Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/sEs0h-jXY9aEM0Q6qTUqXt36dG0.roa
File:                     sEs0h-jXY9aEM0Q6qTUqXt36dG0.roa (raw, json)
Hash identifier:          93LSYZLJ7FKowgrEMwBhnd48p5hqv4L/7fqTAc+2H9M=
Subject key identifier:   B0:4B:34:87:E8:D7:63:D6:84:33:44:3A:A9:35:2A:5E:DD:FA:74:6D
Certificate issuer:       /CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
Certificate serial:       0190A6A07F2CC9EF6B7C2E6C35BA1CBB82B2
Authority key identifier: C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/sEs0h-jXY9aEM0Q6qTUqXt36dG0.roa
Signing time:             Fri 12 Jul 2024 11:07:34 +0000
ROA not before:           Fri 12 Jul 2024 11:07:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35732
IP address blocks:        45.84.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:a0:7f:2c:c9:ef:6b:7c:2e:6c:35:ba:1c:bb:82:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
        Validity
            Not Before: Jul 12 11:07:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b04b3487e8d763d68433443aa9352a5eddfa746d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:02:a1:e6:d8:05:98:1b:8f:f7:50:0f:be:78:
                    75:e0:f7:a0:ba:ba:e7:59:e4:08:06:fd:f7:01:09:
                    1d:5e:fd:75:39:69:38:47:ad:9a:37:a6:3b:ca:5e:
                    be:a3:2d:f6:e4:02:33:31:74:e1:98:21:29:d0:3c:
                    22:04:08:b3:7d:fc:89:56:3c:09:bf:83:0e:e9:f8:
                    8a:54:49:6d:31:ce:c6:d9:6f:74:88:b0:e5:28:94:
                    75:9b:a6:93:4f:8c:e3:1c:cc:ce:bc:4d:d3:65:75:
                    cd:30:4b:8f:91:df:67:f8:5f:2b:99:f9:f1:b8:37:
                    ee:34:e1:80:31:8c:0a:bd:b6:73:88:75:bb:66:a4:
                    15:91:bb:be:78:1c:93:e0:2a:fd:9b:ad:06:a6:b8:
                    70:16:75:de:6c:6a:7c:49:ce:e0:bd:6b:73:85:35:
                    d7:b9:40:05:ca:9b:ba:75:2b:79:c8:6a:4a:cd:2b:
                    7c:22:c0:c7:c6:df:3b:4d:16:9d:5f:e3:60:76:4d:
                    be:8d:4c:1c:08:8b:08:82:bb:27:dc:46:61:d2:38:
                    2e:29:10:cc:96:1f:9b:41:4b:e2:12:a3:75:b9:bf:
                    9c:be:c3:44:a7:7f:52:20:6b:2c:ee:a4:b3:74:64:
                    38:fd:b7:7b:d5:30:f7:34:81:5a:d2:f5:d5:07:c6:
                    c9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:4B:34:87:E8:D7:63:D6:84:33:44:3A:A9:35:2A:5E:DD:FA:74:6D
            X509v3 Authority Key Identifier:
                keyid:C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/sEs0h-jXY9aEM0Q6qTUqXt36dG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:41:3c:c5:29:3a:6f:54:b0:0f:50:df:2c:a8:77:31:fa:46:
         99:1b:5a:89:36:b5:03:b1:75:fd:4d:60:b9:01:84:95:8d:ac:
         2e:d0:7a:ef:52:84:50:6f:9c:fa:fb:ec:be:8f:41:80:02:6e:
         e7:0d:29:d6:a5:8c:6a:13:ea:f4:bd:01:49:c7:77:3c:fc:81:
         26:58:1f:f3:f9:f2:bf:c6:1d:15:93:88:d5:1a:4f:f1:bc:a8:
         e3:5c:d7:ac:74:b6:4f:f0:c3:30:54:e5:c2:00:e5:0e:60:28:
         a1:62:1f:ba:d4:16:e0:13:6c:16:44:e9:b0:2c:bd:97:bf:eb:
         7d:f2:a2:af:91:3a:fc:22:27:90:fe:ff:44:1b:53:08:7a:27:
         77:ff:8c:7a:08:04:bf:65:c3:5f:f2:eb:1d:c3:d2:c7:56:7a:
         a3:39:1d:e4:52:64:64:69:81:fc:5a:36:ea:5e:e6:26:72:fe:
         48:73:dc:c8:97:d8:e6:43:d1:df:97:2c:43:e4:36:28:dd:19:
         3b:09:1d:a2:5a:38:3c:f2:d9:34:66:d6:25:dc:18:66:ff:b3:
         25:57:08:9f:37:3f:a9:04:61:c8:c7:82:c7:36:5c:22:4e:07:
         5e:3c:0e:2f:e9:d4:98:a4:fa:d5:a0:88:cc:d8:0e:6a:13:26:
         72:57:16:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCmoH8sye9rfC5sNbocu4KyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3Mzg4MDdhYmI5Y2UxNWI3YTg5MjU5MmI2ZjAwM2YxYTNl
MTZiNjAwHhcNMjQwNzEyMTEwNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDRiMzQ4N2U4ZDc2M2Q2ODQzMzQ0M2FhOTM1MmE1ZWRkZmE3NDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQKh5tgFmBuP91APvnh14Pegurrn
WeQIBv33AQkdXv11OWk4R62aN6Y7yl6+oy325AIzMXThmCEp0DwiBAizffyJVjwJ
v4MO6fiKVEltMc7G2W90iLDlKJR1m6aTT4zjHMzOvE3TZXXNMEuPkd9n+F8rmfnx
uDfuNOGAMYwKvbZziHW7ZqQVkbu+eByT4Cr9m60GprhwFnXebGp8Sc7gvWtzhTXX
uUAFypu6dSt5yGpKzSt8IsDHxt87TRadX+Ngdk2+jUwcCIsIgrsn3EZh0jguKRDM
lh+bQUviEqN1ub+cvsNEp39SIGss7qSzdGQ4/bd71TD3NIFa0vXVB8bJSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBLNIfo12PWhDNEOqk1Kl7d+nRtMB8GA1UdIwQY
MBaAFMc4gHq7nOFbeoklkrbwA/Gj4WtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWIt
M2QxZjMwZTA5MjNiLzEvc0VzMGgtalhZOWFFTTBRNnFUVXFYdDM2ZEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWItM2QxZjMwZTA5MjNi
LzEveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQkMA0G
CSqGSIb3DQEBCwUAA4IBAQARQTzFKTpvVLAPUN8sqHcx+kaZG1qJNrUDsXX9TWC5
AYSVjawu0HrvUoRQb5z6++y+j0GAAm7nDSnWpYxqE+r0vQFJx3c8/IEmWB/z+fK/
xh0Vk4jVGk/xvKjjXNesdLZP8MMwVOXCAOUOYCihYh+61BbgE2wWROmwLL2Xv+t9
8qKvkTr8IieQ/v9EG1MIeid3/4x6CAS/ZcNf8usdw9LHVnqjOR3kUmRkaYH8Wjbq
XuYmcv5Ic9zIl9jmQ9HflyxD5DYo3Rk7CR2iWjg88tk0ZtYl3Bhm/7MlVwifNz+p
BGHIx4LHNlwiTgdePA4v6dSYpPrVoIjM2A5qEyZyVxb1
-----END CERTIFICATE-----