Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/L-kthgTBdvPbo-EgxQp15GJknDc.roa
File:                     L-kthgTBdvPbo-EgxQp15GJknDc.roa (raw, json)
Hash identifier:          QWnlzcQp4eqNBq6shJd04dRGpvY7EsmECW1CaaHggGw=
Subject key identifier:   2F:E9:2D:86:04:C1:76:F3:DB:A3:E1:20:C5:0A:75:E4:62:64:9C:37
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       018DD72B7F5F579B2DEEE4EA61E0ED81FF5A
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/L-kthgTBdvPbo-EgxQp15GJknDc.roa
Signing time:             Fri 23 Feb 2024 18:12:48 +0000
ROA not before:           Fri 23 Feb 2024 18:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215758
IP address blocks:        45.151.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d7:2b:7f:5f:57:9b:2d:ee:e4:ea:61:e0:ed:81:ff:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Feb 23 18:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fe92d8604c176f3dba3e120c50a75e462649c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8a:27:c8:ae:fb:c5:15:7b:91:71:b2:aa:af:
                    e9:9e:54:63:98:a8:91:17:9a:5e:ef:6c:f8:7d:0d:
                    6c:66:52:56:85:8b:5f:b0:ab:a1:e0:3a:11:4e:a2:
                    cb:9d:db:68:49:8a:61:f6:ad:60:9d:9f:22:f2:b6:
                    3f:9b:8e:0f:8c:9a:de:6e:5d:2f:20:f9:76:ea:7c:
                    bd:de:d1:b5:0e:45:92:de:9a:02:e8:ce:b5:7d:8f:
                    65:44:63:a2:02:b8:fb:2a:0b:d7:06:ff:cb:fa:81:
                    1f:51:79:f7:b1:3b:ec:31:ff:7a:e7:84:fb:05:8c:
                    4e:09:52:e8:83:48:33:ef:a6:a9:f3:4a:25:92:e0:
                    b0:22:32:cd:9e:47:e9:69:33:5e:b5:95:af:ee:24:
                    d9:80:8f:3f:b3:80:be:a6:12:a3:7b:e5:81:59:d3:
                    b5:16:64:ac:fc:1e:1a:8d:c9:0f:d5:37:79:df:2b:
                    eb:7c:19:a1:4f:09:fb:6b:39:3f:58:1e:ac:cc:e0:
                    b1:c5:d5:b9:1e:c6:35:80:c6:b6:5d:46:f3:5f:13:
                    da:99:60:65:35:26:9e:0e:5e:7a:2d:bf:8a:0f:80:
                    c5:a2:de:a4:54:a2:3c:c6:cd:86:d0:0a:6b:5f:ce:
                    22:88:1e:f0:e5:d9:e4:5c:b9:92:76:91:b2:f0:a2:
                    88:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E9:2D:86:04:C1:76:F3:DB:A3:E1:20:C5:0A:75:E4:62:64:9C:37
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/L-kthgTBdvPbo-EgxQp15GJknDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:ff:5b:67:39:6c:88:a6:d2:75:40:6a:e6:1f:57:3b:b4:ba:
         ce:f2:95:87:71:a4:69:ec:1e:85:78:f2:cb:78:74:10:9e:08:
         a6:ca:eb:17:f0:10:32:bc:cd:4c:6e:c1:0d:60:76:fb:9d:f9:
         e5:64:c8:ae:71:9a:25:94:68:9a:cf:56:8b:84:97:a4:01:16:
         c7:b7:d8:5f:69:dc:1e:b3:2f:c2:af:2e:ce:18:fc:b5:90:9f:
         28:9e:04:6d:f7:5a:44:0e:10:2e:d5:77:a6:e7:17:ce:c6:f7:
         e3:92:21:4e:18:7f:6c:99:97:96:8e:f3:df:da:10:65:5c:76:
         82:f4:28:8a:11:53:d6:6e:21:26:8c:94:71:dd:a7:a9:31:02:
         aa:ac:56:27:d5:4a:0e:90:31:e5:b7:39:37:8d:09:68:54:dd:
         71:92:8e:75:ef:88:cf:aa:07:d9:a8:03:79:e1:59:13:79:c8:
         05:c1:ec:28:30:94:b7:c8:92:9d:74:b5:00:b0:6e:ca:a0:0d:
         ef:d0:33:a8:0e:69:b0:06:83:bc:e0:0c:1f:a2:1c:2b:5e:3d:
         cb:5c:6d:4f:61:5b:b0:e2:f7:8b:1a:24:c4:ff:3a:ae:4d:d3:
         a8:c9:6d:61:cc:a4:b6:2b:1a:d5:a2:fa:7c:83:3c:53:85:79:
         f0:8d:40:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3XK39fV5st7uTqYeDtgf9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwMjIzMTgxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmU5MmQ4NjA0YzE3NmYzZGJhM2UxMjBjNTBhNzVlNDYyNjQ5YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4onyK77xRV7kXGyqq/pnlRjmKiR
F5pe72z4fQ1sZlJWhYtfsKuh4DoRTqLLndtoSYph9q1gnZ8i8rY/m44PjJrebl0v
IPl26ny93tG1DkWS3poC6M61fY9lRGOiArj7KgvXBv/L+oEfUXn3sTvsMf9654T7
BYxOCVLog0gz76ap80olkuCwIjLNnkfpaTNetZWv7iTZgI8/s4C+phKje+WBWdO1
FmSs/B4ajckP1Td53yvrfBmhTwn7azk/WB6szOCxxdW5HsY1gMa2XUbzXxPamWBl
NSaeDl56Lb+KD4DFot6kVKI8xs2G0AprX84iiB7w5dnkXLmSdpGy8KKIAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/pLYYEwXbz26PhIMUKdeRiZJw3MB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvTC1rdGhnVEJkdlBiby1FZ3hRcDE1R0prbkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdhMA0G
CSqGSIb3DQEBCwUAA4IBAQAB/1tnOWyIptJ1QGrmH1c7tLrO8pWHcaRp7B6FePLL
eHQQngimyusX8BAyvM1MbsENYHb7nfnlZMiucZollGiaz1aLhJekARbHt9hfadwe
sy/Cry7OGPy1kJ8ongRt91pEDhAu1Xem5xfOxvfjkiFOGH9smZeWjvPf2hBlXHaC
9CiKEVPWbiEmjJRx3aepMQKqrFYn1UoOkDHltzk3jQloVN1xko5174jPqgfZqAN5
4VkTecgFwewoMJS3yJKddLUAsG7KoA3v0DOoDmmwBoO84AwfohwrXj3LXG1PYVuw
4veLGiTE/zquTdOoyW1hzKS2KxrVovp8gzxThXnwjUDm
-----END CERTIFICATE-----