Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/_DG_Xvgb_MRVRNJEk9pb5bxoEK8.roa
File:                     _DG_Xvgb_MRVRNJEk9pb5bxoEK8.roa (raw, json)
Hash identifier:          NzQns4axxXAQfqcuX3UszDPnGUyopwkSWA+VkJvlg18=
Subject key identifier:   FC:31:BF:5E:F8:1B:FC:C4:55:44:D2:44:93:DA:5B:E5:BC:68:10:AF
Certificate issuer:       /CN=452e7d87922129df90c4870da2a7738404724858
Certificate serial:       01905F4690F74DB39F8BE9DCFB47E4056B26
Authority key identifier: 45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/_DG_Xvgb_MRVRNJEk9pb5bxoEK8.roa
Signing time:             Fri 28 Jun 2024 14:36:18 +0000
ROA not before:           Fri 28 Jun 2024 14:36:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.34.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:46:90:f7:4d:b3:9f:8b:e9:dc:fb:47:e4:05:6b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=452e7d87922129df90c4870da2a7738404724858
        Validity
            Not Before: Jun 28 14:36:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc31bf5ef81bfcc45544d24493da5be5bc6810af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ab:4e:71:e5:ab:92:ac:6f:d0:9e:fd:da:f5:
                    d6:ff:4d:eb:4e:2a:0e:c2:76:8b:6e:75:07:8f:2e:
                    42:70:37:c7:bd:91:08:ab:02:59:0e:a2:c7:99:f5:
                    69:3a:35:71:06:80:54:73:3c:19:7a:25:1b:c0:ab:
                    bb:ed:1c:6e:2d:ff:a6:43:bd:2f:a6:6e:d4:82:6e:
                    23:d7:b9:cc:c0:0c:c1:f9:16:b1:81:49:be:25:c5:
                    97:52:52:da:5c:1e:98:28:6d:e8:8d:b4:9d:80:66:
                    5b:2b:9c:fc:de:15:fa:3b:bb:ba:09:25:c8:b4:dc:
                    23:61:be:59:9e:72:ce:18:e2:c1:59:1b:8e:b9:d0:
                    73:04:58:9a:40:b1:83:ff:5d:0c:7a:1c:00:52:70:
                    ee:47:be:d0:89:46:a1:37:bd:24:ec:50:7e:c3:86:
                    02:3d:09:2a:5e:79:40:92:20:8b:b2:2d:31:67:0d:
                    51:93:69:bc:4f:36:0f:fd:39:19:b5:ec:62:e1:0c:
                    cc:1c:2d:8d:93:13:19:11:9b:63:a6:ab:ad:4d:6e:
                    cb:f2:87:26:36:50:6d:a3:3e:bc:4b:85:56:2d:61:
                    cd:03:97:75:02:0d:e1:92:48:01:02:17:2f:31:31:
                    0d:4b:9d:14:92:37:67:3b:b3:12:1f:fb:d9:6c:6f:
                    b5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:31:BF:5E:F8:1B:FC:C4:55:44:D2:44:93:DA:5B:E5:BC:68:10:AF
            X509v3 Authority Key Identifier:
                keyid:45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/_DG_Xvgb_MRVRNJEk9pb5bxoEK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ad:3b:5c:02:4c:1a:9c:0d:37:03:e3:c7:7a:cd:8d:24:7d:
         6e:27:cc:fb:9d:98:d0:5f:56:24:72:54:f9:e0:a1:cc:71:9e:
         81:3a:7c:c4:fe:e5:26:84:55:e3:74:4a:52:7d:b3:9a:4f:30:
         ee:90:b0:41:60:a6:37:42:db:fb:b7:34:e9:d0:7b:fb:49:ab:
         2d:01:3f:54:74:77:20:9c:3b:29:70:b4:0b:1d:9b:30:01:a6:
         54:1c:e0:62:18:db:c6:db:33:47:66:78:8b:2e:96:d5:16:e2:
         de:a3:92:da:cc:b8:5a:89:f9:5f:8b:ca:b5:28:68:40:9e:cf:
         b4:c5:0c:20:38:f6:44:46:15:aa:90:47:60:49:d7:48:3f:90:
         23:92:68:94:d0:69:c0:6a:8d:3c:16:d4:be:ff:42:05:8c:57:
         03:c8:9d:c0:ab:59:09:fd:5d:13:22:a3:b7:3b:22:b3:d0:9c:
         1c:d9:7f:bf:8d:4d:cb:af:72:75:f3:d8:a7:f2:08:3f:12:77:
         35:04:ac:69:d8:0a:80:81:f9:23:86:a7:db:df:7a:7a:c7:07:
         e6:4c:20:e9:4e:75:c2:a4:ac:86:56:3c:a1:10:63:0a:8a:c1:
         d8:51:f4:7b:57:1d:7e:ed:dc:96:38:54:ed:a2:6b:81:63:e8:
         57:15:04:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBfRpD3TbOfi+nc+0fkBWsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MmU3ZDg3OTIyMTI5ZGY5MGM0ODcwZGEyYTc3Mzg0MDQ3
MjQ4NTgwHhcNMjQwNjI4MTQzNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMxYmY1ZWY4MWJmY2M0NTU0NGQyNDQ5M2RhNWJlNWJjNjgxMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqtOceWrkqxv0J792vXW/03rTioO
wnaLbnUHjy5CcDfHvZEIqwJZDqLHmfVpOjVxBoBUczwZeiUbwKu77RxuLf+mQ70v
pm7Ugm4j17nMwAzB+RaxgUm+JcWXUlLaXB6YKG3ojbSdgGZbK5z83hX6O7u6CSXI
tNwjYb5ZnnLOGOLBWRuOudBzBFiaQLGD/10MehwAUnDuR77QiUahN70k7FB+w4YC
PQkqXnlAkiCLsi0xZw1Rk2m8TzYP/TkZtexi4QzMHC2NkxMZEZtjpqutTW7L8ocm
NlBtoz68S4VWLWHNA5d1Ag3hkkgBAhcvMTENS50UkjdnO7MSH/vZbG+10QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwxv174G/zEVUTSRJPaW+W8aBCvMB8GA1UdIwQY
MBaAFEUufYeSISnfkMSHDaKnc4QEckhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2Qt
YWFhOGQzYTk0MGFjLzEvX0RHX1h2Z2JfTVJWUk5KRWs5cGI1YnhvRUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2QtYWFhOGQzYTk0MGFj
LzEvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSL6MA0G
CSqGSIb3DQEBCwUAA4IBAQBXrTtcAkwanA03A+PHes2NJH1uJ8z7nZjQX1YkclT5
4KHMcZ6BOnzE/uUmhFXjdEpSfbOaTzDukLBBYKY3Qtv7tzTp0Hv7SastAT9UdHcg
nDspcLQLHZswAaZUHOBiGNvG2zNHZniLLpbVFuLeo5LazLhaiflfi8q1KGhAns+0
xQwgOPZERhWqkEdgSddIP5AjkmiU0GnAao08FtS+/0IFjFcDyJ3Aq1kJ/V0TIqO3
OyKz0Jwc2X+/jU3Lr3J189in8gg/Enc1BKxp2AqAgfkjhqfb33p6xwfmTCDpTnXC
pKyGVjyhEGMKisHYUfR7Vx1+7dyWOFTtomuBY+hXFQT7
-----END CERTIFICATE-----