Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/Dufyk__ztvQ_zIYPO4_dTXTdsu0.roa
File:                     Dufyk__ztvQ_zIYPO4_dTXTdsu0.roa (raw, json)
Hash identifier:          1Cmm/CrQovMHQ4KqKsNZRNP784G7x+x/rs8KACQl8+s=
Subject key identifier:   0E:E7:F2:93:FF:F3:B6:F4:3F:CC:86:0F:3B:8F:DD:4D:74:DD:B2:ED
Certificate issuer:       /CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
Certificate serial:       0190D8CE55428B5DA7CC49FAF57A08AF2A63
Authority key identifier: BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/Dufyk__ztvQ_zIYPO4_dTXTdsu0.roa
Signing time:             Mon 22 Jul 2024 04:58:39 +0000
ROA not before:           Mon 22 Jul 2024 04:58:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        45.87.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d8:ce:55:42:8b:5d:a7:cc:49:fa:f5:7a:08:af:2a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
        Validity
            Not Before: Jul 22 04:58:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ee7f293fff3b6f43fcc860f3b8fdd4d74ddb2ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c6:43:72:7d:b0:1b:a8:11:60:a4:2d:a8:00:
                    27:87:86:db:d9:d7:48:25:b1:2f:14:5d:13:e0:91:
                    e0:d7:f9:02:83:c5:64:cc:24:71:b2:f4:72:c4:d2:
                    d2:59:cc:a8:f8:95:e2:a8:36:69:92:9a:19:44:6b:
                    17:bf:ac:c0:b7:b3:92:d9:2a:28:ab:00:63:ef:0a:
                    0b:1b:21:b3:6e:81:76:b7:e0:c6:5a:1d:83:d6:a4:
                    d6:57:ca:cc:62:a6:54:ba:ec:75:63:39:3a:a3:af:
                    db:c4:0a:77:2f:af:df:91:c9:22:4e:81:49:e8:a7:
                    76:a7:e0:4e:11:2d:54:6c:4c:56:97:9c:0d:e4:0a:
                    31:59:a3:d5:0d:a2:48:e2:64:3d:8a:44:6f:bb:59:
                    21:59:63:6c:b6:63:73:d7:63:47:18:e8:71:ea:07:
                    be:7e:17:8d:a7:de:a8:7d:81:14:b8:34:f7:cb:f8:
                    22:b4:79:3b:f2:e4:69:a8:54:ac:d5:3b:a3:44:b8:
                    42:62:68:d4:9d:37:e1:9e:7f:19:28:e0:4f:fd:89:
                    d9:e4:32:78:fc:49:89:d1:8d:b7:20:29:85:b5:9a:
                    36:f2:50:64:87:b0:7a:f4:2b:de:fd:d6:70:d1:5e:
                    a4:e1:cb:31:14:ca:1e:78:03:f6:36:a9:21:f4:a0:
                    eb:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E7:F2:93:FF:F3:B6:F4:3F:CC:86:0F:3B:8F:DD:4D:74:DD:B2:ED
            X509v3 Authority Key Identifier:
                keyid:BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/Dufyk__ztvQ_zIYPO4_dTXTdsu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:26:ef:55:99:11:6b:2b:33:69:6a:b7:1d:98:b5:45:e4:29:
         12:39:1b:1f:c1:4d:5b:ff:b5:5b:de:50:ba:d1:e4:27:67:a2:
         ae:95:06:a5:46:f1:bf:82:00:94:52:00:90:c2:4d:4d:fa:43:
         0d:cb:e1:91:1a:fd:e5:47:d9:b7:4a:d3:c0:22:57:35:71:bb:
         51:4b:07:55:d1:a7:a5:d2:df:c8:2a:54:6b:58:b2:31:51:17:
         9c:33:59:18:7e:60:36:f5:f3:75:e5:05:8a:f2:e8:c9:ea:0a:
         01:83:cf:55:3a:61:b6:cc:ab:64:46:bd:f9:0d:ce:06:0f:95:
         5a:d1:68:bd:7c:41:68:58:43:a2:c1:83:2d:90:b8:68:ad:c3:
         04:47:2e:cd:35:00:bb:84:df:33:18:ae:00:7f:69:8a:ea:e7:
         c5:05:d8:9e:d7:4f:1a:4e:1d:2a:82:8f:2e:30:98:fb:c2:0a:
         44:dc:5f:94:2d:28:e9:99:04:87:ee:da:c9:ce:2a:17:4c:62:
         16:6f:f4:3c:76:1e:a8:5d:6a:e8:19:2d:8a:13:a4:80:e2:4c:
         aa:84:60:c6:fb:1a:42:b7:b4:5b:97:b6:63:fd:a2:d0:7b:38:
         ec:6f:7c:59:22:cf:66:2c:97:8a:aa:dc:99:d9:26:e7:86:4b:
         1a:f7:85:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDYzlVCi12nzEn69XoIrypjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNDFhZGRjOWE0ZWVhMjQ2ZDQyZjk4YzdjNzJiMzBiNjhk
NjdhOTcwHhcNMjQwNzIyMDQ1ODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU3ZjI5M2ZmZjNiNmY0M2ZjYzg2MGYzYjhmZGQ0ZDc0ZGRiMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8ZDcn2wG6gRYKQtqAAnh4bb2ddI
JbEvFF0T4JHg1/kCg8VkzCRxsvRyxNLSWcyo+JXiqDZpkpoZRGsXv6zAt7OS2Soo
qwBj7woLGyGzboF2t+DGWh2D1qTWV8rMYqZUuux1Yzk6o6/bxAp3L6/fkckiToFJ
6Kd2p+BOES1UbExWl5wN5AoxWaPVDaJI4mQ9ikRvu1khWWNstmNz12NHGOhx6ge+
fheNp96ofYEUuDT3y/gitHk78uRpqFSs1TujRLhCYmjUnTfhnn8ZKOBP/YnZ5DJ4
/EmJ0Y23ICmFtZo28lBkh7B69Cve/dZw0V6k4csxFMoeeAP2Nqkh9KDrpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7n8pP/87b0P8yGDzuP3U103bLtMB8GA1UdIwQY
MBaAFL9BrdyaTuokbUL5jHxyswto1nqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEt
ZWVhZDUwOGJlNGVlLzEvRHVmeWtfX3p0dlFfeklZUE80X2RUWFRkc3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEtZWVhZDUwOGJlNGVl
LzEvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVdkMA0G
CSqGSIb3DQEBCwUAA4IBAQBQJu9VmRFrKzNparcdmLVF5CkSORsfwU1b/7Vb3lC6
0eQnZ6KulQalRvG/ggCUUgCQwk1N+kMNy+GRGv3lR9m3StPAIlc1cbtRSwdV0ael
0t/IKlRrWLIxURecM1kYfmA29fN15QWK8ujJ6goBg89VOmG2zKtkRr35Dc4GD5Va
0Wi9fEFoWEOiwYMtkLhorcMERy7NNQC7hN8zGK4Af2mK6ufFBdie108aTh0qgo8u
MJj7wgpE3F+ULSjpmQSH7trJzioXTGIWb/Q8dh6oXWroGS2KE6SA4kyqhGDG+xpC
t7Rbl7Zj/aLQezjsb3xZIs9mLJeKqtyZ2Sbnhksa94U+
-----END CERTIFICATE-----