Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/od7YW4CFMxGNcnWFi7dXrWT6ooE.roa
File:                     od7YW4CFMxGNcnWFi7dXrWT6ooE.roa (raw, json)
Hash identifier:          tzYe1rVUo8xJqy+IPoZEjKyqdt7TnmVp/gwzU6gZxLE=
Subject key identifier:   A1:DE:D8:5B:80:85:33:11:8D:72:75:85:8B:B7:57:AD:64:FA:A2:81
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0191AE5922B7E9B5FED4CC6A101F2F935F30
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/od7YW4CFMxGNcnWFi7dXrWT6ooE.roa
Signing time:             Sun 01 Sep 2024 16:09:22 +0000
ROA not before:           Sun 01 Sep 2024 16:09:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57529
IP address blocks:        45.132.36.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ae:59:22:b7:e9:b5:fe:d4:cc:6a:10:1f:2f:93:5f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Sep  1 16:09:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1ded85b808533118d7275858bb757ad64faa281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f4:f7:0f:00:53:dc:03:0d:23:97:81:c1:d7:
                    5e:a1:f7:66:3e:11:2a:ff:c5:ca:02:fd:dd:f7:4c:
                    b9:e3:cb:e3:1a:7d:6c:d6:17:0d:22:34:12:d3:3b:
                    c5:32:32:97:fd:af:2b:c5:18:70:23:de:0e:93:3e:
                    5e:da:76:63:e0:f5:b3:fe:15:82:b2:d5:bf:fa:7c:
                    24:6b:26:e5:ae:e8:82:c8:8d:76:ce:da:f6:0f:1b:
                    3d:e7:13:c0:f3:53:a6:6d:e1:f4:cd:b2:2c:25:03:
                    b0:17:cb:0d:06:9e:1f:05:f0:7d:05:60:6f:d3:1d:
                    5e:67:d4:1f:5d:f4:53:91:98:54:10:2d:d6:7c:1a:
                    1e:24:05:93:52:77:74:41:fa:6e:69:78:8b:cf:1f:
                    65:40:3a:f4:25:33:f4:19:cc:af:82:0c:05:9b:a7:
                    2a:b4:e0:30:68:13:7b:f9:fd:04:51:56:c3:6a:cf:
                    1b:3a:06:88:f5:90:03:a3:15:16:c4:5d:6c:36:f6:
                    27:8a:ae:fe:c3:75:a4:27:24:0f:fa:87:74:d0:b8:
                    8f:b0:5e:a4:f9:72:1d:99:78:60:f3:81:8e:d2:61:
                    d2:79:75:e2:5f:a3:6b:8f:3b:55:01:3a:e1:e0:50:
                    70:c0:51:9e:2a:46:73:74:af:6f:8d:55:05:a7:06:
                    de:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:DE:D8:5B:80:85:33:11:8D:72:75:85:8B:B7:57:AD:64:FA:A2:81
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/od7YW4CFMxGNcnWFi7dXrWT6ooE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:43:80:c1:c1:fe:f5:5d:2d:d0:fa:c3:08:13:8d:6a:38:16:
         0f:08:7a:92:68:a2:b8:14:cb:1c:22:c5:07:0f:92:9b:7a:04:
         7b:e7:76:0e:47:dc:9f:b9:7f:20:b8:3f:f0:ff:1c:14:bd:4b:
         77:99:8e:1c:5e:12:f2:da:be:01:97:d1:77:33:e2:e4:31:46:
         18:7d:7c:ac:cc:3e:1c:e2:86:e1:e7:e9:7b:ac:f9:b1:7e:c3:
         73:da:6a:ad:2a:c7:23:fc:22:c5:34:93:c6:d8:63:47:4a:95:
         11:9f:22:a6:48:1f:78:23:3b:9d:28:ef:13:78:72:9e:b7:29:
         03:81:d0:5c:72:61:75:2e:17:cb:ea:7f:93:2d:32:51:d1:cc:
         19:f8:0e:1d:6a:62:4a:ad:06:7e:28:63:8d:3f:04:21:d0:83:
         6b:59:1b:67:e6:dc:c8:ec:24:cf:98:a4:6a:f4:54:33:f6:87:
         78:f5:79:2d:73:83:7a:8b:d9:22:79:2a:92:d7:9f:38:8e:b2:
         4c:8a:17:98:15:0a:02:18:3d:fd:bc:42:9a:60:28:43:da:12:
         97:7d:d1:3e:40:f6:fa:7f:e3:03:16:fb:67:cb:83:21:60:72:
         11:ed:fd:c6:bf:da:cf:75:c1:e8:89:1f:b4:f1:6f:db:ce:15:
         19:9f:60:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGuWSK36bX+1MxqEB8vk18wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwOTAxMTYwOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWRlZDg1YjgwODUzMzExOGQ3Mjc1ODU4YmI3NTdhZDY0ZmFhMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfT3DwBT3AMNI5eBwddeofdmPhEq
/8XKAv3d90y548vjGn1s1hcNIjQS0zvFMjKX/a8rxRhwI94Okz5e2nZj4PWz/hWC
stW/+nwkayblruiCyI12ztr2Dxs95xPA81OmbeH0zbIsJQOwF8sNBp4fBfB9BWBv
0x1eZ9QfXfRTkZhUEC3WfBoeJAWTUnd0QfpuaXiLzx9lQDr0JTP0GcyvggwFm6cq
tOAwaBN7+f0EUVbDas8bOgaI9ZADoxUWxF1sNvYniq7+w3WkJyQP+od00LiPsF6k
+XIdmXhg84GO0mHSeXXiX6NrjztVATrh4FBwwFGeKkZzdK9vjVUFpwbeswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHe2FuAhTMRjXJ1hYu3V61k+qKBMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvb2Q3WVc0Q0ZNeEdOY25XRmk3ZFhyV1Q2b29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYQkMA0G
CSqGSIb3DQEBCwUAA4IBAQBlQ4DBwf71XS3Q+sMIE41qOBYPCHqSaKK4FMscIsUH
D5KbegR753YOR9yfuX8guD/w/xwUvUt3mY4cXhLy2r4Bl9F3M+LkMUYYfXyszD4c
4obh5+l7rPmxfsNz2mqtKscj/CLFNJPG2GNHSpURnyKmSB94IzudKO8TeHKetykD
gdBccmF1LhfL6n+TLTJR0cwZ+A4damJKrQZ+KGONPwQh0INrWRtn5tzI7CTPmKRq
9FQz9od49Xktc4N6i9kieSqS1584jrJMiheYFQoCGD39vEKaYChD2hKXfdE+QPb6
f+MDFvtny4MhYHIR7f3Gv9rPdcHoiR+08W/bzhUZn2BV
-----END CERTIFICATE-----