Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/jwjq0I6Gy0wy32bgbJNmRf2nHac.roa
File:                     jwjq0I6Gy0wy32bgbJNmRf2nHac.roa (raw, json)
Hash identifier:          rv2YaR1rgMLrKrQqb/GmO6NbvO/6bzR/JE1h/x5fqS4=
Subject key identifier:   8F:08:EA:D0:8E:86:CB:4C:32:DF:66:E0:6C:93:66:45:FD:A7:1D:A7
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01920E24D9C52D81AC85F8E3187C61C164A5
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/jwjq0I6Gy0wy32bgbJNmRf2nHac.roa
Signing time:             Fri 20 Sep 2024 06:35:48 +0000
ROA not before:           Fri 20 Sep 2024 06:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        45.157.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0e:24:d9:c5:2d:81:ac:85:f8:e3:18:7c:61:c1:64:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Sep 20 06:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f08ead08e86cb4c32df66e06c936645fda71da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d6:f6:5c:5c:7d:4a:70:3a:2e:b8:ea:08:50:
                    c8:7f:24:1d:79:f2:b6:77:e9:a9:b9:99:39:66:c2:
                    77:93:a3:30:ce:49:b9:34:47:88:77:42:5b:db:00:
                    77:3d:e2:28:5d:66:50:6d:cf:37:f4:25:4f:82:07:
                    c3:76:8c:39:f5:20:0a:96:cb:d9:ca:91:c4:3a:4c:
                    1c:7e:68:03:4c:83:d1:e5:5a:d8:8c:99:09:33:91:
                    61:c8:2e:f9:9a:2d:72:8f:05:3b:12:b5:48:34:c8:
                    3d:e3:32:f3:77:05:82:8d:4b:cd:8e:b8:ec:cc:fd:
                    a9:17:cc:7c:42:3d:c7:16:22:89:bb:5c:2e:5b:36:
                    82:1c:f0:25:0f:22:5e:53:3c:9a:4f:67:ff:3a:f4:
                    64:2a:b7:da:bd:74:f0:dc:f3:07:f8:bc:3b:a8:e1:
                    af:c4:8d:cc:b7:eb:ae:3b:01:a2:a2:a0:1e:db:00:
                    23:4e:dc:ff:9a:02:22:dc:5f:86:6a:f2:69:c8:3f:
                    96:fd:b7:18:58:52:ee:95:b3:e7:1d:84:5d:a3:65:
                    e7:48:96:ef:2c:31:81:5e:c5:0f:e0:af:ba:a7:c5:
                    75:cd:08:55:bb:e4:a7:76:61:bb:bc:bc:c2:d6:ce:
                    e4:da:10:97:df:0e:eb:fe:ae:37:f2:57:c9:59:d4:
                    d8:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:08:EA:D0:8E:86:CB:4C:32:DF:66:E0:6C:93:66:45:FD:A7:1D:A7
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/jwjq0I6Gy0wy32bgbJNmRf2nHac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fc:74:73:ab:5d:b9:e8:4f:75:69:3b:4d:29:09:5f:9e:42:
         b9:e7:47:e8:58:5b:4f:37:2d:ae:b9:c9:26:a9:a8:a7:81:39:
         84:fc:4c:2b:4e:bb:f6:6c:23:c5:d5:35:20:ae:4a:18:5b:c8:
         05:a4:d3:99:cd:10:88:35:16:fc:49:03:ac:9c:f3:fc:13:c3:
         cd:9e:00:36:32:c5:e5:77:d3:63:92:55:31:df:1e:dd:7d:d0:
         68:6d:0d:24:6f:bb:15:ea:14:88:23:a4:26:fc:ca:35:32:38:
         75:b5:aa:4f:7b:5f:66:ca:aa:4b:89:ba:73:b3:fd:00:b4:28:
         77:25:0b:db:42:17:57:47:c0:e8:ec:6b:ee:22:78:0d:a6:25:
         d4:74:f3:3a:b5:71:df:bf:dc:a6:64:ec:5f:17:7c:b0:bb:a9:
         7b:83:af:78:91:11:5b:27:50:9c:15:4e:5c:6b:59:da:d6:4e:
         43:2e:7e:d2:f0:0a:64:72:94:28:5d:22:b4:13:82:47:df:b8:
         45:3e:56:f2:e9:b6:76:4a:48:e2:eb:90:b0:ff:e9:c5:7c:b4:
         7a:c9:a8:b0:09:50:a9:a3:40:c7:c6:78:d1:aa:d6:fc:e7:f5:
         1a:34:04:f7:80:fb:cf:be:80:c9:07:ae:8a:af:5a:56:33:87:
         b9:03:fe:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIOJNnFLYGshfjjGHxhwWSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwOTIwMDYzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjA4ZWFkMDhlODZjYjRjMzJkZjY2ZTA2YzkzNjY0NWZkYTcxZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdb2XFx9SnA6LrjqCFDIfyQdefK2
d+mpuZk5ZsJ3k6Mwzkm5NEeId0Jb2wB3PeIoXWZQbc839CVPggfDdow59SAKlsvZ
ypHEOkwcfmgDTIPR5VrYjJkJM5FhyC75mi1yjwU7ErVINMg94zLzdwWCjUvNjrjs
zP2pF8x8Qj3HFiKJu1wuWzaCHPAlDyJeUzyaT2f/OvRkKrfavXTw3PMH+Lw7qOGv
xI3Mt+uuOwGioqAe2wAjTtz/mgIi3F+GavJpyD+W/bcYWFLulbPnHYRdo2XnSJbv
LDGBXsUP4K+6p8V1zQhVu+SndmG7vLzC1s7k2hCX3w7r/q438lfJWdTYGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8I6tCOhstMMt9m4GyTZkX9px2nMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvandqcTBJNkd5MHd5MzJiZ2JKTm1SZjJuSGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ3QMA0G
CSqGSIb3DQEBCwUAA4IBAQA3/HRzq1256E91aTtNKQlfnkK550foWFtPNy2uuckm
qaingTmE/EwrTrv2bCPF1TUgrkoYW8gFpNOZzRCINRb8SQOsnPP8E8PNngA2MsXl
d9NjklUx3x7dfdBobQ0kb7sV6hSII6Qm/Mo1Mjh1tapPe19myqpLibpzs/0AtCh3
JQvbQhdXR8Do7GvuIngNpiXUdPM6tXHfv9ymZOxfF3ywu6l7g694kRFbJ1CcFU5c
a1na1k5DLn7S8ApkcpQoXSK0E4JH37hFPlby6bZ2Skji65Cw/+nFfLR6yaiwCVCp
o0DHxnjRqtb85/UaNAT3gPvPvoDJB66Kr1pWM4e5A/5V
-----END CERTIFICATE-----