Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/HZ3AVmfBOPXsG7V7loSqKR7gzuo.roa
File:                     HZ3AVmfBOPXsG7V7loSqKR7gzuo.roa (raw, json)
Hash identifier:          GtqiW8D4tozMV/X5ZTVBz7Elv4E4UzfMRn2xRw83qiQ=
Subject key identifier:   1D:9D:C0:56:67:C1:38:F5:EC:1B:B5:7B:96:84:AA:29:1E:E0:CE:EA
Certificate issuer:       /CN=a384a56317ac8179851b570f0e3a7aa044e808a6
Certificate serial:       0190542D42F8381203D2B99CBEBE6FCDE441
Authority key identifier: A3:84:A5:63:17:AC:81:79:85:1B:57:0F:0E:3A:7A:A0:44:E8:08:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4SlYxesgXmFG1cPDjp6oEToCKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/HZ3AVmfBOPXsG7V7loSqKR7gzuo.roa
Signing time:             Wed 26 Jun 2024 10:52:50 +0000
ROA not before:           Wed 26 Jun 2024 10:52:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204252
IP address blocks:        45.134.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/o4SlYxesgXmFG1cPDjp6oEToCKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/o4SlYxesgXmFG1cPDjp6oEToCKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4SlYxesgXmFG1cPDjp6oEToCKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:54:2d:42:f8:38:12:03:d2:b9:9c:be:be:6f:cd:e4:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a384a56317ac8179851b570f0e3a7aa044e808a6
        Validity
            Not Before: Jun 26 10:52:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d9dc05667c138f5ec1bb57b9684aa291ee0ceea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:72:d5:06:b3:a6:1c:dc:6f:30:aa:bc:04:69:
                    27:86:7f:d0:82:87:92:fc:37:84:cc:c6:60:6e:84:
                    f5:bb:88:e8:39:b9:a0:56:c8:7d:f6:19:78:12:fe:
                    4a:e8:06:9f:87:64:f2:f9:63:ae:15:4b:bc:1f:f8:
                    09:6c:88:65:ac:05:f4:2c:61:3a:0e:76:47:87:b1:
                    46:ae:c0:cd:ae:24:ee:79:95:e5:a7:c3:4a:b8:c0:
                    2d:9e:93:9d:12:45:14:51:e5:73:b4:3e:66:b4:4c:
                    73:a2:b3:87:cc:62:b0:d6:13:67:4e:a1:f4:21:2b:
                    f9:fc:da:c9:34:41:00:1e:4f:ad:91:59:5d:eb:9e:
                    5a:4a:64:f5:2f:e1:ec:b7:63:d7:06:9f:28:06:32:
                    5c:75:8e:1e:3f:9b:7b:dd:2e:26:38:14:5d:b2:3f:
                    f7:60:e4:59:fd:53:66:d0:bc:7f:4c:da:58:d9:f9:
                    c8:06:2e:3c:3a:51:1c:97:32:0c:44:95:14:2c:5b:
                    5d:f9:81:1a:1b:ec:48:29:0b:d3:4e:ee:90:6e:f0:
                    f6:2f:2b:bd:3c:25:3c:61:12:4d:9f:29:d1:78:60:
                    cc:07:9e:f8:29:75:d1:8f:02:19:c0:6b:c3:c3:c2:
                    24:3d:b7:82:4d:8c:97:a3:ac:48:0e:07:b3:c8:69:
                    e4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:9D:C0:56:67:C1:38:F5:EC:1B:B5:7B:96:84:AA:29:1E:E0:CE:EA
            X509v3 Authority Key Identifier:
