Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/sTjvOTbsn_PO8aEAx09eJEQOKno.roa
File:                     sTjvOTbsn_PO8aEAx09eJEQOKno.roa (raw, json)
Hash identifier:          BRe1wHr61fjpNtHnYMgo7vBeCstu67YcnAMUbd0U0bk=
Subject key identifier:   B1:38:EF:39:36:EC:9F:F3:CE:F1:A1:00:C7:4F:5E:24:44:0E:2A:7A
Certificate issuer:       /CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
Certificate serial:       0190081AD68E7696BF608FF9970BBAC59DB1
Authority key identifier: BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/sTjvOTbsn_PO8aEAx09eJEQOKno.roa
Signing time:             Tue 11 Jun 2024 16:21:34 +0000
ROA not before:           Tue 11 Jun 2024 16:21:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147003
IP address blocks:        45.87.102.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:08:1a:d6:8e:76:96:bf:60:8f:f9:97:0b:ba:c5:9d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
        Validity
            Not Before: Jun 11 16:21:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b138ef3936ec9ff3cef1a100c74f5e24440e2a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7f:2e:70:d1:0a:14:24:ed:e0:3e:a4:13:ee:
                    a0:42:ef:29:93:b1:ed:34:cb:2e:97:2c:a3:18:a3:
                    fb:57:d5:cd:64:6a:10:b0:89:47:d3:b1:c2:85:05:
                    77:2b:06:15:fb:d3:9f:70:12:ac:8c:83:5c:3a:4b:
                    a5:0c:8c:2a:24:e6:6d:72:f4:6a:94:fd:39:88:7d:
                    bb:b1:37:eb:ac:dd:37:79:78:48:3c:44:3e:09:1b:
                    20:ba:c7:61:7d:7a:51:61:91:25:7a:d3:7f:3d:89:
                    72:5d:5b:1c:28:97:ca:bf:75:10:0d:a9:6d:e4:6d:
                    f5:64:fc:15:a3:c9:c7:d5:a9:f2:de:7e:8a:44:d0:
                    14:43:6b:45:f8:99:0e:23:32:68:3e:cc:b3:c9:a9:
                    2f:d1:8e:af:a3:63:01:7e:59:bc:f7:20:94:79:6d:
                    93:07:4c:1f:92:88:2c:1e:3f:ec:f8:d7:6d:fb:7e:
                    f4:72:db:2e:aa:b9:49:ba:f9:b4:c6:6b:f5:24:30:
                    d0:af:8b:87:37:7d:9a:21:5e:c6:b5:21:a3:6d:08:
                    8c:ff:ea:cf:a7:1d:09:a8:ad:0f:9a:79:5e:15:08:
                    a1:50:0e:09:cc:cc:4d:f1:bf:82:b6:20:7e:b5:6f:
                    19:9b:c2:52:ff:e5:c3:d7:38:70:a2:fd:67:06:95:
                    37:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:38:EF:39:36:EC:9F:F3:CE:F1:A1:00:C7:4F:5E:24:44:0E:2A:7A
            X509v3 Authority Key Identifier:
                keyid:BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/sTjvOTbsn_PO8aEAx09eJEQOKno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:4d:e2:42:44:5c:05:b9:5d:a9:fd:1e:13:21:04:e1:84:6c:
         b2:5a:02:aa:52:1d:57:71:86:99:91:2e:b7:79:f9:44:c2:3e:
         b0:91:7b:fa:10:d5:79:de:8f:2a:2d:fa:23:c1:9f:6a:8c:11:
         4f:f0:fe:46:02:5f:cc:07:e8:f6:57:4a:f6:44:d7:16:5b:e7:
         63:fc:84:3f:74:91:d2:25:f5:52:2c:b6:56:62:c2:77:03:f0:
         b5:f6:5d:dd:d2:45:ce:6c:a5:91:08:6a:ce:ff:93:01:da:53:
         93:ef:ef:7f:33:88:5a:42:b3:b4:d6:1c:87:40:56:a5:33:1d:
         fb:67:35:b7:43:8e:4d:17:d7:9d:b2:19:78:85:34:8d:3f:4d:
         ac:86:43:77:50:cf:58:2c:d6:2f:a3:f3:72:3e:5f:50:c1:5a:
         15:06:40:d3:8c:22:4b:e3:f4:eb:23:e8:e4:da:08:0e:db:83:
         1c:de:1d:28:59:f2:9f:0a:f3:4c:81:cb:97:41:39:a3:48:9f:
         25:12:0a:9b:45:2f:8a:5f:4b:ff:60:2e:a2:22:f1:36:8a:d5:
         0f:5c:19:6a:36:c3:e1:5a:c5:49:2f:2d:40:22:db:fa:4a:07:
         ed:31:4d:60:e8:b6:8b:fe:57:6d:ef:04:75:6e:6b:c0:7d:b0:
         83:ab:f1:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAIGtaOdpa/YI/5lwu6xZ2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNDFhZGRjOWE0ZWVhMjQ2ZDQyZjk4YzdjNzJiMzBiNjhk
NjdhOTcwHhcNMjQwNjExMTYyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTM4ZWYzOTM2ZWM5ZmYzY2VmMWExMDBjNzRmNWUyNDQ0MGUyYTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlX8ucNEKFCTt4D6kE+6gQu8pk7Ht
NMsulyyjGKP7V9XNZGoQsIlH07HChQV3KwYV+9OfcBKsjINcOkulDIwqJOZtcvRq
lP05iH27sTfrrN03eXhIPEQ+CRsgusdhfXpRYZEletN/PYlyXVscKJfKv3UQDalt
5G31ZPwVo8nH1any3n6KRNAUQ2tF+JkOIzJoPsyzyakv0Y6vo2MBflm89yCUeW2T
B0wfkogsHj/s+Ndt+370ctsuqrlJuvm0xmv1JDDQr4uHN32aIV7GtSGjbQiM/+rP
px0JqK0PmnleFQihUA4JzMxN8b+CtiB+tW8Zm8JS/+XD1zhwov1nBpU36wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLE47zk27J/zzvGhAMdPXiREDip6MB8GA1UdIwQY
MBaAFL9BrdyaTuokbUL5jHxyswto1nqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEt
ZWVhZDUwOGJlNGVlLzEvc1Rqdk9UYnNuX1BPOGFFQXgwOWVKRVFPS25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEtZWVhZDUwOGJlNGVl
LzEvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVdmMA0G
CSqGSIb3DQEBCwUAA4IBAQCOTeJCRFwFuV2p/R4TIQThhGyyWgKqUh1XcYaZkS63
eflEwj6wkXv6ENV53o8qLfojwZ9qjBFP8P5GAl/MB+j2V0r2RNcWW+dj/IQ/dJHS
JfVSLLZWYsJ3A/C19l3d0kXObKWRCGrO/5MB2lOT7+9/M4haQrO01hyHQFalMx37
ZzW3Q45NF9edshl4hTSNP02shkN3UM9YLNYvo/NyPl9QwVoVBkDTjCJL4/TrI+jk
2ggO24Mc3h0oWfKfCvNMgcuXQTmjSJ8lEgqbRS+KX0v/YC6iIvE2itUPXBlqNsPh
WsVJLy1AItv6SgftMU1g6LaL/ldt7wR1bmvAfbCDq/H2
-----END CERTIFICATE-----