Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/Da39FAXH1Nt9T73bYWeTzklC28w.roa
File:                     Da39FAXH1Nt9T73bYWeTzklC28w.roa (raw, json)
Hash identifier:          ATJZZ1XOH7ZQZXlF4fE9cnPYequ988BwpNrE/6RsqI4=
Subject key identifier:   0D:AD:FD:14:05:C7:D4:DB:7D:4F:BD:DB:61:67:93:CE:49:42:DB:CC
Certificate issuer:       /CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
Certificate serial:       01934A9FD8E14CF3CD1320B443CA83730787
Authority key identifier: 48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/Da39FAXH1Nt9T73bYWeTzklC28w.roa
Signing time:             Wed 20 Nov 2024 17:30:09 +0000
ROA not before:           Wed 20 Nov 2024 17:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215655
IP address blocks:        45.86.4.0/24 maxlen: 24
                          45.86.5.0/24 maxlen: 24
                          95.130.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:9f:d8:e1:4c:f3:cd:13:20:b4:43:ca:83:73:07:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
        Validity
            Not Before: Nov 20 17:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dadfd1405c7d4db7d4fbddb616793ce4942dbcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ad:46:b7:e3:92:aa:b4:e8:65:06:a5:2a:a4:
                    0d:c1:d2:04:52:cc:81:e5:77:35:32:84:a4:ca:8c:
                    15:d7:84:eb:72:08:34:93:66:c7:f2:58:b3:7a:90:
                    17:0b:72:db:98:a3:8a:68:c9:2e:81:dc:34:00:41:
                    64:d9:91:32:bf:a9:65:db:dc:c2:fe:71:1d:c7:05:
                    7f:74:20:05:d1:e5:55:5a:58:8d:d0:10:ba:dd:70:
                    f0:f2:5d:d1:3c:88:ca:fb:68:27:bc:44:51:52:19:
                    8a:6b:22:05:47:77:a9:4f:c8:fc:b4:de:b8:b3:f6:
                    89:bb:88:c2:a8:51:a3:d1:a4:94:4a:fa:42:68:21:
                    28:fc:ce:c3:33:f8:7a:e6:0a:b3:bd:92:2d:8c:b0:
                    af:0e:44:75:50:5f:0e:ae:07:45:f8:b8:1b:47:d3:
                    65:39:de:33:d2:af:7b:ed:8e:06:33:15:ac:75:ec:
                    29:0b:c5:e1:b5:f3:f6:61:be:33:fe:f7:44:dd:ed:
                    3e:08:e6:0d:b7:c7:d5:e0:1e:4a:54:ac:48:de:06:
                    cd:74:2f:13:86:e9:95:a6:06:9c:fa:8c:5e:e7:09:
                    98:5e:02:3f:bd:58:56:12:06:26:b5:c0:c4:86:f0:
                    52:9e:38:50:26:cc:40:49:c6:5f:e8:ef:df:bd:57:
                    a3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AD:FD:14:05:C7:D4:DB:7D:4F:BD:DB:61:67:93:CE:49:42:DB:CC
            X509v3 Authority Key Identifier:
                keyid:48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/Da39FAXH1Nt9T73bYWeTzklC28w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.4.0/23
                  95.130.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:e8:ea:4b:e0:9a:07:3f:24:27:19:96:73:53:3d:4a:57:bc:
         7f:b8:79:eb:e5:c6:a7:aa:05:a8:05:f8:65:eb:2a:8b:38:02:
         db:4d:d6:e0:24:22:7c:13:2e:14:97:aa:82:b6:36:25:62:fa:
         dc:11:d7:7b:0d:bb:05:d7:68:cd:cd:26:4c:11:9e:f5:e9:7d:
         ce:8c:64:69:ab:25:e9:e7:80:23:2c:55:f9:81:ae:c1:9c:40:
         d8:5a:5e:cb:3e:7c:64:f5:32:3d:71:31:33:89:69:79:49:21:
         4c:c8:18:fb:fb:fa:b2:01:1f:0f:31:dc:88:52:d0:d3:ee:1d:
         a7:86:4d:c9:24:1b:d6:6d:88:f6:63:00:2f:f5:6b:d0:48:e2:
         ad:5f:d4:26:26:bf:bd:ac:4d:c5:62:22:4c:8a:40:d0:c9:02:
         44:e5:53:f8:66:fc:83:30:10:c7:94:7e:b0:86:3f:b5:0c:42:
         ef:e4:70:e9:fe:ff:d3:60:02:f4:3b:8f:96:8d:82:3c:ea:4c:
         a4:c3:4c:4c:2e:c2:4e:27:78:13:92:7a:b9:f7:c3:8e:ff:f1:
         1c:32:f2:e4:c8:1a:1c:fa:be:c1:73:73:44:3c:59:43:68:4b:
         8e:de:1b:09:9e:73:9f:2b:44:98:ee:a2:5f:32:47:0c:a9:6d:
         f9:cc:a7:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNKn9jhTPPNEyC0Q8qDcweHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YWJmMjlmZGVmODU3MDUwMmY0YjUxYmU1ZmZjMDVjNGQ5
YjM0NjUwHhcNMjQxMTIwMTczMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFkZmQxNDA1YzdkNGRiN2Q0ZmJkZGI2MTY3OTNjZTQ5NDJkYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq1Gt+OSqrToZQalKqQNwdIEUsyB
5Xc1MoSkyowV14Trcgg0k2bH8lizepAXC3LbmKOKaMkugdw0AEFk2ZEyv6ll29zC
/nEdxwV/dCAF0eVVWliN0BC63XDw8l3RPIjK+2gnvERRUhmKayIFR3epT8j8tN64
s/aJu4jCqFGj0aSUSvpCaCEo/M7DM/h65gqzvZItjLCvDkR1UF8OrgdF+LgbR9Nl
Od4z0q977Y4GMxWsdewpC8XhtfP2Yb4z/vdE3e0+COYNt8fV4B5KVKxI3gbNdC8T
humVpgac+oxe5wmYXgI/vVhWEgYmtcDEhvBSnjhQJsxAScZf6O/fvVejUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA2t/RQFx9TbfU+922Fnk85JQtvMMB8GA1UdIwQY
MBaAFEir8p/e+FcFAvS1G+X/wFxNmzRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQt
YWJhMTEzZjNlM2FlLzEvRGEzOUZBWEgxTnQ5VDczYllXZVR6a2xDMjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQtYWJhMTEzZjNlM2Fl
LzEvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVYEAwQA
X4LhMA0GCSqGSIb3DQEBCwUAA4IBAQAJ6OpL4JoHPyQnGZZzUz1KV7x/uHnr5can
qgWoBfhl6yqLOALbTdbgJCJ8Ey4Ul6qCtjYlYvrcEdd7DbsF12jNzSZMEZ716X3O
jGRpqyXp54AjLFX5ga7BnEDYWl7LPnxk9TI9cTEziWl5SSFMyBj7+/qyAR8PMdyI
UtDT7h2nhk3JJBvWbYj2YwAv9WvQSOKtX9QmJr+9rE3FYiJMikDQyQJE5VP4ZvyD
MBDHlH6whj+1DELv5HDp/v/TYAL0O4+WjYI86kykw0xMLsJOJ3gTknq598OO//Ec
MvLkyBoc+r7Bc3NEPFlDaEuO3hsJnnOfK0SY7qJfMkcMqW35zKcQ
-----END CERTIFICATE-----