwMM7xr9HEBA1dJKr3aXblL1Sk6rI6qlC3358Tx6seAyqjQ5D4hcES
g55KRGFkcQnPoy1LWcQVcMWn5zGiwIgKziJivbCodLibRGQLFdSMuwlmecpyFll9
bdj6I4edMNKhQQLLP6iRAY5H1Z18fKtKodli4dEEhTAPmRs2z9GNtKCMpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqU3dNB3fIrLjkzoICXZ1+xbDVuMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvS3BUZDAwSGQ4aXN1T1RPZ2dKZG5YN0ZzTlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVvgMA0G
CSqGSIb3DQEBCwUAA4IBAQCEcWFz2qfNSpSAecqo0/FtN+pq9iSGZrjgkp4KJK9I
t+BfZ9xPCZnLNvW+tjzfNBYZRbqKY/cD2RHAv4cOSLASjVGG1luSu2RIFRLVo1iX
Tnw4TGgnnIO9xtPlfhO+4x6gNdayjDyPoa0CDLJB7vTbImxoAoAcEWPL0O7mOq77
g4KPTD3brVf9K+gxCEdWRA5fYXKo2WZOhWgCHeClpQKyLkasE+E8qiLuyR6/FGAc
V88lcSNpEHt+qZetj14sV/ZbPoyrzRjUOW0KuPv9p9y9VAQITv1BJa9lNyE/QVJw
fy1WvqmU5QkbN9bqN8K0UO6nzmWVKnPpj/eXgY0YKWWn
-----END CERTIFICATE-----