Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/rF7mlkHncSMBlfc2fKxKkLQ3jTI.roa
File:                     rF7mlkHncSMBlfc2fKxKkLQ3jTI.roa (raw, json)
Hash identifier:          JsOOz/4MCm01tf/MitrXUu+csypbyE7JvWv6iqQTg5Y=
Subject key identifier:   AC:5E:E6:96:41:E7:71:23:01:95:F7:36:7C:AC:4A:90:B4:37:8D:32
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       01921371A8A7289A5543B839D5991ECD305B
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/rF7mlkHncSMBlfc2fKxKkLQ3jTI.roa
Signing time:             Sat 21 Sep 2024 07:17:48 +0000
ROA not before:           Sat 21 Sep 2024 07:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36113
IP address blocks:        45.141.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:13:71:a8:a7:28:9a:55:43:b8:39:d5:99:1e:cd:30:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Sep 21 07:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac5ee69641e771230195f7367cac4a90b4378d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f3:f4:d4:c9:2f:4c:73:11:55:f2:7c:f5:7d:
                    83:b1:c1:2e:6e:3c:c5:bc:9b:bf:bb:89:5e:d5:07:
                    2b:83:5b:14:ec:72:cf:f7:2f:33:e5:db:95:ee:ff:
                    c8:1c:a9:01:bc:0c:ac:58:aa:a5:24:e9:aa:00:74:
                    41:35:5d:8a:57:7a:c0:03:18:d2:d2:8c:7a:8a:a8:
                    7b:34:f0:49:63:ca:56:81:d0:3d:27:fa:33:a9:f0:
                    35:9e:e8:fa:76:5f:86:c1:4b:c2:9a:93:bd:5a:2e:
                    ad:19:6f:c0:43:82:3a:e0:82:86:bc:14:c1:ac:67:
                    e3:17:de:63:cb:a7:06:a4:e4:e8:0a:c7:39:f3:bf:
                    4e:60:1c:ee:58:e4:6e:45:1f:be:33:6d:30:ac:2e:
                    ab:50:67:3c:4a:f4:1f:00:4b:7c:36:25:18:9b:b2:
                    d0:2d:ff:f0:08:2e:6d:ef:9d:1e:ee:18:2f:02:0c:
                    db:da:f8:17:13:b9:ef:16:79:4b:ea:42:09:b4:43:
                    2b:d9:f5:07:b6:f0:61:75:31:5e:c0:2d:9f:d6:db:
                    92:37:f7:15:c8:84:c2:8c:47:98:92:20:fc:31:80:
                    d2:e0:50:ab:72:f6:36:45:c4:36:51:a4:ba:4e:74:
                    c1:72:ff:b6:08:3e:56:1b:79:13:c0:54:38:5c:02:
                    e0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5E:E6:96:41:E7:71:23:01:95:F7:36:7C:AC:4A:90:B4:37:8D:32
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/rF7mlkHncSMBlfc2fKxKkLQ3jTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:74:6f:55:6e:a0:55:08:e6:6e:38:f3:f5:db:f2:a1:c8:2c:
         29:18:b7:19:56:43:15:56:84:a2:32:1e:b9:10:d1:65:3f:9b:
         fd:e7:7e:d4:d6:ed:c0:f8:d0:38:a3:40:d6:0b:7c:25:31:f8:
         6e:a3:77:c0:1a:94:ec:d4:ad:80:64:2d:44:05:05:6d:d3:bb:
         ab:db:34:c0:78:b2:66:36:f7:16:2a:31:5d:b4:2e:9c:be:a8:
         77:cb:02:29:40:c4:9e:d8:df:b1:7b:a0:6d:c9:9c:31:03:9c:
         f4:a3:e6:4a:14:a1:e2:ac:0d:da:8b:a0:d2:65:2f:c4:a3:76:
         b8:be:67:13:2a:f1:43:9c:d6:aa:de:10:44:4a:75:dc:b8:23:
         14:51:7c:c7:6f:79:57:78:cd:05:36:2e:08:9d:03:c0:f2:e0:
         82:c5:03:57:08:ec:60:41:ae:93:12:bc:1e:11:91:f0:e2:ec:
         fb:30:c6:39:b0:74:9e:f1:41:1a:13:24:fd:ea:97:97:6d:86:
         75:a4:74:21:d0:fe:e4:0d:e4:d0:48:d0:a5:5e:54:f3:ef:e2:
         23:01:b9:e1:21:c9:60:6e:88:57:cd:35:40:29:ed:d9:31:b8:
         6d:ca:0b:e1:43:cf:ce:45:c1:fa:28:54:ce:b7:9d:8a:a8:f1:
         b2:14:0a:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZITcainKJpVQ7g51ZkezTBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwOTIxMDcxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVlZTY5NjQxZTc3MTIzMDE5NWY3MzY3Y2FjNGE5MGI0Mzc4ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvP01MkvTHMRVfJ89X2DscEubjzF
vJu/u4le1Qcrg1sU7HLP9y8z5duV7v/IHKkBvAysWKqlJOmqAHRBNV2KV3rAAxjS
0ox6iqh7NPBJY8pWgdA9J/ozqfA1nuj6dl+GwUvCmpO9Wi6tGW/AQ4I64IKGvBTB
rGfjF95jy6cGpOToCsc5879OYBzuWORuRR++M20wrC6rUGc8SvQfAEt8NiUYm7LQ
Lf/wCC5t750e7hgvAgzb2vgXE7nvFnlL6kIJtEMr2fUHtvBhdTFewC2f1tuSN/cV
yITCjEeYkiD8MYDS4FCrcvY2RcQ2UaS6TnTBcv+2CD5WG3kTwFQ4XALg3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxe5pZB53EjAZX3NnysSpC0N40yMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvckY3bWxrSG5jU01CbGZjMmZLeEtrTFEzalRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY0NMA0G
CSqGSIb3DQEBCwUAA4IBAQAtdG9VbqBVCOZuOPP12/KhyCwpGLcZVkMVVoSiMh65
ENFlP5v9537U1u3A+NA4o0DWC3wlMfhuo3fAGpTs1K2AZC1EBQVt07ur2zTAeLJm
NvcWKjFdtC6cvqh3ywIpQMSe2N+xe6BtyZwxA5z0o+ZKFKHirA3ai6DSZS/Eo3a4
vmcTKvFDnNaq3hBESnXcuCMUUXzHb3lXeM0FNi4InQPA8uCCxQNXCOxgQa6TErwe
EZHw4uz7MMY5sHSe8UEaEyT96peXbYZ1pHQh0P7kDeTQSNClXlTz7+IjAbnhIclg
bohXzTVAKe3ZMbhtygvhQ8/ORcH6KFTOt52KqPGyFApu
-----END CERTIFICATE-----