Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/Pbv756LHzPmGbhBkbATnvLIX2cg.roa
File:                     Pbv756LHzPmGbhBkbATnvLIX2cg.roa (raw, json)
Hash identifier:          ok9z2DgSAhdYKNFuQ76+ox+y/2Z1LOJoBK06Ciuki7M=
Subject key identifier:   3D:BB:FB:E7:A2:C7:CC:F9:86:6E:10:64:6C:04:E7:BC:B2:17:D9:C8
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       018CC725A230AF39472A931AA6BF12747456
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/Pbv756LHzPmGbhBkbATnvLIX2cg.roa
Signing time:             Mon 01 Jan 2024 22:29:41 +0000
ROA not before:           Mon 01 Jan 2024 22:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        45.151.96.0/24 maxlen: 24
                          94.137.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a2:30:af:39:47:2a:93:1a:a6:bf:12:74:74:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  1 22:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dbbfbe7a2c7ccf9866e10646c04e7bcb217d9c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:18:49:46:14:7b:1a:8d:86:f6:97:af:1b:
                    71:6d:cd:49:34:ce:02:7d:6c:ac:f6:b7:b0:cf:91:
                    b4:dd:21:41:16:9e:af:c5:e4:8c:bf:8b:59:1c:5e:
                    2c:71:1a:64:12:a9:b6:c1:68:33:eb:f1:e6:67:60:
                    da:07:e9:6b:c2:53:45:25:98:47:e6:45:c4:4e:2f:
                    60:1d:da:cd:49:92:73:e5:2a:47:86:8b:74:67:56:
                    7e:a4:47:e8:6b:89:61:f1:db:7a:53:f7:c3:62:3d:
                    72:cd:1b:89:03:6a:bd:b7:41:ff:cf:60:88:56:15:
                    04:6c:57:17:9f:43:59:51:52:dd:a8:89:51:c2:0f:
                    fd:20:84:1c:46:74:d0:2a:90:1d:c4:45:d3:80:ec:
                    0b:2a:b3:00:00:1a:5a:5e:69:bc:51:58:aa:06:86:
                    ee:5b:2a:d1:af:9e:3e:e4:a1:43:fb:1b:b1:1c:38:
                    43:cd:88:6b:33:70:9b:06:ea:11:0d:e1:f3:af:c8:
                    47:a7:e8:93:b0:a9:a6:17:b1:56:37:eb:c7:ea:27:
                    1f:a4:47:75:13:b7:94:49:24:3e:c5:91:29:cc:79:
                    1a:e2:90:76:48:a2:3e:24:a8:e6:99:c6:cc:fa:62:
                    da:85:5a:24:0e:93:b9:cf:b4:06:b2:cd:2c:f9:da:
                    fd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:BB:FB:E7:A2:C7:CC:F9:86:6E:10:64:6C:04:E7:BC:B2:17:D9:C8
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/Pbv756LHzPmGbhBkbATnvLIX2cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.96.0/24
                  94.137.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:20:2d:12:b3:32:66:6e:08:9f:d4:17:37:cf:69:ea:cd:32:
         d8:de:c3:75:a5:b9:ba:d2:28:da:04:6c:cd:e4:ca:e7:7b:5d:
         b2:4f:ec:f3:05:4a:7a:11:6f:71:25:7f:4d:c6:b0:b0:7f:c4:
         16:13:8e:9a:56:24:50:58:a8:c0:8c:82:de:3d:45:9f:b0:40:
         79:1e:e3:55:51:41:ab:ae:b8:b7:23:c3:a7:34:09:58:b1:86:
         04:7e:c0:0a:31:df:eb:e2:a9:89:61:c1:5d:5f:ad:3d:63:81:
         cf:fa:47:ee:23:e7:32:7a:d3:e8:2d:5e:81:94:47:c8:65:c4:
         27:b4:e9:89:38:8f:1a:ab:02:2b:01:f6:6e:1a:c5:3c:48:ff:
         fe:56:7c:6f:14:63:0c:a8:8b:2d:d2:91:08:d1:85:a2:fd:a9:
         64:1d:38:9c:1c:25:d7:04:cb:4f:16:3a:58:8e:58:a1:bf:63:
         ec:e1:bc:d9:d4:ab:06:8c:39:69:ba:ed:1d:b8:7c:94:5b:b7:
         c4:5e:b1:65:54:74:ca:9d:c2:b5:22:b5:84:6c:e5:df:2f:fa:
         9a:35:95:cd:80:1d:4a:4d:5e:a1:f7:91:50:05:56:e0:d5:31:
         ec:c9:a6:1b:74:29:14:07:b2:d5:0d:74:9a:10:a2:98:07:e7:
         31:47:1b:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJaIwrzlHKpMapr8SdHRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwMTAxMjIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGJiZmJlN2EyYzdjY2Y5ODY2ZTEwNjQ2YzA0ZTdiY2IyMTdkOWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjMYSUYUexqNhvaXrxtxbc1JNM4C
fWys9rewz5G03SFBFp6vxeSMv4tZHF4scRpkEqm2wWgz6/HmZ2DaB+lrwlNFJZhH
5kXETi9gHdrNSZJz5SpHhot0Z1Z+pEfoa4lh8dt6U/fDYj1yzRuJA2q9t0H/z2CI
VhUEbFcXn0NZUVLdqIlRwg/9IIQcRnTQKpAdxEXTgOwLKrMAABpaXmm8UViqBobu
WyrRr54+5KFD+xuxHDhDzYhrM3CbBuoRDeHzr8hHp+iTsKmmF7FWN+vH6icfpEd1
E7eUSSQ+xZEpzHka4pB2SKI+JKjmmcbM+mLahVokDpO5z7QGss0s+dr96wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD27++eix8z5hm4QZGwE57yyF9nIMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvUGJ2NzU2TEh6UG1HYmhCa2JBVG52TElYMmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZdgAwQA
XolJMA0GCSqGSIb3DQEBCwUAA4IBAQAgIC0SszJmbgif1Bc3z2nqzTLY3sN1pbm6
0ijaBGzN5Mrne12yT+zzBUp6EW9xJX9NxrCwf8QWE46aViRQWKjAjILePUWfsEB5
HuNVUUGrrri3I8OnNAlYsYYEfsAKMd/r4qmJYcFdX609Y4HP+kfuI+cyetPoLV6B
lEfIZcQntOmJOI8aqwIrAfZuGsU8SP/+VnxvFGMMqIst0pEI0YWi/alkHTicHCXX
BMtPFjpYjlihv2Ps4bzZ1KsGjDlpuu0duHyUW7fEXrFlVHTKncK1IrWEbOXfL/qa
NZXNgB1KTV6h95FQBVbg1THsyaYbdCkUB7LVDXSaEKKYB+cxRxtm
-----END CERTIFICATE-----