Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/okbijPl92A2gQfcda9Af3TDs59M.roa
File:                     okbijPl92A2gQfcda9Af3TDs59M.roa (raw, json)
Hash identifier:          5477R1N8UinxGIK6TccZ1kovjDJshFDep16D7TXB3JA=
Subject key identifier:   A2:46:E2:8C:F9:7D:D8:0D:A0:41:F7:1D:6B:D0:1F:DD:30:EC:E7:D3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0193338762A8B27EF9F3B92D1B4446D0038B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/okbijPl92A2gQfcda9Af3TDs59M.roa
Signing time:             Sat 16 Nov 2024 05:52:10 +0000
ROA not before:           Sat 16 Nov 2024 05:52:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215137
IP address blocks:        45.136.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:33:87:62:a8:b2:7e:f9:f3:b9:2d:1b:44:46:d0:03:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 16 05:52:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a246e28cf97dd80da041f71d6bd01fdd30ece7d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:05:e2:f0:f8:67:60:b2:87:96:b4:43:f7:f3:
                    45:08:9e:8d:96:8f:bd:93:ec:ac:2f:1e:e8:02:f3:
                    10:50:29:1b:0f:79:54:6c:17:ff:f0:63:a4:b9:fe:
                    dd:46:6e:bc:66:14:8b:4d:db:2a:7f:98:bc:f0:6f:
                    45:90:2d:27:ad:8f:0b:72:ca:54:57:58:02:ca:0f:
                    e3:f7:ca:fb:15:71:06:99:ce:7a:f4:ee:89:cf:8a:
                    03:6b:59:e8:b9:d7:c2:3f:fd:7e:f8:25:e2:bf:f1:
                    63:00:2e:87:54:94:63:55:4f:ab:fb:ef:81:c6:28:
                    c0:0e:7f:1b:06:06:f3:49:10:25:65:f4:71:3d:53:
                    86:c0:22:59:32:b7:08:e4:0b:83:f1:ce:55:95:0c:
                    bd:12:7a:24:c4:08:70:f3:96:83:c4:96:01:d6:01:
                    b4:7f:9e:cb:79:55:b3:fe:5c:d6:6e:fe:52:05:01:
                    83:ec:78:96:7f:0d:ed:77:bc:35:c8:25:d3:a0:f3:
                    2c:8f:fe:2e:00:0a:79:ac:42:17:ef:6a:59:60:e5:
                    c6:8e:ba:35:f7:70:f6:7e:c1:5b:cc:ff:1e:56:47:
                    38:f0:80:cb:8d:53:33:c9:ea:da:31:58:33:55:c9:
                    2d:ea:b8:63:30:9a:a8:a8:87:1f:5d:fb:f2:36:92:
                    4c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:46:E2:8C:F9:7D:D8:0D:A0:41:F7:1D:6B:D0:1F:DD:30:EC:E7:D3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/okbijPl92A2gQfcda9Af3TDs59M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:be:69:ae:a2:79:fa:18:89:8a:40:66:84:e1:c0:04:60:36:
         10:89:29:94:56:2b:61:cf:6e:53:fb:ca:b9:20:b5:2d:3c:bd:
         83:f5:ff:8d:4e:54:31:11:ae:82:52:eb:70:88:07:7a:86:5d:
         1c:b9:71:ef:bc:36:bd:6d:c7:b9:f6:ea:c8:d3:94:42:32:ca:
         a3:1d:d3:4a:d3:13:78:1d:5c:86:8c:42:83:95:41:0f:fe:70:
         98:47:99:fa:8b:1d:7a:81:f0:3f:90:26:2b:71:19:36:69:f7:
         78:cb:61:c1:c8:44:ad:f9:da:e1:03:fe:0f:4f:5f:a5:fb:75:
         b5:07:c8:2e:09:b1:ee:59:62:37:3e:b2:c9:91:bb:2b:97:a9:
         1d:86:b9:43:7c:4d:75:e5:bb:27:d2:e7:f8:40:d7:3d:12:60:
         85:2c:74:1e:a6:fd:7c:b7:bb:d3:27:41:0c:01:fc:25:83:61:
         85:06:59:a6:e9:67:ae:22:84:87:6c:33:65:11:fb:f0:ab:a7:
         ed:92:36:a3:3c:b2:88:07:08:2b:c0:96:6e:99:c1:14:46:d0:
         e5:20:a1:71:2d:7a:8d:2e:3b:5a:23:40:df:74:ad:26:ea:f2:
         6a:ef:b7:68:be:66:56:fa:f0:2a:97:8d:5d:b4:00:ff:e1:de:
         c7:f3:b9:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMzh2Kosn7587ktG0RG0AOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTE2MDU1MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ2ZTI4Y2Y5N2RkODBkYTA0MWY3MWQ2YmQwMWZkZDMwZWNlN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQXi8PhnYLKHlrRD9/NFCJ6Nlo+9
k+ysLx7oAvMQUCkbD3lUbBf/8GOkuf7dRm68ZhSLTdsqf5i88G9FkC0nrY8LcspU
V1gCyg/j98r7FXEGmc569O6Jz4oDa1noudfCP/1++CXiv/FjAC6HVJRjVU+r+++B
xijADn8bBgbzSRAlZfRxPVOGwCJZMrcI5AuD8c5VlQy9EnokxAhw85aDxJYB1gG0
f57LeVWz/lzWbv5SBQGD7HiWfw3td7w1yCXToPMsj/4uAAp5rEIX72pZYOXGjro1
93D2fsFbzP8eVkc48IDLjVMzyeraMVgzVckt6rhjMJqoqIcfXfvyNpJMJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJG4oz5fdgNoEH3HWvQH90w7OfTMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb2tiaWpQbDkyQTJnUWZjZGE5QWYzVERzNTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYiKMA0G
CSqGSIb3DQEBCwUAA4IBAQBHvmmuonn6GImKQGaE4cAEYDYQiSmUVithz25T+8q5
ILUtPL2D9f+NTlQxEa6CUutwiAd6hl0cuXHvvDa9bce59urI05RCMsqjHdNK0xN4
HVyGjEKDlUEP/nCYR5n6ix16gfA/kCYrcRk2afd4y2HByESt+drhA/4PT1+l+3W1
B8guCbHuWWI3PrLJkbsrl6kdhrlDfE115bsn0uf4QNc9EmCFLHQepv18t7vTJ0EM
Afwlg2GFBlmm6WeuIoSHbDNlEfvwq6ftkjajPLKIBwgrwJZumcEURtDlIKFxLXqN
LjtaI0DfdK0m6vJq77dovmZW+vAql41dtAD/4d7H87lt
-----END CERTIFICATE-----