Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/1-1TG_qMClEODo2IIWP7WsY7zmNo.roa
File:                     1-1TG_qMClEODo2IIWP7WsY7zmNo.roa (raw, json)
Hash identifier:          eeqSjFVaM5j5+q3SAvWxUmpuyRTIcPImAc2lDmJ+HTk=
Subject key identifier:   FB:54:C6:FE:A3:02:94:43:83:A3:62:08:58:FE:D6:B1:8E:F3:98:DA
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       018CC6B8224F3A3455D208FD8D23D40B89F4
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/1-1TG_qMClEODo2IIWP7WsY7zmNo.roa
Signing time:             Mon 01 Jan 2024 20:30:05 +0000
ROA not before:           Mon 01 Jan 2024 20:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213030
IP address blocks:        45.135.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:22:4f:3a:34:55:d2:08:fd:8d:23:d4:0b:89:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jan  1 20:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb54c6fea302944383a3620858fed6b18ef398da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b4:db:49:b8:77:6e:d9:63:8f:36:d9:99:78:
                    59:66:b4:43:c4:0d:3a:13:98:7f:4c:a0:14:17:aa:
                    65:e3:5f:0a:74:1b:ca:36:dd:54:1b:f2:f8:d7:a3:
                    c3:e3:82:77:8c:6c:09:2a:ef:dc:35:0f:3f:a9:33:
                    8a:11:d5:ca:dd:22:13:97:52:81:79:c9:bf:b4:f7:
                    6a:48:0b:b3:f2:f8:bc:09:12:8f:07:83:59:49:11:
                    4f:8f:67:1a:b5:46:3c:3c:68:66:bf:bb:4e:a1:79:
                    5c:9f:ae:9a:9c:a3:ad:0c:d0:b6:fb:4b:61:3a:4c:
                    0a:fa:da:f5:61:0b:f9:56:eb:5f:ed:52:7d:1a:df:
                    43:f8:49:66:8d:27:dc:bb:87:77:e8:84:83:8b:32:
                    40:32:d5:f7:d9:26:ad:a3:ea:38:eb:95:90:a7:c9:
                    cc:b2:7a:38:f1:9b:17:4a:d4:74:0d:67:f9:57:50:
                    cc:d4:b6:17:b6:4c:dc:f0:43:fc:6e:c2:13:37:56:
                    3c:50:53:c1:02:59:2e:c9:1f:22:59:39:c3:10:31:
                    1b:41:72:62:10:45:e9:0c:52:e0:5c:15:90:ab:3f:
                    6b:1c:fe:fe:05:58:be:0b:b6:a7:73:5a:de:5c:79:
                    da:04:7b:25:bc:c6:6e:35:52:73:26:94:61:98:56:
                    2f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:54:C6:FE:A3:02:94:43:83:A3:62:08:58:FE:D6:B1:8E:F3:98:DA
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/1-1TG_qMClEODo2IIWP7WsY7zmNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c7:e5:6f:cb:ee:8b:98:54:df:15:da:65:85:48:88:75:c3:
         8d:58:8a:bd:e0:51:55:27:20:28:54:56:8a:92:c1:e2:8d:4c:
         08:fd:53:6f:5a:c4:98:09:7c:ed:5e:73:c9:86:7d:a8:33:64:
         23:13:a0:08:d7:f6:55:e2:d5:31:68:45:b5:80:04:eb:4b:f9:
         f5:dc:c1:31:1a:c0:22:e7:03:93:37:24:95:11:fd:f1:d2:91:
         3e:57:47:db:e5:7d:d0:9d:97:a2:bd:15:6d:73:23:ca:a0:37:
         56:24:3b:06:1e:07:43:29:b5:f2:3a:4e:f0:bd:ed:41:00:c2:
         df:52:94:52:9d:36:c4:4b:1f:c5:84:4f:95:7f:b6:bf:84:ce:
         46:d8:25:9c:c5:a0:99:c3:96:06:bc:c8:97:33:71:6d:fd:f1:
         15:53:d3:97:50:cc:5c:13:43:aa:48:7b:ac:98:4b:cb:63:39:
         28:da:58:e6:e3:d3:f7:7c:30:3d:c3:0d:11:c6:77:83:5b:28:
         87:a6:f6:20:c2:95:b8:af:b5:10:dc:47:4a:e8:6f:8a:5f:68:
         30:a7:c4:64:82:35:12:48:f7:c8:f7:f9:cd:2f:43:f8:c9:8f:
         41:d8:83:9b:e0:18:f2:ff:23:cc:5d:5b:10:03:ed:f0:5f:d4:
         a4:a7:15:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuCJPOjRV0gj9jSPUC4n0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjQwMTAxMjAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjU0YzZmZWEzMDI5NDQzODNhMzYyMDg1OGZlZDZiMThlZjM5OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbTbSbh3btljjzbZmXhZZrRDxA06
E5h/TKAUF6pl418KdBvKNt1UG/L416PD44J3jGwJKu/cNQ8/qTOKEdXK3SITl1KB
ecm/tPdqSAuz8vi8CRKPB4NZSRFPj2catUY8PGhmv7tOoXlcn66anKOtDNC2+0th
OkwK+tr1YQv5Vutf7VJ9Gt9D+ElmjSfcu4d36ISDizJAMtX32Sato+o465WQp8nM
sno48ZsXStR0DWf5V1DM1LYXtkzc8EP8bsITN1Y8UFPBAlkuyR8iWTnDEDEbQXJi
EEXpDFLgXBWQqz9rHP7+BVi+C7anc1reXHnaBHslvMZuNVJzJpRhmFYvLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtUxv6jApRDg6NiCFj+1rGO85jaMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvMS0xVEdfcU1DbEVPRG8ySUlXUDdXc1k3em1Oby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzkvMjkzYTJmLTM5OTctNDk3Zi05ZWYxLTQ4NTJjOGZmOGFm
Mi8xL2tkREhqRENhUHBuY21yZFBMTndFaElXZWRUQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2HwTAN
BgkqhkiG9w0BAQsFAAOCAQEAH8flb8vui5hU3xXaZYVIiHXDjViKveBRVScgKFRW
ipLB4o1MCP1Tb1rEmAl87V5zyYZ9qDNkIxOgCNf2VeLVMWhFtYAE60v59dzBMRrA
IucDkzcklRH98dKRPldH2+V90J2Xor0VbXMjyqA3ViQ7Bh4HQym18jpO8L3tQQDC
31KUUp02xEsfxYRPlX+2v4TORtglnMWgmcOWBrzIlzNxbf3xFVPTl1DMXBNDqkh7
rJhLy2M5KNpY5uPT93wwPcMNEcZ3g1soh6b2IMKVuK+1ENxHSuhvil9oMKfEZII1
Ekj3yPf5zS9D+MmPQdiDm+AY8v8jzF1bEAPt8F/UpKcVBQ==
-----END CERTIFICATE-----