Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/H68VeS_VyKZvMfUmoah15zzLvgA.roa
File:                     H68VeS_VyKZvMfUmoah15zzLvgA.roa (raw, json)
Hash identifier:          D5PsfLz0eFMr8vE1yA5C1x5gfSheRyXDa0L5ypu1C8Y=
Subject key identifier:   1F:AF:15:79:2F:D5:C8:A6:6F:31:F5:26:A1:A8:75:E7:3C:CB:BE:00
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0191A395673A6C17EF7837B8227B02759C68
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/H68VeS_VyKZvMfUmoah15zzLvgA.roa
Signing time:             Fri 30 Aug 2024 13:59:23 +0000
ROA not before:           Fri 30 Aug 2024 13:59:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61324
IP address blocks:        45.132.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a3:95:67:3a:6c:17:ef:78:37:b8:22:7b:02:75:9c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Aug 30 13:59:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1faf15792fd5c8a66f31f526a1a875e73ccbbe00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5d:b1:e6:d4:f9:4d:60:fd:4e:50:91:90:2a:
                    cb:79:b7:58:57:f3:2b:e9:8a:1f:a6:4a:9a:87:2b:
                    b0:37:84:99:62:18:a7:e0:28:2c:6a:56:b0:d1:46:
                    1d:30:6f:d2:f5:01:df:33:b2:1f:e9:b7:45:c0:e1:
                    1c:87:df:39:82:84:cd:0c:33:bd:4e:f4:81:d1:3c:
                    e4:a9:4b:e6:b4:b4:33:82:a3:94:3c:2f:5e:19:f0:
                    ff:ed:b4:9c:5a:ad:f8:8a:4c:f0:91:d3:ab:17:b4:
                    52:5c:32:83:d7:87:d6:a0:cf:2b:c7:b6:cd:1b:13:
                    b9:e6:d0:57:90:45:4b:8b:9d:a0:46:c3:23:6a:c0:
                    b7:f2:c2:58:0c:1d:41:a0:39:fd:1f:e3:ff:b6:ad:
                    e9:1d:a3:c3:80:db:17:92:fc:61:73:68:c9:46:07:
                    9e:25:21:33:40:60:08:d1:19:ac:eb:48:a0:d5:f5:
                    cc:cf:3d:a8:5e:d4:34:3d:35:98:a7:20:e2:7a:fd:
                    6c:4c:20:ad:77:e5:04:8b:83:f3:fb:cc:91:d7:60:
                    72:d3:b2:04:0c:b4:56:92:15:5d:5d:90:2d:a6:dc:
                    cf:cd:61:d9:37:11:3b:5d:21:6a:1b:78:ee:88:a9:
                    22:79:12:cc:26:4d:e9:90:5b:a7:85:3f:83:91:a7:
                    34:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AF:15:79:2F:D5:C8:A6:6F:31:F5:26:A1:A8:75:E7:3C:CB:BE:00
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/H68VeS_VyKZvMfUmoah15zzLvgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a1:b0:9f:13:ca:26:91:e3:5c:da:c3:c4:61:2a:e5:85:51:
         26:63:88:28:16:a1:4f:0f:5b:75:23:27:d8:9f:b7:46:19:cd:
         b4:b4:6f:9c:d3:95:22:54:0f:65:d4:47:48:fb:17:a8:2b:f8:
         b1:7c:d2:2b:72:4f:0b:ca:0f:21:3a:c1:26:75:fe:ff:2b:87:
         48:f7:0e:93:68:f5:73:a3:ec:3b:01:39:e0:d0:c8:af:38:ae:
         4d:0a:46:b0:2a:b8:53:b5:6a:8e:ce:34:fd:0d:13:6c:28:70:
         5a:2b:47:a9:df:bb:08:78:00:c5:d6:fa:2a:fb:cc:19:9c:75:
         1c:53:58:26:0d:d4:70:d5:4f:86:6e:b9:15:1a:cf:41:ac:4a:
         04:9a:97:e2:0c:79:69:98:3d:3d:44:3c:65:14:42:91:bd:14:
         1d:d3:1e:04:73:ca:3c:c9:dc:cd:50:9f:0c:dc:7b:00:76:66:
         95:44:81:58:36:b9:1a:45:11:49:98:a7:d7:8a:1c:6e:c6:37:
         f6:05:7e:32:46:43:58:48:4e:ae:16:78:aa:dc:ae:36:69:c2:
         d7:dd:07:8e:01:63:d0:d4:d7:95:f8:b2:6e:2b:a8:e0:6c:78:
         39:72:38:92:53:12:2e:9c:9e:b9:6f:b3:84:4c:c8:a1:b8:dc:
         bc:1a:5e:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGjlWc6bBfveDe4InsCdZxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwODMwMTM1OTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFmMTU3OTJmZDVjOGE2NmYzMWY1MjZhMWE4NzVlNzNjY2JiZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjl2x5tT5TWD9TlCRkCrLebdYV/Mr
6YofpkqahyuwN4SZYhin4Cgsalaw0UYdMG/S9QHfM7If6bdFwOEch985goTNDDO9
TvSB0TzkqUvmtLQzgqOUPC9eGfD/7bScWq34ikzwkdOrF7RSXDKD14fWoM8rx7bN
GxO55tBXkEVLi52gRsMjasC38sJYDB1BoDn9H+P/tq3pHaPDgNsXkvxhc2jJRgee
JSEzQGAI0Rms60ig1fXMzz2oXtQ0PTWYpyDiev1sTCCtd+UEi4Pz+8yR12By07IE
DLRWkhVdXZAtptzPzWHZNxE7XSFqG3juiKkieRLMJk3pkFunhT+Dkac0JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+vFXkv1cimbzH1JqGodec8y74AMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvSDY4VmVTX1Z5S1p2TWZVbW9haDE1enpMdmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYSCMA0G
CSqGSIb3DQEBCwUAA4IBAQBVobCfE8omkeNc2sPEYSrlhVEmY4goFqFPD1t1IyfY
n7dGGc20tG+c05UiVA9l1EdI+xeoK/ixfNIrck8Lyg8hOsEmdf7/K4dI9w6TaPVz
o+w7ATng0MivOK5NCkawKrhTtWqOzjT9DRNsKHBaK0ep37sIeADF1voq+8wZnHUc
U1gmDdRw1U+GbrkVGs9BrEoEmpfiDHlpmD09RDxlFEKRvRQd0x4Ec8o8ydzNUJ8M
3HsAdmaVRIFYNrkaRRFJmKfXihxuxjf2BX4yRkNYSE6uFniq3K42acLX3QeOAWPQ
1NeV+LJuK6jgbHg5cjiSUxIunJ65b7OETMihuNy8Gl70
-----END CERTIFICATE-----