Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/_0QYzos7ynVKnH7lcLu1qY36xrg.roa
File:                     _0QYzos7ynVKnH7lcLu1qY36xrg.roa (raw, json)
Hash identifier:          0xzC7OxTsdTnprRYKtPjnTAZu/n0tE97RpIbcO2C5DE=
Subject key identifier:   FF:44:18:CE:8B:3B:CA:75:4A:9C:7E:E5:70:BB:B5:A9:8D:FA:C6:B8
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0191B305BA3EEDF0D86561F17A456DCE9D26
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/_0QYzos7ynVKnH7lcLu1qY36xrg.roa
Signing time:             Mon 02 Sep 2024 13:56:22 +0000
ROA not before:           Mon 02 Sep 2024 13:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215238
IP address blocks:        45.150.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:05:ba:3e:ed:f0:d8:65:61:f1:7a:45:6d:ce:9d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Sep  2 13:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff4418ce8b3bca754a9c7ee570bbb5a98dfac6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ce:5d:2e:2e:f4:1a:f2:5a:9e:01:2c:ff:6d:
                    9b:bf:13:8f:c6:01:66:ea:99:22:21:f0:81:c7:7b:
                    ad:8b:4f:4e:33:24:16:ab:ef:54:64:6f:22:1c:0c:
                    61:53:a4:a8:cf:1d:18:5c:84:90:f2:0e:c8:2b:40:
                    22:50:c8:13:da:ba:4d:82:1c:76:69:68:21:28:c4:
                    5a:02:3f:c9:4d:4b:3f:72:9e:5a:ae:81:d2:5a:5a:
                    6b:42:2b:bd:47:98:d6:36:9e:ef:90:dd:0b:63:c0:
                    4d:54:b0:83:d6:bd:1f:57:e9:55:71:a0:0e:f3:2d:
                    82:6d:6d:2e:18:af:1e:8e:d7:39:f8:5b:e9:e7:5d:
                    53:12:0f:dd:ac:d2:27:f7:a0:6c:68:42:bb:5f:b8:
                    28:73:7c:b2:9d:3d:ef:49:b0:14:c1:0b:3f:03:f0:
                    98:9e:32:87:d6:69:d9:2e:96:2e:f1:5f:7f:fb:27:
                    97:1e:37:61:72:19:69:42:6c:48:dd:3a:e2:3a:80:
                    46:22:4c:d0:f0:f9:d8:3d:2e:98:d0:12:42:45:8c:
                    fe:f6:94:c2:ba:da:86:9d:d6:71:fd:96:29:bf:40:
                    1e:f8:76:17:f9:9c:ba:73:61:27:81:50:c9:82:dc:
                    4b:c0:c5:4c:b7:97:13:32:f4:b5:4f:d0:26:d8:73:
                    17:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:44:18:CE:8B:3B:CA:75:4A:9C:7E:E5:70:BB:B5:A9:8D:FA:C6:B8
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/_0QYzos7ynVKnH7lcLu1qY36xrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:aa:34:b3:d4:77:f8:ee:1d:7c:79:7e:46:b7:61:99:d3:83:
         42:7d:6d:b2:fe:b1:16:5f:f7:c2:2d:57:72:6b:16:c4:3d:c9:
         a1:01:28:8e:55:55:12:ed:9a:68:36:a6:af:ad:e6:2e:89:3c:
         e9:86:04:44:29:da:75:1a:2d:6b:0b:a9:29:a3:70:f5:9f:c6:
         71:0b:3c:5e:21:44:1a:e6:10:1c:1f:1e:1e:1e:3b:9d:8b:d7:
         7e:8b:d1:30:71:21:ca:8c:c3:59:f8:b1:98:f5:c1:fb:29:56:
         03:af:57:59:4f:3f:50:37:d7:cd:3e:35:28:95:c2:00:c6:bc:
         19:ad:be:93:c3:e2:25:5a:a2:ce:e1:37:10:9e:ab:cc:7a:75:
         00:d9:7b:61:a6:29:a4:54:a8:6b:35:96:0b:32:fb:e9:6a:21:
         10:2f:9e:f7:a8:1e:b6:db:f6:d3:9d:bd:b4:96:14:20:24:23:
         2b:ba:12:d0:4c:c9:7d:5c:1d:e6:c9:e5:cf:c6:b5:b8:b6:d7:
         64:70:ed:e0:18:0a:1c:7f:41:a3:27:4b:54:81:61:38:12:ea:
         c8:aa:ae:f1:14:8a:e2:41:fe:cd:b3:33:73:b2:69:9e:61:f1:
         5e:7e:d3:e6:91:e5:1b:54:77:7f:05:b5:a9:65:9f:ba:1b:41:
         56:ee:1e:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGzBbo+7fDYZWHxekVtzp0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwOTAyMTM1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjQ0MThjZThiM2JjYTc1NGE5YzdlZTU3MGJiYjVhOThkZmFjNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc5dLi70GvJangEs/22bvxOPxgFm
6pkiIfCBx3uti09OMyQWq+9UZG8iHAxhU6Sozx0YXISQ8g7IK0AiUMgT2rpNghx2
aWghKMRaAj/JTUs/cp5aroHSWlprQiu9R5jWNp7vkN0LY8BNVLCD1r0fV+lVcaAO
8y2CbW0uGK8ejtc5+Fvp511TEg/drNIn96BsaEK7X7goc3yynT3vSbAUwQs/A/CY
njKH1mnZLpYu8V9/+yeXHjdhchlpQmxI3TriOoBGIkzQ8PnYPS6Y0BJCRYz+9pTC
utqGndZx/ZYpv0Ae+HYX+Zy6c2EngVDJgtxLwMVMt5cTMvS1T9Am2HMX2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9EGM6LO8p1Spx+5XC7tamN+sa4MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvXzBRWXpvczd5blZLbkg3bGNMdTFxWTM2eHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZaVMA0G
CSqGSIb3DQEBCwUAA4IBAQBZqjSz1Hf47h18eX5Gt2GZ04NCfW2y/rEWX/fCLVdy
axbEPcmhASiOVVUS7ZpoNqavreYuiTzphgREKdp1Gi1rC6kpo3D1n8ZxCzxeIUQa
5hAcHx4eHjudi9d+i9EwcSHKjMNZ+LGY9cH7KVYDr1dZTz9QN9fNPjUolcIAxrwZ
rb6Tw+IlWqLO4TcQnqvMenUA2XthpimkVKhrNZYLMvvpaiEQL573qB622/bTnb20
lhQgJCMruhLQTMl9XB3myeXPxrW4ttdkcO3gGAocf0GjJ0tUgWE4EurIqq7xFIri
Qf7NszNzsmmeYfFeftPmkeUbVHd/BbWpZZ+6G0FW7h5a
-----END CERTIFICATE-----