Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/u6SYRq8ZZm9A7EUApT211Sgu_4s.roa
File:                     u6SYRq8ZZm9A7EUApT211Sgu_4s.roa (raw, json)
Hash identifier:          4ThZqyqe1YLwA1+/bI2pzOepqRPY9P7IbyULJEbEh0M=
Subject key identifier:   BB:A4:98:46:AF:19:66:6F:40:EC:45:00:A5:3D:B5:D5:28:2E:FF:8B
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       0191040335297BE279ECD7C64033296AEE06
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/u6SYRq8ZZm9A7EUApT211Sgu_4s.roa
Signing time:             Tue 30 Jul 2024 14:20:04 +0000
ROA not before:           Tue 30 Jul 2024 14:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215476
IP address blocks:        45.151.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:04:03:35:29:7b:e2:79:ec:d7:c6:40:33:29:6a:ee:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jul 30 14:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bba49846af19666f40ec4500a53db5d5282eff8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:06:98:a6:b3:17:29:a1:ae:b5:79:af:71:46:
                    ed:83:12:74:be:02:ef:83:51:89:cf:bf:f2:81:48:
                    9a:ac:90:63:66:94:c9:ba:3b:f1:45:a4:ca:7a:b4:
                    21:12:3b:41:cd:f1:71:43:ea:4f:f5:a1:94:52:09:
                    36:9a:ba:57:b2:08:80:3b:b1:50:c1:26:a5:52:c4:
                    60:ab:0c:e3:91:ad:d7:ba:78:dc:a8:78:b9:0f:95:
                    86:d3:4c:13:4f:9b:f5:96:75:59:65:e3:39:5d:06:
                    fb:72:fe:e5:ce:7b:ca:27:37:61:c9:20:d8:b1:ad:
                    36:9e:66:ce:7d:52:4e:f3:f3:f6:22:d9:1d:70:54:
                    c5:56:1e:40:9e:bc:ea:9e:36:57:f0:e0:e3:7c:bb:
                    0c:db:8c:47:5c:c3:63:3c:e7:30:b8:4d:ec:75:7b:
                    6c:4d:b9:8d:94:73:0e:cf:4f:e9:d0:22:53:ff:65:
                    b9:a9:90:a1:d3:c5:d5:4a:bd:ef:e6:0a:f2:d0:2b:
                    36:4f:a2:73:ba:93:de:4a:41:18:a7:5f:ec:ef:b4:
                    4d:75:6f:5a:f3:d4:35:02:a0:27:69:d9:7a:43:3e:
                    fa:9a:12:5f:42:5a:96:ff:70:9f:d3:86:95:06:64:
                    06:6a:c0:b6:3c:d2:04:22:98:41:27:25:68:ba:75:
                    b7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:A4:98:46:AF:19:66:6F:40:EC:45:00:A5:3D:B5:D5:28:2E:FF:8B
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/u6SYRq8ZZm9A7EUApT211Sgu_4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e8:c4:65:e2:a5:84:31:3b:87:30:68:02:86:c6:77:05:ec:
         d2:86:55:4f:6d:9e:e1:d4:33:94:25:5a:a6:80:2b:34:1d:d6:
         d1:97:4b:bc:eb:c1:f9:8b:c6:a8:1e:68:81:ee:15:61:18:5c:
         a9:b9:fe:68:2e:7a:51:95:1d:ad:7c:d2:c1:be:7e:ed:9c:28:
         9b:f9:0c:03:b3:7d:34:ff:c8:77:5e:d0:8f:fa:a2:c2:14:52:
         a9:31:69:85:f0:5b:8c:5c:55:7f:bf:ed:5c:25:83:52:97:29:
         0d:27:32:1c:49:35:07:b5:71:c8:5f:b7:3a:14:47:02:64:08:
         42:3e:4f:3b:d1:e6:39:67:26:df:f9:29:d9:5a:db:f5:ed:20:
         08:cc:10:b7:95:82:44:03:8c:bd:a3:0d:b2:4c:24:c5:ff:9f:
         db:b2:f3:dc:da:a4:50:85:dd:75:f6:48:3e:b5:63:b9:5c:96:
         d9:bb:2c:96:3a:86:04:54:a9:c5:b0:b0:15:6f:b7:92:a1:5f:
         7f:a5:5e:16:09:dc:3a:fe:8e:94:6a:aa:94:e0:e9:bc:b5:48:
         88:36:e1:1b:b1:da:be:59:8d:ef:2d:fe:dd:5d:a2:b9:ee:e8:
         8c:05:39:ac:74:1f:e3:e3:99:cf:c3:94:f8:c5:7d:04:b2:dd:
         4b:3a:2a:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEEAzUpe+J57NfGQDMpau4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwNzMwMTQyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmE0OTg0NmFmMTk2NjZmNDBlYzQ1MDBhNTNkYjVkNTI4MmVmZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQaYprMXKaGutXmvcUbtgxJ0vgLv
g1GJz7/ygUiarJBjZpTJujvxRaTKerQhEjtBzfFxQ+pP9aGUUgk2mrpXsgiAO7FQ
wSalUsRgqwzjka3XunjcqHi5D5WG00wTT5v1lnVZZeM5XQb7cv7lznvKJzdhySDY
sa02nmbOfVJO8/P2ItkdcFTFVh5AnrzqnjZX8ODjfLsM24xHXMNjPOcwuE3sdXts
TbmNlHMOz0/p0CJT/2W5qZCh08XVSr3v5gry0Cs2T6JzupPeSkEYp1/s77RNdW9a
89Q1AqAnadl6Qz76mhJfQlqW/3Cf04aVBmQGasC2PNIEIphBJyVounW3DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLukmEavGWZvQOxFAKU9tdUoLv+LMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvdTZTWVJxOFpabTlBN0VVQXBUMjExU2d1XzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdjMA0G
CSqGSIb3DQEBCwUAA4IBAQBp6MRl4qWEMTuHMGgChsZ3BezShlVPbZ7h1DOUJVqm
gCs0HdbRl0u868H5i8aoHmiB7hVhGFypuf5oLnpRlR2tfNLBvn7tnCib+QwDs300
/8h3XtCP+qLCFFKpMWmF8FuMXFV/v+1cJYNSlykNJzIcSTUHtXHIX7c6FEcCZAhC
Pk870eY5Zybf+SnZWtv17SAIzBC3lYJEA4y9ow2yTCTF/5/bsvPc2qRQhd119kg+
tWO5XJbZuyyWOoYEVKnFsLAVb7eSoV9/pV4WCdw6/o6UaqqU4Om8tUiINuEbsdq+
WY3vLf7dXaK57uiMBTmsdB/j45nPw5T4xX0Est1LOiqe
-----END CERTIFICATE-----