Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/dJyo5maMFYG06CB60KewP8-LNEc.roa
File:                     dJyo5maMFYG06CB60KewP8-LNEc.roa (raw, json)
Hash identifier:          LO26kgSXxCz0IxFKcAaH1ZYq5V5rRxtBlLjShWu3YvU=
Subject key identifier:   74:9C:A8:E6:66:8C:15:81:B4:E8:20:7A:D0:A7:B0:3F:CF:8B:34:47
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019426D9C2657092B883F6D0884724739304
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/dJyo5maMFYG06CB60KewP8-LNEc.roa
Signing time:             Thu 02 Jan 2025 11:49:52 +0000
ROA not before:           Thu 02 Jan 2025 11:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215476
IP address blocks:        45.151.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c2:65:70:92:b8:83:f6:d0:88:47:24:73:93:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=749ca8e6668c1581b4e8207ad0a7b03fcf8b3447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:61:82:f0:d2:0b:57:8a:fc:cd:01:7d:5b:fc:
                    d9:58:07:91:30:d2:87:e3:e8:52:93:df:4a:0f:f6:
                    b1:3a:9b:6b:c5:0a:54:ce:0e:9d:ba:b2:8f:67:36:
                    c9:69:24:6d:5f:c1:4b:7b:c2:b9:20:e5:d9:96:d6:
                    a4:d0:cf:10:37:ce:26:95:41:f4:68:18:86:be:f8:
                    07:a3:72:f9:92:d2:a4:20:a9:f4:f7:2c:07:c8:f7:
                    55:67:34:ae:d3:93:b9:a3:e6:fb:14:8f:93:69:86:
                    a7:0b:5c:73:e7:c6:e4:ea:48:de:2f:60:05:b9:9b:
                    3c:c2:a4:d7:ea:76:61:2d:e0:6c:88:a2:28:f9:f1:
                    62:d6:8c:68:ca:8b:49:f5:ca:98:4b:ad:ea:41:11:
                    41:95:fd:eb:7a:66:b6:b6:a6:0d:27:a3:da:60:81:
                    d0:84:92:ea:33:64:34:b1:4a:4e:a0:bc:8e:86:43:
                    c0:1b:d2:3c:b1:c6:2d:f3:17:a2:4f:ec:a9:07:ec:
                    6a:7f:d6:6f:58:e3:80:1d:ba:7b:62:f4:7b:8a:97:
                    be:6b:cc:b1:68:57:04:ca:ff:de:12:bf:93:d6:6f:
                    2d:e0:6d:c9:ea:d2:7c:77:21:c0:cb:e1:0c:bf:72:
                    1b:a2:0b:c9:61:46:cb:ec:6e:eb:3c:25:50:12:18:
                    ec:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:9C:A8:E6:66:8C:15:81:B4:E8:20:7A:D0:A7:B0:3F:CF:8B:34:47
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/dJyo5maMFYG06CB60KewP8-LNEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:66:ec:01:0f:7c:b4:89:60:d1:29:cc:0c:66:b1:58:29:9d:
         b7:8c:51:5c:8e:6f:85:1d:07:1a:e8:75:e2:c5:f4:10:07:c3:
         3a:9a:c1:7a:31:48:41:e6:97:3d:96:bf:ee:ec:e3:ed:31:91:
         89:1f:ba:be:7b:c6:c2:22:4a:c7:f9:12:a2:c9:42:50:ef:9e:
         c1:e5:f9:7b:9e:ae:19:2d:2d:58:6e:64:cc:22:0e:0f:41:c1:
         81:b4:1e:67:76:ba:3e:a9:ff:3f:cf:6b:25:ed:8c:10:8e:7b:
         d7:3f:7f:4f:44:93:61:22:65:65:e5:c6:13:e2:5a:02:2d:5b:
         2a:a8:6f:f0:8d:e1:91:24:b3:11:c8:39:f2:b6:97:32:bd:ce:
         4d:65:52:2e:b1:64:cc:27:d9:6a:0e:59:50:c6:08:76:bb:dc:
         5f:a3:96:cd:32:a2:28:f7:9e:7a:8e:98:1e:6a:66:20:37:2d:
         e5:d8:ae:0e:01:f3:e3:41:7b:d1:69:c1:a3:5f:9d:96:e7:52:
         fa:24:a1:a5:d1:ad:d4:81:3e:13:15:61:8c:b1:ac:be:07:56:
         8a:42:86:18:9f:9d:67:86:57:48:40:3d:c3:fa:c8:65:fc:d4:
         a7:7c:01:4d:12:3c:3a:e6:8b:97:e8:77:b6:8c:67:22:91:35:
         0a:f0:7e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cJlcJK4g/bQiEckc5MEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDljYThlNjY2OGMxNTgxYjRlODIwN2FkMGE3YjAzZmNmOGIzNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WGC8NILV4r8zQF9W/zZWAeRMNKH
4+hSk99KD/axOptrxQpUzg6durKPZzbJaSRtX8FLe8K5IOXZltak0M8QN84mlUH0
aBiGvvgHo3L5ktKkIKn09ywHyPdVZzSu05O5o+b7FI+TaYanC1xz58bk6kjeL2AF
uZs8wqTX6nZhLeBsiKIo+fFi1oxoyotJ9cqYS63qQRFBlf3rema2tqYNJ6PaYIHQ
hJLqM2Q0sUpOoLyOhkPAG9I8scYt8xeiT+ypB+xqf9ZvWOOAHbp7YvR7ipe+a8yx
aFcEyv/eEr+T1m8t4G3J6tJ8dyHAy+EMv3IbogvJYUbL7G7rPCVQEhjsIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHScqOZmjBWBtOggetCnsD/PizRHMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvZEp5bzVtYU1GWUcwNkNCNjBLZXdQOC1MTkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdjMA0G
CSqGSIb3DQEBCwUAA4IBAQA1ZuwBD3y0iWDRKcwMZrFYKZ23jFFcjm+FHQca6HXi
xfQQB8M6msF6MUhB5pc9lr/u7OPtMZGJH7q+e8bCIkrH+RKiyUJQ757B5fl7nq4Z
LS1YbmTMIg4PQcGBtB5ndro+qf8/z2sl7YwQjnvXP39PRJNhImVl5cYT4loCLVsq
qG/wjeGRJLMRyDnytpcyvc5NZVIusWTMJ9lqDllQxgh2u9xfo5bNMqIo9556jpge
amYgNy3l2K4OAfPjQXvRacGjX52W51L6JKGl0a3UgT4TFWGMsay+B1aKQoYYn51n
hldIQD3D+shl/NSnfAFNEjw65ouX6He2jGcikTUK8H6G
-----END CERTIFICATE-----