Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/cbOQVzusWn9LnCgie1I0RHNjoTQ.roa
File:                     cbOQVzusWn9LnCgie1I0RHNjoTQ.roa (raw, json)
Hash identifier:          pvIu7LiduTDkxdLtY7HU+5364ooMirMljeSMt7L8ZBI=
Subject key identifier:   71:B3:90:57:3B:AC:5A:7F:4B:9C:28:22:7B:52:34:44:73:63:A1:34
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018FA4E37BB92D41B0914F9F2B39ABF08C4A
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/cbOQVzusWn9LnCgie1I0RHNjoTQ.roa
Signing time:             Thu 23 May 2024 09:58:42 +0000
ROA not before:           Thu 23 May 2024 09:58:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.131.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a4:e3:7b:b9:2d:41:b0:91:4f:9f:2b:39:ab:f0:8c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May 23 09:58:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71b390573bac5a7f4b9c28227b5234447363a134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e4:48:91:d5:c6:0f:2c:3e:11:fb:0b:5e:ca:
                    e5:72:68:dc:e8:72:14:d0:fc:6d:68:f9:fb:62:cd:
                    8f:5a:d3:7e:15:68:40:48:2c:98:1a:6e:32:26:60:
                    bf:4a:fc:ab:51:23:7c:f4:af:f8:2e:6e:c7:68:3a:
                    51:06:cb:df:0e:40:81:41:29:ff:ec:74:64:0e:9a:
                    0a:c1:24:14:4f:67:fc:98:28:b0:c1:28:77:9e:6c:
                    1e:f6:8c:4f:ec:c6:6a:79:4b:d7:d3:b7:90:eb:de:
                    21:22:25:20:c2:80:95:82:66:5b:c3:e5:71:85:65:
                    0a:14:08:e6:4c:fd:06:11:05:1a:c2:ad:31:1e:5b:
                    5f:35:de:a1:8c:66:4c:9a:dc:16:60:c3:61:6e:bb:
                    7b:35:d6:7b:7c:0d:c4:a5:18:6a:23:e6:a3:87:ea:
                    bb:4c:08:89:4a:13:25:ee:09:3c:87:ae:dd:c4:09:
                    a2:62:7d:4d:1c:de:14:da:a8:57:21:c9:32:1c:31:
                    28:5f:cc:a5:00:46:f9:f6:48:68:a8:ed:ad:5f:c6:
                    a9:b4:b8:09:f5:d7:ff:33:63:2c:fa:60:5a:69:8e:
                    a1:68:cc:d6:53:c5:b8:f7:e7:48:25:51:de:5c:d3:
                    a4:59:40:9f:82:8a:2e:3e:09:82:86:26:16:f0:2a:
                    5f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B3:90:57:3B:AC:5A:7F:4B:9C:28:22:7B:52:34:44:73:63:A1:34
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/cbOQVzusWn9LnCgie1I0RHNjoTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:9b:06:f0:61:93:6a:e8:93:90:10:c2:5a:96:56:03:b2:31:
         6a:4c:34:9b:27:49:ce:db:fe:ff:20:df:82:2c:6d:a7:d6:ff:
         56:d4:bc:87:ea:af:f1:ad:cb:54:43:f6:bc:d3:10:ee:f9:a4:
         76:00:02:4f:80:da:e2:7e:c5:82:4f:3c:10:48:d8:5f:5c:ed:
         ac:26:03:1d:e4:5b:aa:6b:80:ff:9a:6e:d6:89:aa:4b:37:6f:
         90:9d:c1:ca:cf:21:c3:f3:fc:b3:fe:d2:ad:ed:ec:02:30:58:
         fb:ef:64:6b:0b:ae:29:1e:ed:7f:27:9e:f8:35:60:b3:98:2a:
         41:f9:2d:ef:60:57:a3:4c:f3:60:a1:b8:b3:a4:9e:88:9f:08:
         f9:37:85:1f:6f:bb:75:ee:40:9b:65:21:c4:2b:57:fc:d2:ce:
         9d:6b:fb:6b:49:c6:d1:36:09:b3:3d:60:33:f4:02:93:d4:47:
         7e:88:82:77:a6:04:15:a6:e6:f1:25:40:74:bb:1c:6f:91:d7:
         08:ca:47:fa:b3:f7:78:d1:54:30:e5:ce:44:00:bb:0c:d6:d8:
         b7:ad:06:b9:f4:ae:a7:a4:f3:30:6d:2b:21:b7:cc:ef:5d:fd:
         00:5e:49:61:fd:2d:65:31:e7:2a:42:c9:ec:0d:48:b0:c2:26:
         e8:3f:46:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+k43u5LUGwkU+fKzmr8IxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNTIzMDk1ODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWIzOTA1NzNiYWM1YTdmNGI5YzI4MjI3YjUyMzQ0NDczNjNhMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuRIkdXGDyw+EfsLXsrlcmjc6HIU
0PxtaPn7Ys2PWtN+FWhASCyYGm4yJmC/SvyrUSN89K/4Lm7HaDpRBsvfDkCBQSn/
7HRkDpoKwSQUT2f8mCiwwSh3nmwe9oxP7MZqeUvX07eQ694hIiUgwoCVgmZbw+Vx
hWUKFAjmTP0GEQUawq0xHltfNd6hjGZMmtwWYMNhbrt7NdZ7fA3EpRhqI+ajh+q7
TAiJShMl7gk8h67dxAmiYn1NHN4U2qhXIckyHDEoX8ylAEb59khoqO2tX8aptLgJ
9df/M2Ms+mBaaY6haMzWU8W49+dIJVHeXNOkWUCfgoouPgmChiYW8CpfPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGzkFc7rFp/S5woIntSNERzY6E0MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvY2JPUVZ6dXNXbjlMbkNnaWUxSTBSSE5qb1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYOiMA0G
CSqGSIb3DQEBCwUAA4IBAQB3mwbwYZNq6JOQEMJallYDsjFqTDSbJ0nO2/7/IN+C
LG2n1v9W1LyH6q/xrctUQ/a80xDu+aR2AAJPgNrifsWCTzwQSNhfXO2sJgMd5Fuq
a4D/mm7WiapLN2+QncHKzyHD8/yz/tKt7ewCMFj772RrC64pHu1/J574NWCzmCpB
+S3vYFejTPNgobizpJ6Inwj5N4Ufb7t17kCbZSHEK1f80s6da/trScbRNgmzPWAz
9AKT1Ed+iIJ3pgQVpubxJUB0uxxvkdcIykf6s/d40VQw5c5EALsM1ti3rQa59K6n
pPMwbSsht8zvXf0AXklh/S1lMecqQsnsDUiwwiboP0Zi
-----END CERTIFICATE-----