Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/Ahcelz60YCZIwDUlfIn2Bh1Pz5I.roa
File:                     Ahcelz60YCZIwDUlfIn2Bh1Pz5I.roa (raw, json)
Hash identifier:          7aHG+vSULDFAdUSUOb0cHEqdj5p0+gRs3v2v7dMZVoY=
Subject key identifier:   02:17:1E:97:3E:B4:60:26:48:C0:35:25:7C:89:F6:06:1D:4F:CF:92
Certificate issuer:       /CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
Certificate serial:       0190A6A07EE0929F38FD0CA7F9652C5CF14E
Authority key identifier: C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/Ahcelz60YCZIwDUlfIn2Bh1Pz5I.roa
Signing time:             Fri 12 Jul 2024 11:07:34 +0000
ROA not before:           Fri 12 Jul 2024 11:07:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13044
IP address blocks:        45.84.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:a0:7e:e0:92:9f:38:fd:0c:a7:f9:65:2c:5c:f1:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
        Validity
            Not Before: Jul 12 11:07:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02171e973eb4602648c035257c89f6061d4fcf92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:dc:74:e1:8b:2b:77:ee:75:26:4c:c0:20:ea:
                    10:09:ca:7c:d9:cf:57:52:d9:fa:e5:01:7c:b6:67:
                    42:07:a5:82:8a:f0:f4:29:88:cb:6e:59:67:e2:f2:
                    64:64:60:45:c8:98:5e:b5:5c:ed:b5:25:8b:9c:18:
                    31:11:91:42:b3:5e:3a:f0:f0:fe:aa:de:aa:8f:4b:
                    61:26:f2:85:36:5d:9d:4f:71:f4:55:55:34:89:df:
                    b4:26:e3:0f:cf:16:d4:14:6a:3f:58:6d:ba:7c:62:
                    66:17:8a:dc:38:5d:bb:45:4a:41:0f:66:f2:75:e8:
                    f9:a2:20:87:de:c7:f5:b9:8d:8e:56:a7:48:24:61:
                    92:5a:66:79:ec:df:c1:e5:8a:50:26:a4:ac:62:23:
                    74:7d:c2:ef:aa:9f:49:81:69:37:3a:35:a9:7f:28:
                    64:79:a1:7c:e0:62:11:a6:8b:36:c4:fe:f4:b5:25:
                    92:6d:12:5d:99:ab:92:61:39:5d:ba:f0:fb:34:95:
                    14:60:14:f3:cb:dc:50:f4:63:42:c6:d8:a8:71:4d:
                    dd:c2:90:ec:11:83:96:dd:9c:02:a3:2e:83:f4:58:
                    9c:95:8f:1f:70:26:03:4c:9d:1c:45:d2:ac:49:1f:
                    85:6b:01:11:72:63:dd:dc:5e:86:9a:0b:22:51:dc:
                    16:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:17:1E:97:3E:B4:60:26:48:C0:35:25:7C:89:F6:06:1D:4F:CF:92
            X509v3 Authority Key Identifier:
                keyid:C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/Ahcelz60YCZIwDUlfIn2Bh1Pz5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:40:bb:3e:ae:af:d1:4e:71:50:b6:d8:f6:5c:52:6b:70:0b:
         78:80:4c:ab:9f:9a:21:71:38:6d:18:b3:27:d8:a7:a2:51:08:
         dd:a9:ab:f9:90:f2:ca:27:80:55:e6:dc:8a:cc:38:25:46:85:
         fd:06:e0:5a:11:d7:29:0b:2a:f7:49:3b:ad:e2:64:48:ba:bb:
         a2:69:93:27:7d:2b:dd:9b:dd:b9:78:89:40:ab:79:ad:e3:e7:
         3b:2d:62:d0:63:a0:67:5f:74:ee:0c:99:9d:12:5b:59:37:aa:
         af:4c:e2:aa:d9:e3:d0:59:6f:98:b5:64:82:60:25:5b:ab:45:
         75:fc:2e:e0:ec:69:8a:99:27:85:a2:57:91:13:bc:bb:c0:8c:
         6f:02:58:be:2a:1e:e9:0a:45:23:1f:21:d9:15:0f:b4:f5:ad:
         69:7a:cd:93:52:85:e6:b4:49:a9:b2:d4:1b:2d:83:89:14:b9:
         e3:f7:47:28:45:74:25:1c:83:f1:54:e0:6b:8b:69:47:8d:83:
         c8:b6:23:f8:d5:d3:c0:a9:75:6e:93:ca:99:ab:8c:b1:37:55:
         05:5f:af:6d:62:a3:ad:78:75:26:94:50:d7:42:13:9b:34:2a:
         3a:1c:50:67:79:84:9f:38:b3:45:ea:8e:73:3d:8b:79:5b:14:
         93:0d:fe:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCmoH7gkp84/Qyn+WUsXPFOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3Mzg4MDdhYmI5Y2UxNWI3YTg5MjU5MmI2ZjAwM2YxYTNl
MTZiNjAwHhcNMjQwNzEyMTEwNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE3MWU5NzNlYjQ2MDI2NDhjMDM1MjU3Yzg5ZjYwNjFkNGZjZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydx04Ysrd+51JkzAIOoQCcp82c9X
Utn65QF8tmdCB6WCivD0KYjLblln4vJkZGBFyJhetVzttSWLnBgxEZFCs1468PD+
qt6qj0thJvKFNl2dT3H0VVU0id+0JuMPzxbUFGo/WG26fGJmF4rcOF27RUpBD2by
dej5oiCH3sf1uY2OVqdIJGGSWmZ57N/B5YpQJqSsYiN0fcLvqp9JgWk3OjWpfyhk
eaF84GIRpos2xP70tSWSbRJdmauSYTlduvD7NJUUYBTzy9xQ9GNCxtiocU3dwpDs
EYOW3ZwCoy6D9FiclY8fcCYDTJ0cRdKsSR+FawERcmPd3F6GmgsiUdwWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIXHpc+tGAmSMA1JXyJ9gYdT8+SMB8GA1UdIwQY
MBaAFMc4gHq7nOFbeoklkrbwA/Gj4WtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWIt
M2QxZjMwZTA5MjNiLzEvQWhjZWx6NjBZQ1pJd0RVbGZJbjJCaDFQejVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWItM2QxZjMwZTA5MjNi
LzEveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQkMA0G
CSqGSIb3DQEBCwUAA4IBAQCSQLs+rq/RTnFQttj2XFJrcAt4gEyrn5ohcThtGLMn
2KeiUQjdqav5kPLKJ4BV5tyKzDglRoX9BuBaEdcpCyr3STut4mRIuruiaZMnfSvd
m925eIlAq3mt4+c7LWLQY6BnX3TuDJmdEltZN6qvTOKq2ePQWW+YtWSCYCVbq0V1
/C7g7GmKmSeFoleRE7y7wIxvAli+Kh7pCkUjHyHZFQ+09a1pes2TUoXmtEmpstQb
LYOJFLnj90coRXQlHIPxVOBri2lHjYPItiP41dPAqXVuk8qZq4yxN1UFX69tYqOt
eHUmlFDXQhObNCo6HFBneYSfOLNF6o5zPYt5WxSTDf6p
-----END CERTIFICATE-----