Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/csAmcC-v14yOoOND09fV3bhW6EI.roa
File:                     csAmcC-v14yOoOND09fV3bhW6EI.roa (raw, json)
Hash identifier:          N3ZBl60NwjCmd11l0QKGJguvviIgSPH2ZavJfLESO4Q=
Subject key identifier:   72:C0:26:70:2F:AF:D7:8C:8E:A0:E3:43:D3:D7:D5:DD:B8:56:E8:42
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019317B471404329AFA8E9705FF83656D7D4
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/csAmcC-v14yOoOND09fV3bhW6EI.roa
Signing time:             Sun 10 Nov 2024 20:12:01 +0000
ROA not before:           Sun 10 Nov 2024 20:12:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400395
IP address blocks:        45.155.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:17:b4:71:40:43:29:af:a8:e9:70:5f:f8:36:56:d7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Nov 10 20:12:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72c026702fafd78c8ea0e343d3d7d5ddb856e842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:af:67:4c:2a:32:ba:cb:79:1b:91:5d:03:76:
                    35:dc:f3:c7:bb:be:9c:bd:dd:6f:d7:59:57:c5:b6:
                    e3:8c:97:8e:b0:54:2f:31:dd:ca:0a:65:0e:7c:7d:
                    aa:60:07:7d:a5:8a:18:45:d8:84:67:ca:0d:df:48:
                    36:f9:45:e0:8d:73:66:72:a0:93:5a:2e:04:12:b5:
                    0b:93:d0:42:f1:1b:03:c2:5d:ce:32:a3:65:df:b3:
                    10:87:fb:ee:d3:97:1e:7e:54:3b:37:b0:af:a2:54:
                    fb:7c:7a:48:d7:3c:f2:59:9a:81:a4:c5:ca:2f:43:
                    9f:d9:91:68:f4:d6:1e:c1:f4:cd:03:fb:a4:43:13:
                    91:0c:5d:d6:80:35:fe:48:03:80:21:80:04:16:7b:
                    2a:4f:44:fd:49:97:bd:05:36:d3:c7:f8:8e:b6:c4:
                    b3:4c:0b:40:85:5e:3d:2d:47:6b:9b:b7:a1:4d:0d:
                    e4:77:42:d7:38:ec:62:8f:95:6d:e1:99:f8:43:3f:
                    37:44:5d:3b:8a:0d:15:02:08:44:63:60:4b:34:a0:
                    89:af:aa:26:a5:7d:70:14:40:23:8b:68:1b:86:d6:
                    a3:31:a2:91:3f:75:b9:06:ae:84:e4:2f:b8:39:b0:
                    b9:ea:98:84:7c:39:af:fe:fa:13:23:74:ad:78:f1:
                    92:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C0:26:70:2F:AF:D7:8C:8E:A0:E3:43:D3:D7:D5:DD:B8:56:E8:42
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/csAmcC-v14yOoOND09fV3bhW6EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:2e:08:ca:28:30:e5:25:e9:e2:86:a4:e9:9d:13:10:81:46:
         b3:17:bb:04:91:6f:ba:34:ef:e3:37:91:d0:fb:51:54:c5:a4:
         ce:62:9f:9c:cd:66:60:f1:e1:13:2c:70:dd:68:07:45:ae:29:
         16:74:e2:43:b1:23:8e:c0:dc:c7:67:8c:14:4a:a5:3b:0e:2e:
         cc:54:b8:60:3f:21:e6:c4:34:91:ed:ed:60:1c:e3:a9:ce:27:
         bb:07:8e:0e:3e:4e:8c:4b:09:4e:af:98:be:ac:29:bf:f4:1e:
         3e:5c:af:22:00:95:f6:68:75:47:fa:a6:dd:93:e2:2b:ce:48:
         e1:13:a4:c5:75:0b:ae:e3:c2:4f:81:2f:4a:b6:ba:1f:c2:e6:
         21:f8:5d:fc:03:4f:2d:bb:98:9a:91:c8:3a:12:42:c7:44:5c:
         17:b8:1d:4f:8f:be:1b:58:15:e4:60:cb:17:44:4e:2f:5f:30:
         c2:24:bc:ae:bb:29:ec:5d:39:89:0a:75:80:af:69:21:23:be:
         ba:72:15:fb:e8:5e:ef:13:2b:3a:e6:41:58:f6:5e:9a:87:60:
         b3:85:13:74:6e:30:c6:73:15:d6:0d:7b:04:93:fb:ab:96:b2:
         42:6a:31:1b:9e:bd:f1:27:dc:ab:a3:af:f4:c9:e2:4a:d1:b8:
         42:cd:69:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMXtHFAQymvqOlwX/g2VtfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQxMTEwMjAxMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmMwMjY3MDJmYWZkNzhjOGVhMGUzNDNkM2Q3ZDVkZGI4NTZlODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA269nTCoyust5G5FdA3Y13PPHu76c
vd1v11lXxbbjjJeOsFQvMd3KCmUOfH2qYAd9pYoYRdiEZ8oN30g2+UXgjXNmcqCT
Wi4EErULk9BC8RsDwl3OMqNl37MQh/vu05ceflQ7N7CvolT7fHpI1zzyWZqBpMXK
L0Of2ZFo9NYewfTNA/ukQxORDF3WgDX+SAOAIYAEFnsqT0T9SZe9BTbTx/iOtsSz
TAtAhV49LUdrm7ehTQ3kd0LXOOxij5Vt4Zn4Qz83RF07ig0VAghEY2BLNKCJr6om
pX1wFEAji2gbhtajMaKRP3W5Bq6E5C+4ObC56piEfDmv/voTI3StePGSSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLAJnAvr9eMjqDjQ9PX1d24VuhCMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvY3NBbWNDLXYxNHlPb09ORDA5ZlYzYmhXNkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv/MA0G
CSqGSIb3DQEBCwUAA4IBAQCVLgjKKDDlJenihqTpnRMQgUazF7sEkW+6NO/jN5HQ
+1FUxaTOYp+czWZg8eETLHDdaAdFrikWdOJDsSOOwNzHZ4wUSqU7Di7MVLhgPyHm
xDSR7e1gHOOpzie7B44OPk6MSwlOr5i+rCm/9B4+XK8iAJX2aHVH+qbdk+Irzkjh
E6TFdQuu48JPgS9KtrofwuYh+F38A08tu5iakcg6EkLHRFwXuB1Pj74bWBXkYMsX
RE4vXzDCJLyuuynsXTmJCnWAr2khI766chX76F7vEys65kFY9l6ah2CzhRN0bjDG
cxXWDXsEk/urlrJCajEbnr3xJ9yro6/0yeJK0bhCzWnL
-----END CERTIFICATE-----