Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/DtBI14TF6fSXwMaWYIoteHfaE-g.roa
File:                     DtBI14TF6fSXwMaWYIoteHfaE-g.roa (raw, json)
Hash identifier:          Tx6DtJXcl0zy14wqQSzOLo4GvuVKwaaQzlfEWMVCpgo=
Subject key identifier:   0E:D0:48:D7:84:C5:E9:F4:97:C0:C6:96:60:8A:2D:78:77:DA:13:E8
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0191AE5922888F503B60C28DFAA52858B174
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/DtBI14TF6fSXwMaWYIoteHfaE-g.roa
Signing time:             Sun 01 Sep 2024 16:09:22 +0000
ROA not before:           Sun 01 Sep 2024 16:09:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57529
IP address blocks:        45.131.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ae:59:22:88:8f:50:3b:60:c2:8d:fa:a5:28:58:b1:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Sep  1 16:09:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ed048d784c5e9f497c0c696608a2d7877da13e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:60:29:f9:ac:6a:30:f4:5c:03:0e:85:11:92:
                    36:4c:f5:d6:f6:27:dd:c3:1f:01:57:11:fc:29:60:
                    2b:3c:32:ec:05:14:44:36:5d:a1:82:c0:fc:b6:79:
                    0b:fd:fb:f8:94:b9:bd:fc:3d:29:fc:66:66:eb:12:
                    9c:8f:3f:44:cc:71:ac:e1:7f:0f:0a:07:18:e2:fd:
                    6e:e3:ec:10:c5:1c:ce:4c:74:08:1d:3e:fd:fc:1d:
                    a9:57:cc:fe:19:4b:30:12:91:cd:99:34:34:31:92:
                    7b:69:e9:f9:86:98:89:18:11:bf:90:95:d5:24:6a:
                    45:f1:7f:27:14:b6:b8:45:1e:49:ae:fd:59:9c:d5:
                    8a:1c:5f:46:32:a6:55:d9:58:45:77:f2:61:44:2a:
                    c3:06:3d:46:b4:3c:b0:61:8a:d0:f5:61:81:95:3a:
                    10:13:84:9a:ee:c8:71:1d:4f:27:e1:a8:2c:46:21:
                    a5:fb:38:c0:04:bc:7c:d0:ce:dd:f7:5a:ce:ce:5c:
                    fb:79:62:46:44:0f:84:7e:75:f7:e3:81:49:9f:5f:
                    d0:f7:a6:21:d1:67:3a:7d:06:13:c8:5e:c1:06:fd:
                    90:8c:4e:f8:b8:92:ba:bb:ce:35:12:84:ea:ef:3c:
                    97:1d:01:56:13:a3:45:3b:dc:6f:d1:6d:9c:54:1f:
                    58:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D0:48:D7:84:C5:E9:F4:97:C0:C6:96:60:8A:2D:78:77:DA:13:E8
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/DtBI14TF6fSXwMaWYIoteHfaE-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:3a:de:71:af:66:28:2e:96:8c:f1:82:66:39:7e:4b:4b:6e:
         a2:0f:6b:80:e1:4f:a9:43:a5:f5:b1:fd:41:e2:01:27:4a:28:
         3a:73:0d:bf:f8:d7:5a:fa:19:36:d7:9c:9c:2f:75:10:89:06:
         1e:ab:c8:a4:21:ab:29:73:73:59:0a:43:12:52:0c:26:38:79:
         4f:24:cb:f8:c5:e2:60:1f:ee:99:7c:ff:23:1d:97:f1:df:63:
         60:f1:0e:a8:b1:de:0c:2e:3b:7a:53:70:05:f7:2e:f5:81:c0:
         73:75:83:6a:c5:e4:cb:40:84:0d:7a:14:04:96:ca:2d:f8:2f:
         0b:cc:3c:6d:91:64:df:3d:78:f7:ba:ee:f1:fa:22:32:c4:04:
         00:ae:22:3e:44:83:93:f5:cf:fe:cc:86:a1:36:02:c8:88:56:
         46:d8:d5:0c:0a:67:0d:4c:77:42:59:56:1d:56:b1:c0:b0:d1:
         08:82:2f:55:cf:db:66:d0:2a:41:cd:60:00:55:6b:47:f2:b0:
         ee:44:8c:6a:a6:0e:40:80:39:60:dd:bb:1f:1c:54:8e:01:1c:
         d9:dd:dc:8c:37:06:e8:9d:dd:e3:08:74:af:4a:a0:1c:1a:61:
         a6:ba:90:5d:d2:e3:c6:97:b2:e1:88:95:af:62:af:df:a1:33:
         0e:9b:54:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGuWSKIj1A7YMKN+qUoWLF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwOTAxMTYwOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWQwNDhkNzg0YzVlOWY0OTdjMGM2OTY2MDhhMmQ3ODc3ZGExM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGAp+axqMPRcAw6FEZI2TPXW9ifd
wx8BVxH8KWArPDLsBRRENl2hgsD8tnkL/fv4lLm9/D0p/GZm6xKcjz9EzHGs4X8P
CgcY4v1u4+wQxRzOTHQIHT79/B2pV8z+GUswEpHNmTQ0MZJ7aen5hpiJGBG/kJXV
JGpF8X8nFLa4RR5Jrv1ZnNWKHF9GMqZV2VhFd/JhRCrDBj1GtDywYYrQ9WGBlToQ
E4Sa7shxHU8n4agsRiGl+zjABLx80M7d91rOzlz7eWJGRA+EfnX344FJn1/Q96Yh
0Wc6fQYTyF7BBv2QjE74uJK6u841EoTq7zyXHQFWE6NFO9xv0W2cVB9YZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7QSNeExen0l8DGlmCKLXh32hPoMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvRHRCSTE0VEY2ZlNYd01hV1lJb3RlSGZhRS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYOgMA0G
CSqGSIb3DQEBCwUAA4IBAQAiOt5xr2YoLpaM8YJmOX5LS26iD2uA4U+pQ6X1sf1B
4gEnSig6cw2/+Nda+hk215ycL3UQiQYeq8ikIaspc3NZCkMSUgwmOHlPJMv4xeJg
H+6ZfP8jHZfx32Ng8Q6osd4MLjt6U3AF9y71gcBzdYNqxeTLQIQNehQElsot+C8L
zDxtkWTfPXj3uu7x+iIyxAQAriI+RIOT9c/+zIahNgLIiFZG2NUMCmcNTHdCWVYd
VrHAsNEIgi9Vz9tm0CpBzWAAVWtH8rDuRIxqpg5AgDlg3bsfHFSOARzZ3dyMNwbo
nd3jCHSvSqAcGmGmupBd0uPGl7LhiJWvYq/foTMOm1Rs
-----END CERTIFICATE-----