Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ipC9WbhQZ5D-cjlhsziFsdPlsKQ.roa
File:                     ipC9WbhQZ5D-cjlhsziFsdPlsKQ.roa (raw, json)
Hash identifier:          B7Kfx4MatAdWjHhekT0abDFAEBjRslTEOlxM67LYNSw=
Subject key identifier:   8A:90:BD:59:B8:50:67:90:FE:72:39:61:B3:38:85:B1:D3:E5:B0:A4
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0192D942A7E5812155A391BAFE874B795307
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ipC9WbhQZ5D-cjlhsziFsdPlsKQ.roa
Signing time:             Tue 29 Oct 2024 17:11:17 +0000
ROA not before:           Tue 29 Oct 2024 17:11:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.43.166.0/24 maxlen: 24
                          64.137.52.0/23 maxlen: 23
                          104.238.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:42:a7:e5:81:21:55:a3:91:ba:fe:87:4b:79:53:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 29 17:11:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a90bd59b8506790fe723961b33885b1d3e5b0a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:12:58:67:3a:d1:32:0b:a2:37:42:2a:0b:cf:
                    02:8b:6f:77:69:29:ac:46:3d:0e:ed:6b:9e:f9:2a:
                    a7:d6:4c:bd:b2:cd:aa:6b:2e:89:61:e7:dc:a8:d7:
                    df:f1:d5:55:44:57:f2:6a:fe:d7:04:37:ec:68:40:
                    4f:6c:bb:5a:21:4d:bd:68:d8:ae:54:02:f7:c3:e9:
                    3a:69:f2:0e:09:9d:cd:16:ca:fb:bf:5b:0e:27:99:
                    2b:be:d8:34:43:b3:c6:a2:23:b3:1b:84:e5:b3:36:
                    1d:1a:c9:e6:3e:f7:0a:c7:83:d7:28:d6:e5:f3:72:
                    79:f5:00:27:6e:89:af:03:85:8f:c5:f6:7b:a6:27:
                    e1:70:28:60:0f:ee:00:6b:35:72:ba:fb:03:7c:aa:
                    94:09:15:46:81:86:ba:9f:cb:77:d7:cf:2c:2a:d9:
                    13:1e:33:a8:15:79:ee:a5:10:67:29:5b:57:8e:97:
                    23:58:04:74:08:40:3a:b3:df:e0:a0:5c:0c:4c:8d:
                    a8:47:c2:fb:81:2b:e2:9a:a9:8a:d3:e1:5f:a9:86:
                    2b:14:0f:29:5a:90:c2:3b:95:61:1e:ee:ee:14:9c:
                    14:9b:23:93:d6:a8:92:50:2d:41:59:ef:18:af:f9:
                    40:c4:93:e6:b6:f6:5b:c1:c4:8b:e5:55:20:3a:88:
                    9e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:90:BD:59:B8:50:67:90:FE:72:39:61:B3:38:85:B1:D3:E5:B0:A4
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ipC9WbhQZ5D-cjlhsziFsdPlsKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.166.0/24
                  64.137.52.0/23
                  104.238.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e3:62:ab:28:7b:f2:2a:01:a0:cd:01:2b:47:0d:21:58:57:
         6e:32:61:85:28:f5:27:bb:a5:4e:b9:3a:24:43:da:99:31:83:
         c3:b3:20:80:af:18:6e:b4:dc:5c:f9:95:3d:5c:d5:2c:63:eb:
         ea:30:c6:4d:ab:a7:9a:b7:3d:90:68:94:87:2c:82:8d:04:38:
         0d:8d:7e:2d:b6:50:88:1e:59:7e:32:47:c9:c1:8f:a1:7d:b8:
         d4:00:21:c3:6b:ec:8f:40:f3:b3:55:d4:b0:35:5e:b3:9b:a0:
         15:18:b9:f6:89:79:8b:d9:67:ec:33:dd:b7:93:92:d5:fb:ba:
         60:70:3d:74:e6:92:48:1b:cf:11:0e:c9:08:1a:0d:4b:f0:2f:
         18:70:53:1b:7a:03:06:c2:13:1d:dc:4c:bc:62:9c:c9:a9:3b:
         45:7f:82:b2:8b:18:1b:dd:5e:38:b5:d1:d4:b2:51:9e:99:1d:
         5b:01:3d:d2:35:23:e2:00:21:e5:86:bb:be:b1:75:73:dd:2d:
         9c:6d:ce:cc:81:a8:a0:2f:a0:b4:9d:05:eb:f9:e1:a7:93:4b:
         a0:f0:03:33:78:e5:b4:80:38:36:10:39:6b:fd:94:80:aa:a2:
         9f:dd:7a:80:82:9d:48:83:a0:16:49:bf:09:18:13:26:bf:23:
         be:75:48:d4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLZQqflgSFVo5G6/odLeVMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMDI5MTcxMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTkwYmQ1OWI4NTA2NzkwZmU3MjM5NjFiMzM4ODViMWQzZTViMGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxJYZzrRMguiN0IqC88Ci293aSms
Rj0O7Wue+Sqn1ky9ss2qay6JYefcqNff8dVVRFfyav7XBDfsaEBPbLtaIU29aNiu
VAL3w+k6afIOCZ3NFsr7v1sOJ5krvtg0Q7PGoiOzG4TlszYdGsnmPvcKx4PXKNbl
83J59QAnbomvA4WPxfZ7pifhcChgD+4AazVyuvsDfKqUCRVGgYa6n8t3188sKtkT
HjOoFXnupRBnKVtXjpcjWAR0CEA6s9/goFwMTI2oR8L7gSvimqmK0+FfqYYrFA8p
WpDCO5VhHu7uFJwUmyOT1qiSUC1BWe8Yr/lAxJPmtvZbwcSL5VUgOoiecQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIqQvVm4UGeQ/nI5YbM4hbHT5bCkMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvaXBDOVdiaFFaNUQtY2psaHN6aUZzZFBsc0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALSumAwQB
QIk0AwQAaO4fMA0GCSqGSIb3DQEBCwUAA4IBAQAc42KrKHvyKgGgzQErRw0hWFdu
MmGFKPUnu6VOuTokQ9qZMYPDsyCArxhutNxc+ZU9XNUsY+vqMMZNq6eatz2QaJSH
LIKNBDgNjX4ttlCIHll+MkfJwY+hfbjUACHDa+yPQPOzVdSwNV6zm6AVGLn2iXmL
2WfsM923k5LV+7pgcD105pJIG88RDskIGg1L8C8YcFMbegMGwhMd3Ey8YpzJqTtF
f4Kyixgb3V44tdHUslGemR1bAT3SNSPiACHlhru+sXVz3S2cbc7MgaigL6C0nQXr
+eGnk0ug8AMzeOW0gDg2EDlr/ZSAqqKf3XqAgp1Ig6AWSb8JGBMmvyO+dUjU
-----END CERTIFICATE-----