Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/v2CyRy475Ck7z-LRsgq02ox6hA4.roa
File:                     v2CyRy475Ck7z-LRsgq02ox6hA4.roa (raw, json)
Hash identifier:          kGb7pxh4aUe0Qd6SECVdke0BCUUNUaeKj/FlEPr2pug=
Subject key identifier:   BF:60:B2:47:2E:3B:E4:29:3B:CF:E2:D1:B2:0A:B4:DA:8C:7A:84:0E
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       01917DBA89EEF14253F79B128FCC4E327BA6
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/v2CyRy475Ck7z-LRsgq02ox6hA4.roa
Signing time:             Fri 23 Aug 2024 05:34:22 +0000
ROA not before:           Fri 23 Aug 2024 05:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22427
IP address blocks:        45.148.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7d:ba:89:ee:f1:42:53:f7:9b:12:8f:cc:4e:32:7b:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Aug 23 05:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf60b2472e3be4293bcfe2d1b20ab4da8c7a840e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:66:8f:69:87:40:41:d4:0a:39:d2:f6:ba:f3:
                    5b:4c:5f:12:fc:a0:b0:2a:42:76:ca:48:4f:38:ed:
                    b1:50:67:49:f5:f1:7c:09:ac:0d:f3:87:4d:bc:bd:
                    bc:cc:9b:78:a0:f5:77:fb:26:c5:b8:88:47:cd:2f:
                    59:84:94:9d:a7:ad:e4:ec:fb:2d:30:83:6b:db:0c:
                    88:cb:5a:d5:54:e2:de:4e:c0:4c:ef:f3:67:b3:4f:
                    81:a1:47:e5:a1:48:a0:e9:dc:26:03:3a:c1:32:df:
                    ff:2a:22:b6:37:60:5d:b4:93:8a:d5:ce:85:c9:66:
                    31:79:79:92:b2:f6:c9:b4:d2:7e:4c:91:c9:3d:83:
                    0f:65:81:74:91:9b:d5:ff:7d:4c:58:5b:89:4b:f6:
                    8e:84:32:56:ac:22:f7:a8:f2:01:4f:f5:66:ce:23:
                    c8:18:5c:91:bd:eb:8f:a7:5f:0a:e6:f5:2d:fb:f4:
                    db:9e:06:61:4f:57:e8:24:d1:19:62:d3:22:7d:f0:
                    66:84:0b:1a:9e:1b:76:8b:cf:41:b3:1a:ec:15:58:
                    a5:c6:7e:8d:7f:55:64:76:bc:98:ec:b0:3e:cb:2b:
                    0f:61:92:39:eb:0a:03:5a:9c:66:7f:eb:b6:71:b5:
                    11:62:c2:c0:2a:f2:9d:8e:e2:48:c3:65:1a:d9:96:
                    06:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:60:B2:47:2E:3B:E4:29:3B:CF:E2:D1:B2:0A:B4:DA:8C:7A:84:0E
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/v2CyRy475Ck7z-LRsgq02ox6hA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:02:25:35:15:d8:26:05:35:3d:f6:61:79:eb:d8:56:88:01:
         d1:a0:75:82:aa:d3:eb:f9:b9:03:37:9a:fe:d3:84:cd:40:61:
         42:26:0f:8e:da:75:c7:ba:37:35:63:cd:dd:66:b6:cd:15:82:
         fc:d7:bb:47:a5:75:21:cc:7f:26:2f:da:2f:14:ef:61:62:dd:
         98:5f:6b:3d:17:50:bb:c9:8c:6a:e1:af:a4:f7:ab:ee:1a:54:
         d1:fe:ed:2d:cb:41:a9:41:20:d1:9a:91:c3:b9:e7:ab:f7:18:
         cd:37:8b:51:f4:63:0f:6c:f1:87:f8:85:e8:00:16:bf:a2:9a:
         10:18:1c:80:4e:ef:9f:af:99:d1:f2:b8:f0:23:41:d3:26:8d:
         ab:33:c3:4e:68:48:da:ba:68:22:50:df:1c:75:fd:df:5f:d3:
         b2:93:ab:5f:e2:5e:90:15:e0:68:85:34:61:65:82:a0:8d:2f:
         71:e2:e0:75:06:bb:4b:9a:d0:aa:70:d8:8c:55:19:ec:7f:a8:
         47:28:b8:6b:c1:a2:c3:45:9d:c6:51:5d:32:7b:d6:9e:91:04:
         c7:72:b9:fd:64:b5:a0:c5:8f:a0:d6:59:42:9f:ba:ef:64:47:
         11:1d:04:28:d9:df:c4:04:62:ef:29:5e:66:30:91:13:53:eb:
         a3:a9:cc:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF9uonu8UJT95sSj8xOMnumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjQwODIzMDUzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjYwYjI0NzJlM2JlNDI5M2JjZmUyZDFiMjBhYjRkYThjN2E4NDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmaPaYdAQdQKOdL2uvNbTF8S/KCw
KkJ2ykhPOO2xUGdJ9fF8CawN84dNvL28zJt4oPV3+ybFuIhHzS9ZhJSdp63k7Pst
MINr2wyIy1rVVOLeTsBM7/Nns0+BoUfloUig6dwmAzrBMt//KiK2N2BdtJOK1c6F
yWYxeXmSsvbJtNJ+TJHJPYMPZYF0kZvV/31MWFuJS/aOhDJWrCL3qPIBT/VmziPI
GFyRveuPp18K5vUt+/TbngZhT1foJNEZYtMiffBmhAsanht2i89BsxrsFVilxn6N
f1VkdryY7LA+yysPYZI56woDWpxmf+u2cbURYsLAKvKdjuJIw2Ua2ZYGBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9gskcuO+QpO8/i0bIKtNqMeoQOMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvdjJDeVJ5NDc1Q2s3ei1MUnNncTAyb3g2aEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSGMA0G
CSqGSIb3DQEBCwUAA4IBAQBcAiU1FdgmBTU99mF569hWiAHRoHWCqtPr+bkDN5r+
04TNQGFCJg+O2nXHujc1Y83dZrbNFYL817tHpXUhzH8mL9ovFO9hYt2YX2s9F1C7
yYxq4a+k96vuGlTR/u0ty0GpQSDRmpHDueer9xjNN4tR9GMPbPGH+IXoABa/opoQ
GByATu+fr5nR8rjwI0HTJo2rM8NOaEjaumgiUN8cdf3fX9Oyk6tf4l6QFeBohTRh
ZYKgjS9x4uB1BrtLmtCqcNiMVRnsf6hHKLhrwaLDRZ3GUV0ye9aekQTHcrn9ZLWg
xY+g1llCn7rvZEcRHQQo2d/EBGLvKV5mMJETU+ujqczA
-----END CERTIFICATE-----