Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/PpruNs8ZjrCuJK5q-riYWWudX54.roa
File:                     PpruNs8ZjrCuJK5q-riYWWudX54.roa (raw, json)
Hash identifier:          0PwrKnnAPHTkDrOjoeKdN6wDGL+i9vMqpKpCBeyRFE4=
Subject key identifier:   3E:9A:EE:36:CF:19:8E:B0:AE:24:AE:6A:FA:B8:98:59:6B:9D:5F:9E
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01914A42D734DE386CE5E97739E37688A15A
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/PpruNs8ZjrCuJK5q-riYWWudX54.roa
Signing time:             Tue 13 Aug 2024 05:42:59 +0000
ROA not before:           Tue 13 Aug 2024 05:42:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        45.155.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4a:42:d7:34:de:38:6c:e5:e9:77:39:e3:76:88:a1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Aug 13 05:42:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e9aee36cf198eb0ae24ae6afab898596b9d5f9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:42:62:ea:ad:04:8e:c3:42:ae:ee:ed:b9:c9:
                    b9:46:25:f0:ad:60:b0:05:32:a3:aa:78:1a:c0:5a:
                    e6:e0:a1:27:2f:cf:c7:56:d8:81:1c:77:36:ee:2f:
                    f9:ac:e7:c9:92:64:95:23:1c:f4:78:54:0e:b7:5a:
                    5c:9f:61:7d:66:09:ec:11:7f:7c:ad:4a:eb:d0:07:
                    3c:de:2a:29:66:ef:42:8f:5b:71:ff:24:e6:02:ac:
                    bf:dc:ed:c3:bc:f5:f7:03:97:3e:10:40:7f:81:e9:
                    e2:a4:23:98:78:0e:a3:35:26:8b:c8:d0:49:e3:7b:
                    c8:ce:60:33:d5:b8:7b:66:f3:f3:4a:39:37:fa:83:
                    93:e1:e2:a3:ff:d6:84:69:db:63:63:d0:f5:e1:b2:
                    39:f4:0c:d1:56:c8:bb:9b:c8:ca:8d:59:bb:4a:70:
                    f7:6e:ab:3b:a3:f7:3a:dc:98:63:79:56:1a:a0:34:
                    e7:4e:b5:16:6e:7c:2d:d7:f1:f2:60:78:03:56:97:
                    7d:b5:85:a7:09:87:9d:9a:03:17:ed:89:7e:2f:0a:
                    f4:66:a7:e2:a1:cd:89:ce:67:08:e0:df:7d:4a:62:
                    24:07:c8:42:be:c6:2d:89:3f:4a:79:a7:b6:3e:cc:
                    68:42:f7:ba:d4:44:4e:fc:b8:1f:7e:43:da:1a:21:
                    54:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9A:EE:36:CF:19:8E:B0:AE:24:AE:6A:FA:B8:98:59:6B:9D:5F:9E
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/PpruNs8ZjrCuJK5q-riYWWudX54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:46:c4:3c:5d:d1:a6:4b:55:05:51:ea:4d:bd:fb:e0:c0:94:
         7a:e0:e7:b9:f1:52:2b:d6:4f:46:48:1b:6a:40:45:08:bf:d3:
         9d:46:33:01:46:96:8e:68:15:41:ef:df:f9:f9:da:da:da:90:
         9d:82:5a:f6:02:4d:49:52:6a:8f:05:20:0b:bd:8e:d5:97:5d:
         49:44:72:0e:39:9a:6c:9d:ed:3c:da:ce:a5:6b:98:7d:0c:9f:
         ba:23:52:8e:e6:90:57:db:e9:6f:d8:07:0a:87:6f:93:e3:63:
         82:97:42:26:a8:f2:8f:a6:b7:d1:c7:e5:de:44:ab:32:4a:6e:
         fc:06:f3:54:a8:c3:21:f2:8a:8d:2c:a9:d0:a3:43:b2:96:4c:
         32:fa:95:d1:57:40:20:6b:bd:ec:09:5f:e1:50:06:bb:0f:d1:
         53:cf:43:49:a6:18:93:5d:de:34:18:4e:f9:59:ac:d5:3c:1d:
         1e:63:95:4b:1d:41:01:98:51:0f:d3:e1:b4:ae:3b:c3:f7:0d:
         d6:23:88:76:6e:09:e4:52:1e:5e:41:8f:82:02:17:e5:f8:88:
         59:fe:8b:d7:e6:9e:1d:f2:4b:55:e0:eb:5d:dc:e6:1b:43:17:
         d1:f6:a7:58:71:70:15:7b:ec:54:9d:40:59:f8:73:4e:10:db:
         65:fe:0c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFKQtc03jhs5el3OeN2iKFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwODEzMDU0MjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTlhZWUzNmNmMTk4ZWIwYWUyNGFlNmFmYWI4OTg1OTZiOWQ1ZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEJi6q0EjsNCru7tucm5RiXwrWCw
BTKjqngawFrm4KEnL8/HVtiBHHc27i/5rOfJkmSVIxz0eFQOt1pcn2F9ZgnsEX98
rUrr0Ac83iopZu9Cj1tx/yTmAqy/3O3DvPX3A5c+EEB/genipCOYeA6jNSaLyNBJ
43vIzmAz1bh7ZvPzSjk3+oOT4eKj/9aEadtjY9D14bI59AzRVsi7m8jKjVm7SnD3
bqs7o/c63JhjeVYaoDTnTrUWbnwt1/HyYHgDVpd9tYWnCYedmgMX7Yl+Lwr0Zqfi
oc2JzmcI4N99SmIkB8hCvsYtiT9Keae2PsxoQve61ERO/LgffkPaGiFUkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6a7jbPGY6wriSuavq4mFlrnV+eMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvUHBydU5zOFpqckN1Sks1cS1yaVlXV3VkWDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv9MA0G
CSqGSIb3DQEBCwUAA4IBAQDDRsQ8XdGmS1UFUepNvfvgwJR64Oe58VIr1k9GSBtq
QEUIv9OdRjMBRpaOaBVB79/5+dra2pCdglr2Ak1JUmqPBSALvY7Vl11JRHIOOZps
ne082s6la5h9DJ+6I1KO5pBX2+lv2AcKh2+T42OCl0ImqPKPprfRx+XeRKsySm78
BvNUqMMh8oqNLKnQo0Oylkwy+pXRV0Aga73sCV/hUAa7D9FTz0NJphiTXd40GE75
WazVPB0eY5VLHUEBmFEP0+G0rjvD9w3WI4h2bgnkUh5eQY+CAhfl+IhZ/ovX5p4d
8ktV4Otd3OYbQxfR9qdYcXAVe+xUnUBZ+HNOENtl/gxb
-----END CERTIFICATE-----