Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/xIc_lIqphfTTSkMcDwvwDFAETzg.roa
File:                     xIc_lIqphfTTSkMcDwvwDFAETzg.roa (raw, json)
Hash identifier:          VsGl7cuz4kZPo/RXRxKLpZMBXnOPYO4DxwovcZqyYik=
Subject key identifier:   C4:87:3F:94:8A:A9:85:F4:D3:4A:43:1C:0F:0B:F0:0C:50:04:4F:38
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       01910E91D7F944652CC3135F7C18EEBC9033
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/xIc_lIqphfTTSkMcDwvwDFAETzg.roa
Signing time:             Thu 01 Aug 2024 15:32:04 +0000
ROA not before:           Thu 01 Aug 2024 15:32:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19318
IP address blocks:        45.151.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:91:d7:f9:44:65:2c:c3:13:5f:7c:18:ee:bc:90:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Aug  1 15:32:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4873f948aa985f4d34a431c0f0bf00c50044f38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d5:e2:44:5f:f8:9c:9f:23:9a:7c:ed:89:27:
                    23:30:07:7b:70:74:ac:3f:7e:69:44:00:37:ee:f1:
                    a9:0d:8a:1a:df:b0:10:e6:90:a0:23:61:62:b0:82:
                    50:ce:c1:0c:f1:e3:7f:e9:4d:e1:25:04:d1:0c:6f:
                    92:f1:0a:e9:6f:13:98:47:9a:2c:8a:4a:e1:02:ac:
                    1f:a1:27:ee:04:52:05:84:86:97:c5:96:4a:d4:78:
                    e5:50:ac:f7:14:fb:38:47:88:ea:be:60:e6:a1:98:
                    ae:a5:d1:ee:ba:0f:95:40:5b:5d:0a:35:4f:25:ec:
                    38:f2:d2:81:88:a5:8e:4c:c6:21:5e:34:87:79:f0:
                    5d:20:56:f2:7f:fd:dc:8d:35:5f:fb:8f:e9:f7:c3:
                    17:08:b2:85:7e:9d:f7:ad:c1:13:5d:6c:23:1c:d8:
                    a2:34:05:8d:62:f6:f5:73:ca:9e:e0:50:6c:28:57:
                    62:a7:ac:0d:1f:91:d1:6f:e1:be:8e:12:b9:8b:1d:
                    f2:79:ab:ae:19:20:fd:f7:d9:0b:b9:9c:30:08:37:
                    1e:81:d2:68:f4:a5:1d:46:e9:37:7d:ce:88:dd:ad:
                    ad:1b:0a:18:99:68:f1:df:8e:bd:c5:07:08:7d:18:
                    d9:75:fa:fd:c7:03:f1:ed:9d:e6:76:3a:7a:ca:22:
                    2b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:87:3F:94:8A:A9:85:F4:D3:4A:43:1C:0F:0B:F0:0C:50:04:4F:38
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/xIc_lIqphfTTSkMcDwvwDFAETzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:07:57:86:f5:68:8d:fa:1a:d4:68:a8:46:51:fd:44:87:f3:
         c7:f5:29:a4:c0:20:d8:70:8f:de:24:da:63:0a:d0:c6:ee:b8:
         87:f6:41:94:44:63:1e:12:5c:6a:d9:d1:88:81:b1:18:55:10:
         2a:8b:24:18:34:19:b5:b1:be:5c:fc:fb:b2:30:59:f2:46:c5:
         b8:5f:9c:d7:46:5d:24:ce:2c:48:63:50:72:51:77:0b:bc:65:
         cd:4e:6b:c8:c6:21:6a:e4:69:e0:1f:d2:12:e3:b6:db:09:88:
         7c:8a:39:15:b4:90:1f:dd:d0:dd:d2:d2:fc:dd:cb:62:f7:90:
         3c:58:ab:47:1c:c6:b1:df:fe:54:f1:37:fe:55:57:d3:f3:f9:
         66:02:27:23:65:da:e0:fa:47:7f:e0:f7:e1:84:89:4b:3e:4a:
         bd:f2:48:7f:85:13:55:58:aa:01:19:4e:f2:29:08:36:e3:1d:
         27:8f:a9:94:5a:bd:70:00:7e:de:8c:aa:12:df:c4:70:89:dc:
         41:17:c9:c5:40:f2:5e:dc:eb:57:c4:dc:1d:3a:57:15:3f:a4:
         12:67:ea:9f:da:bb:51:71:c6:56:f5:5e:07:c2:f5:3d:60:09:
         2b:f5:a7:45:bb:0f:bf:4c:dd:2e:ba:30:f4:71:e0:ca:1c:e7:
         84:cf:51:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEOkdf5RGUswxNffBjuvJAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwODAxMTUzMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDg3M2Y5NDhhYTk4NWY0ZDM0YTQzMWMwZjBiZjAwYzUwMDQ0ZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNXiRF/4nJ8jmnztiScjMAd7cHSs
P35pRAA37vGpDYoa37AQ5pCgI2FisIJQzsEM8eN/6U3hJQTRDG+S8QrpbxOYR5os
ikrhAqwfoSfuBFIFhIaXxZZK1HjlUKz3FPs4R4jqvmDmoZiupdHuug+VQFtdCjVP
Jew48tKBiKWOTMYhXjSHefBdIFbyf/3cjTVf+4/p98MXCLKFfp33rcETXWwjHNii
NAWNYvb1c8qe4FBsKFdip6wNH5HRb+G+jhK5ix3yeauuGSD999kLuZwwCDcegdJo
9KUdRuk3fc6I3a2tGwoYmWjx3469xQcIfRjZdfr9xwPx7Z3mdjp6yiIrrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSHP5SKqYX000pDHA8L8AxQBE84MB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEveEljX2xJcXBoZlRUU2tNY0R3dndERkFFVHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdjMA0G
CSqGSIb3DQEBCwUAA4IBAQBcB1eG9WiN+hrUaKhGUf1Eh/PH9SmkwCDYcI/eJNpj
CtDG7riH9kGURGMeElxq2dGIgbEYVRAqiyQYNBm1sb5c/PuyMFnyRsW4X5zXRl0k
zixIY1ByUXcLvGXNTmvIxiFq5GngH9IS47bbCYh8ijkVtJAf3dDd0tL83cti95A8
WKtHHMax3/5U8Tf+VVfT8/lmAicjZdrg+kd/4PfhhIlLPkq98kh/hRNVWKoBGU7y
KQg24x0nj6mUWr1wAH7ejKoS38RwidxBF8nFQPJe3OtXxNwdOlcVP6QSZ+qf2rtR
ccZW9V4HwvU9YAkr9adFuw+/TN0uujD0ceDKHOeEz1GQ
-----END CERTIFICATE-----