Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/5X7NK1nmz29jFTdlOO9iVy_DFqM.roa
File:                     5X7NK1nmz29jFTdlOO9iVy_DFqM.roa (raw, json)
Hash identifier:          embu6iAD5jzl/By8nS3S5MTamLCxu7QSB2ZugJ+mo2Y=
Subject key identifier:   E5:7E:CD:2B:59:E6:CF:6F:63:15:37:65:38:EF:62:57:2F:C3:16:A3
Certificate issuer:       /CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
Certificate serial:       0190AB278E1F7922E0516E6B264E8E6FFA5F
Authority key identifier: 48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/5X7NK1nmz29jFTdlOO9iVy_DFqM.roa
Signing time:             Sat 13 Jul 2024 08:13:34 +0000
ROA not before:           Sat 13 Jul 2024 08:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203392
IP address blocks:        45.148.249.0/24 maxlen: 24
                          185.140.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:27:8e:1f:79:22:e0:51:6e:6b:26:4e:8e:6f:fa:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
        Validity
            Not Before: Jul 13 08:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e57ecd2b59e6cf6f6315376538ef62572fc316a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:51:b0:08:d2:83:5b:71:97:d9:f8:33:b8:64:
                    b9:7d:75:d5:51:2a:5b:b3:fd:83:82:19:3f:10:de:
                    eb:21:87:de:f5:17:8f:a9:68:cd:7a:07:8b:97:8f:
                    07:f2:5d:d0:a3:4a:03:82:d6:1d:d9:d7:8a:74:b6:
                    2d:8d:b9:65:92:96:4d:4e:d6:0d:d7:93:1d:45:09:
                    a9:6c:54:08:f2:82:54:1d:5f:9a:83:64:5f:69:f7:
                    6a:b9:e8:ef:77:9d:f6:6d:98:8c:c8:2c:a5:13:c4:
                    79:70:bc:db:98:46:f4:a3:5c:7d:f9:41:a0:ec:0d:
                    af:b7:04:0d:b5:1c:20:7d:ef:f5:96:9a:b5:c9:67:
                    74:0f:0f:28:e9:e5:d2:0b:a8:55:44:56:a6:97:e6:
                    93:b0:53:e7:3d:fb:7b:a5:28:c1:cd:3a:0a:a4:9b:
                    f9:ae:e9:9e:cc:48:85:8f:a4:92:0f:7e:a9:09:76:
                    a2:66:15:b2:77:17:cb:d3:3f:93:07:92:2b:a5:54:
                    7d:73:12:71:90:73:33:43:88:bd:df:a4:66:2b:99:
                    cd:aa:3a:c2:21:0a:9e:ae:35:b5:01:60:af:50:02:
                    f2:da:e3:54:2e:ad:a7:bd:dc:20:26:33:54:5e:1c:
                    01:94:d0:b0:20:4b:40:af:6c:63:49:68:0b:d3:d2:
                    50:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7E:CD:2B:59:E6:CF:6F:63:15:37:65:38:EF:62:57:2F:C3:16:A3
            X509v3 Authority Key Identifier:
                keyid:48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/5X7NK1nmz29jFTdlOO9iVy_DFqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.249.0/24
                  185.140.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:61:c6:2c:59:f3:ec:ef:36:d8:77:e5:41:f6:05:ac:b1:c4:
         2a:e1:3b:c7:58:3e:41:6b:98:85:c0:3d:51:56:67:5a:94:0e:
         23:d0:0a:54:cf:ef:12:b4:f1:04:f9:f2:72:4f:61:1f:ff:d2:
         02:0b:79:56:97:28:77:5f:fa:45:69:29:51:43:5d:57:97:26:
         41:cd:fc:bf:bf:0c:60:1e:60:0b:6f:d6:df:6f:0f:38:2b:d3:
         ef:53:ea:dc:41:b4:ad:7b:7a:bf:df:ae:61:66:5b:20:af:29:
         f8:0d:3a:cd:90:09:d5:e7:94:ec:5d:68:1f:45:9d:90:4b:23:
         9b:01:c1:12:d9:0b:7c:32:3e:a8:ae:b4:ec:84:54:21:88:91:
         fc:04:be:a7:d0:41:e5:6b:4c:89:5b:1b:79:c4:1e:a7:ee:51:
         a8:81:ca:d3:08:46:41:00:c6:48:6f:ed:f5:58:97:c9:5a:17:
         5c:84:c6:4d:5e:2e:36:6c:85:52:ee:92:c2:6d:31:cc:98:e5:
         8c:4c:46:55:cf:05:8c:07:69:19:63:63:4b:8d:55:91:70:d2:
         68:14:90:1c:a4:24:c0:9e:b1:7a:2c:e8:20:ea:ae:1b:93:ed:
         d8:a5:4b:a8:e0:65:84:38:8b:3b:3e:f9:42:92:f3:8e:85:d9:
         77:e1:30:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCrJ44feSLgUW5rJk6Ob/pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YWJmMjlmZGVmODU3MDUwMmY0YjUxYmU1ZmZjMDVjNGQ5
YjM0NjUwHhcNMjQwNzEzMDgxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdlY2QyYjU5ZTZjZjZmNjMxNTM3NjUzOGVmNjI1NzJmYzMxNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVGwCNKDW3GX2fgzuGS5fXXVUSpb
s/2Dghk/EN7rIYfe9RePqWjNegeLl48H8l3Qo0oDgtYd2deKdLYtjbllkpZNTtYN
15MdRQmpbFQI8oJUHV+ag2Rfafdquejvd532bZiMyCylE8R5cLzbmEb0o1x9+UGg
7A2vtwQNtRwgfe/1lpq1yWd0Dw8o6eXSC6hVRFaml+aTsFPnPft7pSjBzToKpJv5
rumezEiFj6SSD36pCXaiZhWydxfL0z+TB5IrpVR9cxJxkHMzQ4i936RmK5nNqjrC
IQqerjW1AWCvUALy2uNULq2nvdwgJjNUXhwBlNCwIEtAr2xjSWgL09JQcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOV+zStZ5s9vYxU3ZTjvYlcvwxajMB8GA1UdIwQY
MBaAFEir8p/e+FcFAvS1G+X/wFxNmzRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQt
YWJhMTEzZjNlM2FlLzEvNVg3Tksxbm16MjlqRlRkbE9POWlWeV9ERnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQtYWJhMTEzZjNlM2Fl
LzEvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZT5AwQA
uYzpMA0GCSqGSIb3DQEBCwUAA4IBAQAYYcYsWfPs7zbYd+VB9gWsscQq4TvHWD5B
a5iFwD1RVmdalA4j0ApUz+8StPEE+fJyT2Ef/9ICC3lWlyh3X/pFaSlRQ11XlyZB
zfy/vwxgHmALb9bfbw84K9PvU+rcQbSte3q/365hZlsgryn4DTrNkAnV55TsXWgf
RZ2QSyObAcES2Qt8Mj6orrTshFQhiJH8BL6n0EHla0yJWxt5xB6n7lGogcrTCEZB
AMZIb+31WJfJWhdchMZNXi42bIVS7pLCbTHMmOWMTEZVzwWMB2kZY2NLjVWRcNJo
FJAcpCTAnrF6LOgg6q4bk+3YpUuo4GWEOIs7PvlCkvOOhdl34TB4
-----END CERTIFICATE-----