Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/bQ_rnbgP3rciANj5qmEn3DKTyqY.roa
File:                     bQ_rnbgP3rciANj5qmEn3DKTyqY.roa (raw, json)
Hash identifier:          Z7rb91DrjL2YOVvgBALBiZ6D3w+XMpTpEe8NQKVET+A=
Subject key identifier:   6D:0F:EB:9D:B8:0F:DE:B7:22:00:D8:F9:AA:61:27:DC:32:93:CA:A6
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       01911DFE832F4479518B177899CDD79533E4
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/bQ_rnbgP3rciANj5qmEn3DKTyqY.roa
Signing time:             Sun 04 Aug 2024 15:25:04 +0000
ROA not before:           Sun 04 Aug 2024 15:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200193
IP address blocks:        45.154.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:1d:fe:83:2f:44:79:51:8b:17:78:99:cd:d7:95:33:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Aug  4 15:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d0feb9db80fdeb72200d8f9aa6127dc3293caa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ac:d9:4b:18:28:b6:f5:75:e7:0f:0f:3d:50:
                    fb:7b:fa:79:30:61:44:a1:18:c3:70:4a:c1:0b:77:
                    b6:12:a7:3c:0a:16:ab:b8:a9:e8:96:4c:98:87:1a:
                    fe:cb:46:4a:ab:f0:b2:35:8c:51:c2:67:cb:32:d4:
                    88:b8:e1:62:71:d5:7f:20:56:c3:13:89:af:75:39:
                    e7:27:35:34:74:af:65:95:4f:5e:5c:95:48:4c:4c:
                    d7:f2:c4:e4:a2:33:e7:f5:d1:6f:97:5c:26:3d:23:
                    6c:65:2a:de:10:4d:26:be:f2:c8:be:26:35:c3:9a:
                    56:6a:b0:24:24:02:f5:36:88:38:83:be:17:49:90:
                    b0:c2:39:80:ef:d7:e7:19:26:0c:43:25:01:fc:c2:
                    9e:69:21:0b:20:5c:3f:bb:f3:c2:f9:55:69:f1:7d:
                    ea:7e:40:c9:32:7f:86:ca:97:a2:4d:62:e8:cc:f8:
                    1f:5e:1f:ca:25:f1:64:1d:60:bf:a6:71:6a:bd:ad:
                    2d:e1:f3:69:5d:32:44:de:5e:aa:ed:34:44:79:be:
                    12:3b:7f:9b:b3:11:79:65:95:58:fd:00:0f:56:e5:
                    df:30:a1:8f:2b:3c:10:87:b6:9b:34:56:48:6a:31:
                    7c:bf:f6:17:d2:8d:d5:58:ff:d0:2f:5d:19:6a:b4:
                    fa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0F:EB:9D:B8:0F:DE:B7:22:00:D8:F9:AA:61:27:DC:32:93:CA:A6
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/bQ_rnbgP3rciANj5qmEn3DKTyqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3c:05:cf:be:63:90:61:86:2b:a1:02:16:a3:90:75:48:71:
         04:df:af:74:ba:d9:49:85:a8:44:5f:3b:31:14:9d:79:7b:17:
         08:9c:4b:fb:ec:f1:50:39:a7:1d:ff:fd:96:17:00:4e:d1:f4:
         bd:86:35:e0:53:6f:63:7b:7f:02:9e:06:a6:5d:c3:33:bb:ec:
         2b:55:7b:8f:28:97:9b:7b:82:4c:eb:b2:ca:e8:13:e1:d4:2a:
         8b:45:05:ce:92:2f:1d:ad:83:7d:5f:07:41:04:1b:c1:ad:54:
         74:6e:de:24:b2:25:30:41:58:0f:ac:53:1b:95:38:b3:95:8d:
         19:96:cf:3b:fd:41:42:0d:ef:06:48:47:c1:91:c5:73:aa:ce:
         4f:5f:53:fd:f1:3d:f4:e5:04:b3:9b:0e:ee:9b:50:12:5d:34:
         00:62:2c:5e:98:e8:d1:81:e7:c8:67:54:c1:2b:3d:0d:51:d8:
         0c:0b:1c:e6:95:48:5d:70:43:4e:4d:97:48:9e:c8:2d:bc:73:
         05:1a:18:f8:02:e5:6f:1b:e6:1f:b2:cd:df:23:20:00:cb:b7:
         86:47:58:bb:7d:70:a1:75:79:55:68:95:37:3e:be:72:8d:20:
         58:32:a6:28:56:2c:8c:1a:07:52:d6:c7:c0:4d:f2:02:c8:77:
         b3:49:bc:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEd/oMvRHlRixd4mc3XlTPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwODA0MTUyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBmZWI5ZGI4MGZkZWI3MjIwMGQ4ZjlhYTYxMjdkYzMyOTNjYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0azZSxgotvV15w8PPVD7e/p5MGFE
oRjDcErBC3e2Eqc8CharuKnolkyYhxr+y0ZKq/CyNYxRwmfLMtSIuOFicdV/IFbD
E4mvdTnnJzU0dK9llU9eXJVITEzX8sTkojPn9dFvl1wmPSNsZSreEE0mvvLIviY1
w5pWarAkJAL1Nog4g74XSZCwwjmA79fnGSYMQyUB/MKeaSELIFw/u/PC+VVp8X3q
fkDJMn+GypeiTWLozPgfXh/KJfFkHWC/pnFqva0t4fNpXTJE3l6q7TREeb4SO3+b
sxF5ZZVY/QAPVuXfMKGPKzwQh7abNFZIajF8v/YX0o3VWP/QL10ZarT6iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0P6524D963IgDY+aphJ9wyk8qmMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvYlFfcm5iZ1AzcmNpQU5qNXFtRW4zREtUeXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZqcMA0G
CSqGSIb3DQEBCwUAA4IBAQCNPAXPvmOQYYYroQIWo5B1SHEE3690utlJhahEXzsx
FJ15excInEv77PFQOacd//2WFwBO0fS9hjXgU29je38CngamXcMzu+wrVXuPKJeb
e4JM67LK6BPh1CqLRQXOki8drYN9XwdBBBvBrVR0bt4ksiUwQVgPrFMblTizlY0Z
ls87/UFCDe8GSEfBkcVzqs5PX1P98T305QSzmw7um1ASXTQAYixemOjRgefIZ1TB
Kz0NUdgMCxzmlUhdcENOTZdInsgtvHMFGhj4AuVvG+Yfss3fIyAAy7eGR1i7fXCh
dXlVaJU3Pr5yjSBYMqYoViyMGgdS1sfATfICyHezSbzW
-----END CERTIFICATE-----