Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/D5sPXTxAF7C_4o7Bt4vlbo_P5TU.roa
File:                     D5sPXTxAF7C_4o7Bt4vlbo_P5TU.roa (raw, json)
Hash identifier:          GSuj11Nqcti2Syrflxs5dx/e6LdTXErsN65n+JcCoME=
Subject key identifier:   0F:9B:0F:5D:3C:40:17:B0:BF:E2:8E:C1:B7:8B:E5:6E:8F:CF:E5:35
Certificate issuer:       /CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
Certificate serial:       0190EFD30DA329C7D6C30686856D79442D94
Authority key identifier: BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/D5sPXTxAF7C_4o7Bt4vlbo_P5TU.roa
Signing time:             Fri 26 Jul 2024 16:15:04 +0000
ROA not before:           Fri 26 Jul 2024 16:15:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.87.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ef:d3:0d:a3:29:c7:d6:c3:06:86:85:6d:79:44:2d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
        Validity
            Not Before: Jul 26 16:15:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f9b0f5d3c4017b0bfe28ec1b78be56e8fcfe535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e9:f8:e3:f6:46:c7:b9:79:98:5e:d6:f7:e7:
                    56:7d:96:42:1a:aa:f8:da:01:39:c8:2e:7a:37:30:
                    0b:8d:58:a7:a2:2a:c0:f5:ea:41:0b:f2:e4:cf:e1:
                    3a:fb:a3:a3:59:f7:1c:3d:1c:35:7a:7d:5e:5a:2e:
                    a5:13:c7:e7:ba:25:b1:ab:f4:fd:6d:ad:b7:7c:f0:
                    de:da:54:54:d8:25:65:ec:73:b2:4d:7b:b5:ca:b7:
                    d9:0e:79:34:53:c6:d5:99:4b:f5:b9:74:33:73:f2:
                    d0:5b:e9:02:c0:b1:48:1a:c6:36:7d:a1:b6:63:3c:
                    3a:7a:a3:56:b3:33:93:c6:90:a1:9a:de:c1:ee:a6:
                    3b:ac:76:d5:a3:41:1f:66:c9:ab:00:71:f6:41:33:
                    2b:99:e3:2b:14:23:f2:f1:c2:4a:7e:06:81:54:76:
                    83:38:4c:d7:e8:6c:ea:ed:75:75:7e:24:8e:d8:27:
                    d4:7e:ec:fc:78:5f:4f:f1:8e:9b:f3:66:d5:7d:46:
                    09:1c:0e:8d:af:92:8d:e3:10:45:d8:72:7f:1a:8e:
                    72:28:73:ea:a1:a4:40:19:17:d1:69:bf:85:8b:c4:
                    01:39:2d:d1:46:08:ac:07:7d:ed:48:b6:57:7a:b0:
                    75:ab:57:90:2a:df:c0:92:16:de:7d:2b:3a:fa:cd:
                    d8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:9B:0F:5D:3C:40:17:B0:BF:E2:8E:C1:B7:8B:E5:6E:8F:CF:E5:35
            X509v3 Authority Key Identifier:
                keyid:BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/D5sPXTxAF7C_4o7Bt4vlbo_P5TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:10:0c:ba:26:f6:f0:62:30:2a:58:75:d0:ae:01:8e:fc:a8:
         f1:5b:1e:6a:e7:00:a8:31:ff:fb:db:69:fe:2f:1c:fa:b9:85:
         ae:63:b8:3f:bf:17:57:18:0e:0f:44:01:03:81:e5:2a:24:da:
         1c:33:05:b1:e0:43:a2:80:ea:99:d1:67:75:6c:b6:ee:a3:24:
         6c:af:2c:34:4e:b3:13:ad:de:29:da:77:78:93:3e:85:bd:6b:
         ad:3a:15:77:68:f3:f4:67:a6:18:25:94:a0:50:ff:01:bf:1f:
         c7:e0:16:f9:4c:46:ca:92:eb:0b:86:51:7b:b6:c3:40:5e:0c:
         fb:45:67:5d:fb:a6:c2:7b:9b:e9:eb:4c:e4:aa:3a:9a:79:4f:
         55:65:45:92:c9:95:04:fb:3e:d7:e9:82:3d:fe:28:09:c7:6c:
         32:70:73:6f:dc:53:d2:98:23:4d:be:06:64:5c:6e:3b:7f:d7:
         b7:3c:67:b1:d6:5a:50:37:1e:6f:88:0d:5c:a6:16:5f:72:f3:
         67:54:1c:95:94:0e:9c:a2:27:1e:e0:70:9e:c3:e5:76:59:5a:
         e2:a4:eb:ba:bb:68:c7:a1:d6:ef:5b:71:d8:8e:72:b4:a0:a1:
         28:3d:a8:30:60:c1:a0:d6:21:4b:07:37:01:33:65:93:e1:98:
         3a:19:42:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDv0w2jKcfWwwaGhW15RC2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNDFhZGRjOWE0ZWVhMjQ2ZDQyZjk4YzdjNzJiMzBiNjhk
NjdhOTcwHhcNMjQwNzI2MTYxNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjliMGY1ZDNjNDAxN2IwYmZlMjhlYzFiNzhiZTU2ZThmY2ZlNTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOn44/ZGx7l5mF7W9+dWfZZCGqr4
2gE5yC56NzALjVinoirA9epBC/Lkz+E6+6OjWfccPRw1en1eWi6lE8fnuiWxq/T9
ba23fPDe2lRU2CVl7HOyTXu1yrfZDnk0U8bVmUv1uXQzc/LQW+kCwLFIGsY2faG2
Yzw6eqNWszOTxpChmt7B7qY7rHbVo0EfZsmrAHH2QTMrmeMrFCPy8cJKfgaBVHaD
OEzX6Gzq7XV1fiSO2CfUfuz8eF9P8Y6b82bVfUYJHA6Nr5KN4xBF2HJ/Go5yKHPq
oaRAGRfRab+Fi8QBOS3RRgisB33tSLZXerB1q1eQKt/AkhbefSs6+s3YSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+bD108QBewv+KOwbeL5W6Pz+U1MB8GA1UdIwQY
MBaAFL9BrdyaTuokbUL5jHxyswto1nqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEt
ZWVhZDUwOGJlNGVlLzEvRDVzUFhUeEFGN0NfNG83QnQ0dmxib19QNVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEtZWVhZDUwOGJlNGVl
LzEvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVdlMA0G
CSqGSIb3DQEBCwUAA4IBAQBCEAy6JvbwYjAqWHXQrgGO/KjxWx5q5wCoMf/722n+
Lxz6uYWuY7g/vxdXGA4PRAEDgeUqJNocMwWx4EOigOqZ0Wd1bLbuoyRsryw0TrMT
rd4p2nd4kz6FvWutOhV3aPP0Z6YYJZSgUP8Bvx/H4Bb5TEbKkusLhlF7tsNAXgz7
RWdd+6bCe5vp60zkqjqaeU9VZUWSyZUE+z7X6YI9/igJx2wycHNv3FPSmCNNvgZk
XG47f9e3PGex1lpQNx5viA1cphZfcvNnVByVlA6coice4HCew+V2WVripOu6u2jH
odbvW3HYjnK0oKEoPagwYMGg1iFLBzcBM2WT4Zg6GUIG
-----END CERTIFICATE-----