Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/aGLA8I06d3YrvKWL7uRSR-77xG4.roa
File:                     aGLA8I06d3YrvKWL7uRSR-77xG4.roa (raw, json)
Hash identifier:          Ff+snKBTYeaUtDAibzoJdqSfFJNk/kWT+FLx1MZTY4M=
Subject key identifier:   68:62:C0:F0:8D:3A:77:76:2B:BC:A5:8B:EE:E4:52:47:EE:FB:C4:6E
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       018CC86FFEC79B68BD655323523CAD91E7C0
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/aGLA8I06d3YrvKWL7uRSR-77xG4.roa
Signing time:             Tue 02 Jan 2024 04:30:31 +0000
ROA not before:           Tue 02 Jan 2024 04:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35478
IP address blocks:        45.142.153.0/24 maxlen: 24
                          194.126.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:fe:c7:9b:68:bd:65:53:23:52:3c:ad:91:e7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jan  2 04:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6862c0f08d3a77762bbca58beee45247eefbc46e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:95:aa:a1:3b:8b:62:7e:83:7d:5f:34:8a:c2:
                    6d:fc:9b:ef:7f:41:34:97:e1:87:47:ef:7d:b4:e7:
                    89:75:30:b8:8e:98:8b:55:13:73:ee:cb:60:2e:8e:
                    f0:43:e5:bc:38:51:a0:ee:0d:ae:39:04:04:29:e3:
                    c1:c6:71:90:99:9e:4a:c2:51:1b:45:c0:f9:15:86:
                    e8:ac:26:62:5f:67:ca:2d:a5:66:9d:59:fb:d4:08:
                    71:b3:53:92:d4:16:15:19:86:ae:f6:a8:db:e0:8d:
                    9a:54:2b:82:c7:22:bb:33:3f:e9:60:00:7c:8f:c3:
                    f6:89:70:0b:d2:29:16:a9:d0:52:df:e7:ad:71:a5:
                    f4:bb:82:72:13:b1:1e:12:49:84:d6:3c:eb:7b:ac:
                    f2:21:5f:c4:07:f3:12:40:d5:ae:b1:f2:0c:49:f9:
                    5c:15:5d:fc:5e:44:ba:ff:b8:6d:9a:d4:3e:7f:64:
                    54:99:5d:80:fe:52:0a:07:63:c0:83:10:18:69:c5:
                    59:49:9d:fe:31:ad:a8:70:1e:0a:5b:a3:3f:69:2d:
                    ae:78:78:10:91:d4:82:9c:48:f5:89:be:f5:e8:b6:
                    37:b3:d9:2e:7d:e0:0c:4c:3f:f6:52:5c:1a:62:14:
                    36:a5:47:48:6b:48:37:e8:b9:99:16:68:22:78:0b:
                    c9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:62:C0:F0:8D:3A:77:76:2B:BC:A5:8B:EE:E4:52:47:EE:FB:C4:6E
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/aGLA8I06d3YrvKWL7uRSR-77xG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.153.0/24
                  194.126.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:a7:0d:58:55:9e:99:02:e9:f5:60:13:24:0b:c9:47:0f:33:
         dd:5b:6e:46:bf:e2:a1:85:83:f7:bb:10:96:52:a9:05:9f:09:
         e6:7c:bf:4e:0e:0e:9c:11:e7:e0:dd:70:30:f4:0b:d3:1e:1b:
         46:2e:34:ed:e8:cb:bc:ab:50:f1:da:9d:d1:49:62:32:55:60:
         62:6e:0a:8f:7d:51:d4:64:2d:a0:8d:27:86:f7:8c:2c:0e:dc:
         70:e1:38:93:b2:bc:11:28:cd:f0:23:55:75:0a:58:9b:1a:e8:
         23:eb:dd:9b:19:05:34:d1:4e:90:19:c4:a7:98:17:6f:0d:d7:
         21:dc:59:d5:35:88:23:52:33:a2:ad:99:ba:4c:b7:25:3e:74:
         f3:37:1d:bf:f3:70:44:79:4d:d3:93:69:34:af:e2:c4:d3:9a:
         34:83:64:92:72:a0:d9:1a:fb:8c:13:67:96:05:97:31:06:48:
         2e:9e:cf:3c:fd:57:83:9f:d8:58:7d:b5:f2:e7:a7:27:06:28:
         8c:57:92:aa:b3:f6:92:8b:b3:28:d9:51:5f:c5:d8:7a:86:4a:
         73:fd:f0:a6:5c:bf:4d:6f:e2:08:24:a5:5f:ad:79:be:df:b5:
         1a:bf:88:eb:6b:fb:08:b1:3c:1b:04:e4:09:23:1c:37:f2:96:
         7c:cf:01:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb/7Hm2i9ZVMjUjytkefAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwMTAyMDQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODYyYzBmMDhkM2E3Nzc2MmJiY2E1OGJlZWU0NTI0N2VlZmJjNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJWqoTuLYn6DfV80isJt/Jvvf0E0
l+GHR+99tOeJdTC4jpiLVRNz7stgLo7wQ+W8OFGg7g2uOQQEKePBxnGQmZ5KwlEb
RcD5FYborCZiX2fKLaVmnVn71Ahxs1OS1BYVGYau9qjb4I2aVCuCxyK7Mz/pYAB8
j8P2iXAL0ikWqdBS3+etcaX0u4JyE7EeEkmE1jzre6zyIV/EB/MSQNWusfIMSflc
FV38XkS6/7htmtQ+f2RUmV2A/lIKB2PAgxAYacVZSZ3+Ma2ocB4KW6M/aS2ueHgQ
kdSCnEj1ib716LY3s9kufeAMTD/2UlwaYhQ2pUdIa0g36LmZFmgieAvJHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGhiwPCNOnd2K7yli+7kUkfu+8RuMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvYUdMQThJMDZkM1lydktXTDd1UlNSLTc3eEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY6ZAwQA
wn7bMA0GCSqGSIb3DQEBCwUAA4IBAQA0pw1YVZ6ZAun1YBMkC8lHDzPdW25Gv+Kh
hYP3uxCWUqkFnwnmfL9ODg6cEefg3XAw9AvTHhtGLjTt6Mu8q1Dx2p3RSWIyVWBi
bgqPfVHUZC2gjSeG94wsDtxw4TiTsrwRKM3wI1V1ClibGugj692bGQU00U6QGcSn
mBdvDdch3FnVNYgjUjOirZm6TLclPnTzNx2/83BEeU3Tk2k0r+LE05o0g2SScqDZ
GvuME2eWBZcxBkguns88/VeDn9hYfbXy56cnBiiMV5Kqs/aSi7Mo2VFfxdh6hkpz
/fCmXL9Nb+IIJKVfrXm+37Uav4jra/sIsTwbBOQJIxw38pZ8zwHt
-----END CERTIFICATE-----