Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/9OZMzYPlcEYElv5RzUNVPeaH2DI.roa
File:                     9OZMzYPlcEYElv5RzUNVPeaH2DI.roa (raw, json)
Hash identifier:          KgImgmoX1P6NwqguoF3YEc2n40oZgS0YGsgxorcvCfg=
Subject key identifier:   F4:E6:4C:CD:83:E5:70:46:04:96:FE:51:CD:43:55:3D:E6:87:D8:32
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       01918F6194EE4E3A9A635A1812538425F0ED
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/9OZMzYPlcEYElv5RzUNVPeaH2DI.roa
Signing time:             Mon 26 Aug 2024 15:50:22 +0000
ROA not before:           Mon 26 Aug 2024 15:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62300
IP address blocks:        5.181.12.0/24 maxlen: 24
                          45.159.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8f:61:94:ee:4e:3a:9a:63:5a:18:12:53:84:25:f0:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Aug 26 15:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4e64ccd83e570460496fe51cd43553de687d832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8a:c9:36:d0:b3:32:ee:a1:b8:41:3c:3d:4f:
                    83:cd:15:f3:54:c6:a5:9d:fa:28:0f:b3:7b:78:63:
                    1a:9e:2d:0d:10:df:c2:a1:92:66:6d:04:c7:21:bd:
                    59:cd:37:8a:9c:21:86:48:51:a9:6e:11:c1:2e:b8:
                    ce:ff:e9:b8:30:46:18:59:f8:03:88:35:9a:d5:a9:
                    61:37:73:fb:49:28:9a:d8:42:44:13:e1:28:91:3b:
                    e4:fe:9a:e6:c2:05:35:ff:84:bc:70:02:10:4f:f1:
                    c6:a8:26:76:ec:ee:63:51:bb:86:19:e7:cd:7d:79:
                    67:90:40:76:77:cf:32:0b:e8:35:71:6d:f5:b2:76:
                    55:e1:6d:03:a2:68:39:3c:22:34:3c:0a:53:7c:59:
                    c2:56:6b:38:b3:c3:4e:c5:ef:c1:62:f4:07:f3:96:
                    81:61:3a:3c:8b:18:0e:bc:4d:df:3a:78:79:0a:c9:
                    13:52:f1:df:0c:25:25:cc:bd:df:d1:6c:0a:e1:d2:
                    23:54:f9:8f:34:16:e8:17:21:f6:2f:ec:a6:a5:a9:
                    2e:5d:af:e6:59:43:44:13:57:38:fc:33:d0:08:40:
                    4b:a7:ca:57:82:c1:2a:c0:98:43:74:69:2b:3a:b0:
                    b0:7f:c4:ff:0c:11:9d:c8:f8:68:57:89:51:d8:5c:
                    a7:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:E6:4C:CD:83:E5:70:46:04:96:FE:51:CD:43:55:3D:E6:87:D8:32
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/9OZMzYPlcEYElv5RzUNVPeaH2DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.12.0/24
                  45.159.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:48:c6:93:c6:99:83:f7:89:28:65:50:32:e1:ca:77:28:f5:
         fa:56:ac:f7:4a:f1:ee:a6:ad:4e:d2:78:32:d1:35:9e:50:8e:
         ed:21:60:8f:7b:84:97:f6:0d:40:58:2d:81:56:a7:d5:31:0a:
         cf:98:4b:2f:bd:8a:c0:7a:97:fb:09:9e:b6:1e:c9:4a:f5:ab:
         6f:69:31:f6:6b:dc:6a:7b:2b:db:83:c2:b1:2c:71:50:96:a0:
         80:5f:bf:f4:e4:0b:5a:c9:98:10:87:9b:7e:38:be:b0:15:b8:
         b2:1a:d5:db:c0:b7:5c:8e:75:59:a6:8e:e4:a9:dc:4d:58:84:
         36:a6:76:c0:2e:69:01:85:d2:fd:6b:e6:d6:06:a4:59:c4:93:
         19:68:cc:e8:4c:66:79:d6:be:70:f3:99:17:97:6c:98:31:6c:
         dc:3d:ac:74:b7:8f:96:3b:e9:2d:98:63:dc:03:f7:18:ed:5f:
         9b:69:8a:9b:88:8e:ac:68:b9:28:87:90:63:2a:6f:97:66:3a:
         52:d0:00:68:96:2e:58:90:5b:90:fc:70:fe:3b:ab:b7:d2:16:
         6c:0c:5f:ed:8d:0a:d7:2b:9b:00:02:de:a1:e3:18:5c:1f:2b:
         65:77:0c:26:a7:37:fb:d8:ae:b8:56:8b:f1:da:fe:c7:cf:c0:
         68:9d:ec:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGPYZTuTjqaY1oYElOEJfDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjQwODI2MTU1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGU2NGNjZDgzZTU3MDQ2MDQ5NmZlNTFjZDQzNTUzZGU2ODdkODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0orJNtCzMu6huEE8PU+DzRXzVMal
nfooD7N7eGMani0NEN/CoZJmbQTHIb1ZzTeKnCGGSFGpbhHBLrjO/+m4MEYYWfgD
iDWa1alhN3P7SSia2EJEE+EokTvk/prmwgU1/4S8cAIQT/HGqCZ27O5jUbuGGefN
fXlnkEB2d88yC+g1cW31snZV4W0Domg5PCI0PApTfFnCVms4s8NOxe/BYvQH85aB
YTo8ixgOvE3fOnh5CskTUvHfDCUlzL3f0WwK4dIjVPmPNBboFyH2L+ympakuXa/m
WUNEE1c4/DPQCEBLp8pXgsEqwJhDdGkrOrCwf8T/DBGdyPhoV4lR2FynKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPTmTM2D5XBGBJb+Uc1DVT3mh9gyMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvOU9aTXpZUGxjRVlFbHY1UnpVTlZQZWFIMkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbUMAwQA
LZ+1MA0GCSqGSIb3DQEBCwUAA4IBAQBPSMaTxpmD94koZVAy4cp3KPX6Vqz3SvHu
pq1O0ngy0TWeUI7tIWCPe4SX9g1AWC2BVqfVMQrPmEsvvYrAepf7CZ62HslK9atv
aTH2a9xqeyvbg8KxLHFQlqCAX7/05AtayZgQh5t+OL6wFbiyGtXbwLdcjnVZpo7k
qdxNWIQ2pnbALmkBhdL9a+bWBqRZxJMZaMzoTGZ51r5w85kXl2yYMWzcPax0t4+W
O+ktmGPcA/cY7V+baYqbiI6saLkoh5BjKm+XZjpS0ABoli5YkFuQ/HD+O6u30hZs
DF/tjQrXK5sAAt6h4xhcHytldwwmpzf72K64Vovx2v7Hz8Bonexs
-----END CERTIFICATE-----