Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/sPzrLcAL-KLzAKbTEfCpnzRb-b8.roa
File:                     sPzrLcAL-KLzAKbTEfCpnzRb-b8.roa (raw, json)
Hash identifier:          9lvzP2BJR5eA2J0QYtAQhT3JsyZEWai1CwjfycIKKU8=
Subject key identifier:   B0:FC:EB:2D:C0:0B:F8:A2:F3:00:A6:D3:11:F0:A9:9F:34:5B:F9:BF
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018E190C9EF3DA7153B2947252DB71CA3F4A
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/sPzrLcAL-KLzAKbTEfCpnzRb-b8.roa
Signing time:             Thu 07 Mar 2024 13:14:01 +0000
ROA not before:           Thu 07 Mar 2024 13:14:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        45.11.188.0/24 maxlen: 24
                          188.209.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:0c:9e:f3:da:71:53:b2:94:72:52:db:71:ca:3f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Mar  7 13:14:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0fceb2dc00bf8a2f300a6d311f0a99f345bf9bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1b:93:2b:2a:0b:93:da:01:83:39:62:ee:ae:
                    dc:cb:f1:ad:db:34:9b:06:e2:fe:40:a5:24:2e:dc:
                    c3:0c:b4:50:fe:ee:2b:6d:df:f6:c4:d1:cf:93:38:
                    f0:7e:24:4d:69:d7:8b:52:55:73:c1:30:74:88:1c:
                    a3:44:62:f4:45:02:4c:47:2e:23:c2:aa:ec:58:ac:
                    b0:cf:a0:be:60:52:69:c5:5f:ca:6b:0b:30:34:89:
                    0d:d6:65:13:35:28:a7:b2:58:d8:5f:5c:83:7d:de:
                    72:be:0b:f5:47:a1:12:f2:2f:45:6e:e0:d5:d3:60:
                    ee:b1:18:fa:f1:77:df:ba:d6:6f:3e:cc:af:ba:40:
                    ba:2d:2d:4b:25:95:55:fa:0a:41:60:1a:7a:c1:44:
                    6a:14:37:c5:55:a7:f0:d1:05:ba:ae:bd:1d:2f:45:
                    b3:8a:ef:f5:22:5e:e5:50:0c:3d:b0:f8:b4:e7:ce:
                    a8:7f:48:c3:31:3a:2d:36:d5:b0:d8:8c:5a:68:fa:
                    fb:83:0b:fb:6b:86:9f:b8:3e:fb:0b:a4:16:cc:da:
                    74:c0:32:82:3a:e5:fa:06:58:b7:fb:3f:61:f8:b6:
                    fe:c1:fc:4d:9a:7e:aa:ad:4f:88:3c:fc:b9:59:d2:
                    d6:4e:34:c2:ab:e8:bf:be:3e:9d:21:c9:02:ec:49:
                    6a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:FC:EB:2D:C0:0B:F8:A2:F3:00:A6:D3:11:F0:A9:9F:34:5B:F9:BF
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/sPzrLcAL-KLzAKbTEfCpnzRb-b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.188.0/24
                  188.209.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2e:52:14:5a:36:20:16:8a:92:43:27:28:7a:28:5b:ec:38:
         dc:e6:cf:f1:48:e4:fd:19:7c:24:54:66:46:64:fc:7d:14:d2:
         24:54:df:dd:f0:22:08:ac:cc:70:87:fc:ec:c3:49:1f:00:00:
         34:1c:3b:0b:85:05:67:cc:1b:88:74:0b:f7:19:fc:fd:75:51:
         39:89:78:93:f7:8e:91:27:46:ec:4a:cd:9c:7a:48:1e:b6:a4:
         2a:66:78:d1:64:51:e6:19:13:6d:da:8a:ec:ca:35:30:53:c0:
         ad:fe:eb:3a:ce:96:78:f2:98:b2:32:cb:df:22:37:b7:69:eb:
         2b:b2:0d:d3:d5:37:1e:8e:b7:68:c2:e7:df:d5:6a:8c:9a:64:
         f6:48:cc:8d:5f:f9:23:a9:c3:64:71:25:e4:f7:7b:a7:88:62:
         5b:b1:be:1f:05:11:7d:c3:6b:06:f7:c5:77:45:f9:76:ca:f8:
         8c:81:cf:cb:38:c1:4f:c7:f6:9a:b0:86:d5:ee:41:56:37:b4:
         38:2c:ed:a2:55:5b:f2:af:35:e8:85:1e:ce:a8:47:fa:1d:19:
         98:9e:d4:83:d2:2f:52:37:19:33:e2:03:c9:0b:02:cc:ea:46:
         2c:5c:05:3a:1d:46:6b:8f:64:41:c4:53:f5:b1:cd:8c:9b:bd:
         df:2d:89:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4ZDJ7z2nFTspRyUttxyj9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMzA3MTMxNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGZjZWIyZGMwMGJmOGEyZjMwMGE2ZDMxMWYwYTk5ZjM0NWJmOWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRuTKyoLk9oBgzli7q7cy/Gt2zSb
BuL+QKUkLtzDDLRQ/u4rbd/2xNHPkzjwfiRNadeLUlVzwTB0iByjRGL0RQJMRy4j
wqrsWKywz6C+YFJpxV/KawswNIkN1mUTNSinsljYX1yDfd5yvgv1R6ES8i9FbuDV
02DusRj68XffutZvPsyvukC6LS1LJZVV+gpBYBp6wURqFDfFVafw0QW6rr0dL0Wz
iu/1Il7lUAw9sPi0586of0jDMTotNtWw2IxaaPr7gwv7a4afuD77C6QWzNp0wDKC
OuX6Bli3+z9h+Lb+wfxNmn6qrU+IPPy5WdLWTjTCq+i/vj6dIckC7ElqbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLD86y3AC/ii8wCm0xHwqZ80W/m/MB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvc1B6ckxjQUwtS0x6QUtiVEVmQ3BuelJiLWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQu8AwQA
vNGKMA0GCSqGSIb3DQEBCwUAA4IBAQA6LlIUWjYgFoqSQycoeihb7Djc5s/xSOT9
GXwkVGZGZPx9FNIkVN/d8CIIrMxwh/zsw0kfAAA0HDsLhQVnzBuIdAv3Gfz9dVE5
iXiT946RJ0bsSs2cekgetqQqZnjRZFHmGRNt2orsyjUwU8Ct/us6zpZ48piyMsvf
Ije3aesrsg3T1Tcejrdowuff1WqMmmT2SMyNX/kjqcNkcSXk93uniGJbsb4fBRF9
w2sG98V3Rfl2yviMgc/LOMFPx/aasIbV7kFWN7Q4LO2iVVvyrzXohR7OqEf6HRmY
ntSD0i9SNxkz4gPJCwLM6kYsXAU6HUZrj2RBxFP1sc2Mm73fLYlC
-----END CERTIFICATE-----