                keyid:A3:84:A5:63:17:AC:81:79:85:1B:57:0F:0E:3A:7A:A0:44:E8:08:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4SlYxesgXmFG1cPDjp6oEToCKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/HZ3AVmfBOPXsG7V7loSqKR7gzuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/o4SlYxesgXmFG1cPDjp6oEToCKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:d3:ce:4d:0f:8d:33:21:52:cd:ba:27:5c:c6:8c:c9:fa:92:
         98:51:e1:48:d7:d1:bf:e4:39:c6:ff:12:da:d6:90:92:d2:36:
         15:7e:ad:95:7f:dc:46:24:f7:d4:ae:ef:24:7e:d4:3b:70:1b:
         55:40:f0:bd:81:5e:be:0c:50:e4:f3:24:de:d7:0a:62:1d:68:
         d1:92:d8:83:21:99:c2:72:39:05:2d:f6:e2:b8:83:76:a1:ea:
         5f:e4:ae:87:40:26:1f:7f:5d:f0:3f:cd:e1:03:25:d3:30:25:
         4d:17:6a:84:9a:7b:c4:ec:6d:1a:7d:a7:96:c5:f2:5b:f9:a7:
         ec:be:d4:3a:07:e7:46:72:ee:6d:30:49:82:60:db:61:0f:9d:
         92:fd:63:1b:3a:84:a4:51:10:05:f7:00:cc:3f:d2:a8:87:3a:
         5c:06:08:49:e6:f7:8d:2f:74:3e:f2:df:1c:09:07:0a:c2:f9:
         3a:20:d3:29:8e:c7:c5:39:f9:c7:6d:25:bd:90:0d:61:7a:15:
         4a:a2:de:49:36:c3:90:b3:84:bd:64:cf:6f:e8:29:31:f6:7f:
         21:20:7c:cd:ee:af:26:13:2d:c2:0b:da:71:36:db:00:07:eb:
         1d:8c:f1:60:61:ea:94:23:a2:06:d6:64:6d:37:38:1c:f4:16:
         bd:7d:c1:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBULUL4OBID0rmcvr5vzeRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODRhNTYzMTdhYzgxNzk4NTFiNTcwZjBlM2E3YWEwNDRl
ODA4YTYwHhcNMjQwNjI2MTA1MjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDlkYzA1NjY3YzEzOGY1ZWMxYmI1N2I5Njg0YWEyOTFlZTBjZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XLVBrOmHNxvMKq8BGknhn/QgoeS
/DeEzMZgboT1u4joObmgVsh99hl4Ev5K6Aafh2Ty+WOuFUu8H/gJbIhlrAX0LGE6
DnZHh7FGrsDNriTueZXlp8NKuMAtnpOdEkUUUeVztD5mtExzorOHzGKw1hNnTqH0
ISv5/NrJNEEAHk+tkVld655aSmT1L+Hst2PXBp8oBjJcdY4eP5t73S4mOBRdsj/3
YORZ/VNm0Lx/TNpY2fnIBi48OlEclzIMRJUULFtd+YEaG+xIKQvTTu6QbvD2Lyu9
PCU8YRJNnynReGDMB574KXXRjwIZwGvDw8IkPbeCTYyXo6xIDgezyGnkAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2dwFZnwTj17Bu1e5aEqike4M7qMB8GA1UdIwQY
MBaAFKOEpWMXrIF5hRtXDw46eqBE6AimMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRTbFl4ZXNnWG1GRzFjUERqcDZvRVRvQ0tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jMmZiZTEtZGQ5ZC00MjA0LTkwNjYt
ZTIyNWEyNDkzNzhlLzEvSFozQVZtZkJPUFhzRzdWN2xvU3FLUjdnenVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jMmZiZTEtZGQ5ZC00MjA0LTkwNjYtZTIyNWEyNDkzNzhl
LzEvbzRTbFl4ZXNnWG1GRzFjUERqcDZvRVRvQ0tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYboMA0G
CSqGSIb3DQEBCwUAA4IBAQCa085ND40zIVLNuidcxozJ+pKYUeFI19G/5DnG/xLa
1pCS0jYVfq2Vf9xGJPfUru8kftQ7cBtVQPC9gV6+DFDk8yTe1wpiHWjRktiDIZnC
cjkFLfbiuIN2oepf5K6HQCYff13wP83hAyXTMCVNF2qEmnvE7G0afaeWxfJb+afs
vtQ6B+dGcu5tMEmCYNthD52S/WMbOoSkURAF9wDMP9KohzpcBghJ5veNL3Q+8t8c
CQcKwvk6INMpjsfFOfnHbSW9kA1hehVKot5JNsOQs4S9ZM9v6Ckx9n8hIHzN7q8m
Ey3CC9pxNtsAB+sdjPFgYeqUI6IG1mRtNzgc9Ba9fcEw
-----END CERTIFICATE-----