Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/LXdfMVxo3GHYQHAZfOxWVJ4huok.roa
File:                     LXdfMVxo3GHYQHAZfOxWVJ4huok.roa (raw, json)
Hash identifier:          oh30D+YcpzJXvucD0cqj+NTZTB+bkciOva5pUuvF1EE=
Subject key identifier:   2D:77:5F:31:5C:68:DC:61:D8:40:70:19:7C:EC:56:54:9E:21:BA:89
Certificate issuer:       /CN=b9f4779575cb9bf058243287e98234deca911fc9
Certificate serial:       018CCA2AC3DD049E2509B49B5FAD071B7A8A
Authority key identifier: B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/LXdfMVxo3GHYQHAZfOxWVJ4huok.roa
Signing time:             Tue 02 Jan 2024 12:34:09 +0000
ROA not before:           Tue 02 Jan 2024 12:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57935
IP address blocks:        45.89.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:c3:dd:04:9e:25:09:b4:9b:5f:ad:07:1b:7a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f4779575cb9bf058243287e98234deca911fc9
        Validity
            Not Before: Jan  2 12:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d775f315c68dc61d84070197cec56549e21ba89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c0:28:79:04:41:83:31:1d:5a:d2:27:21:c0:
                    0f:85:97:5c:24:e9:3e:39:e8:c9:96:9f:44:e4:4d:
                    de:9b:27:68:17:f5:44:6c:f4:17:c8:b7:16:36:48:
                    74:9f:4d:0b:c9:33:7c:0b:a3:19:a7:81:7a:6c:71:
                    86:c3:d9:5d:1c:28:29:6f:cd:5a:84:6d:18:8e:b4:
                    c5:13:0b:bc:3a:e2:6a:a3:5a:b4:a2:05:7c:19:d8:
                    53:9e:19:fa:ac:28:f6:29:64:c7:94:52:20:6e:c2:
                    f5:b1:ca:c4:0b:01:c4:26:54:d9:25:bf:64:4b:39:
                    86:31:e5:e0:0d:e1:3e:88:98:54:74:f4:5d:2d:2d:
                    53:ed:f5:1e:55:a2:1f:26:61:6a:7a:b6:28:f0:35:
                    ec:84:40:d5:04:53:8b:1b:0c:07:fe:92:6e:72:f8:
                    6b:a1:4b:9c:16:9c:c9:59:17:be:cf:5b:94:e4:06:
                    02:32:ef:0f:53:0f:06:d4:c8:4a:90:95:43:f5:2b:
                    50:58:54:17:ae:af:e4:08:4b:1e:c4:ad:56:4a:e5:
                    d2:39:0a:0d:cb:12:7b:b3:5d:4e:0a:26:c6:bd:94:
                    f1:42:52:81:77:d5:78:e5:67:10:72:56:4d:58:b0:
                    ce:6c:06:3d:50:97:58:d9:30:16:54:12:9e:26:ae:
                    18:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:77:5F:31:5C:68:DC:61:D8:40:70:19:7C:EC:56:54:9E:21:BA:89
            X509v3 Authority Key Identifier:
                keyid:B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/LXdfMVxo3GHYQHAZfOxWVJ4huok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1c:88:4d:84:77:cb:66:7c:bd:90:80:1f:4b:94:99:02:96:
         57:68:59:2f:d0:2e:82:a2:1d:6a:71:29:9f:c1:0f:0b:aa:14:
         b1:35:1c:a4:3b:fc:f6:b9:ad:5a:17:a3:80:f8:b6:eb:ef:bf:
         a3:3c:ed:63:dc:8b:e2:02:d4:43:f9:08:63:d3:4d:a7:3f:10:
         84:c1:f1:da:45:a8:20:83:1d:aa:c2:f9:54:09:d0:fd:9a:c3:
         1b:3e:7f:c1:de:da:39:43:19:40:66:ec:41:ad:de:d4:cd:74:
         ba:bb:50:79:ac:0a:8b:5f:9f:53:88:3b:79:b0:96:68:da:38:
         30:d8:79:01:9d:f1:6f:e6:e0:4d:04:4c:51:37:0e:ac:d8:75:
         80:51:db:fa:7d:77:3b:0b:29:5e:8d:8b:ef:ae:69:2a:fa:95:
         c9:2a:2d:3b:79:d5:fa:4b:a5:b9:28:a5:eb:be:89:69:6a:90:
         cb:e4:c7:8f:99:66:ed:e1:0c:21:08:9e:8d:d3:53:31:47:c2:
         fe:d6:ed:d4:7f:fd:47:7c:cd:34:78:fc:e9:6d:2b:1b:51:66:
         86:5b:ec:56:af:5f:7a:53:ff:42:5f:ff:61:dc:b2:65:83:74:
         12:b5:2f:dc:7b:50:8f:50:67:51:23:ed:dc:cf:37:21:c8:cd:
         bf:15:c4:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKsPdBJ4lCbSbX60HG3qKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjQ3Nzk1NzVjYjliZjA1ODI0MzI4N2U5ODIzNGRlY2E5
MTFmYzkwHhcNMjQwMTAyMTIzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc3NWYzMTVjNjhkYzYxZDg0MDcwMTk3Y2VjNTY1NDllMjFiYTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusAoeQRBgzEdWtInIcAPhZdcJOk+
OejJlp9E5E3emydoF/VEbPQXyLcWNkh0n00LyTN8C6MZp4F6bHGGw9ldHCgpb81a
hG0YjrTFEwu8OuJqo1q0ogV8GdhTnhn6rCj2KWTHlFIgbsL1scrECwHEJlTZJb9k
SzmGMeXgDeE+iJhUdPRdLS1T7fUeVaIfJmFqerYo8DXshEDVBFOLGwwH/pJucvhr
oUucFpzJWRe+z1uU5AYCMu8PUw8G1MhKkJVD9StQWFQXrq/kCEsexK1WSuXSOQoN
yxJ7s11OCibGvZTxQlKBd9V45WcQclZNWLDObAY9UJdY2TAWVBKeJq4Y4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC13XzFcaNxh2EBwGXzsVlSeIbqJMB8GA1UdIwQY
MBaAFLn0d5V1y5vwWCQyh+mCNN7KkR/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAt
Y2Q5ZmYwNTUyZjkyLzEvTFhkZk1WeG8zR0hZUUhBWmZPeFdWSjRodW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAtY2Q5ZmYwNTUyZjky
LzEvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmIMA0G
CSqGSIb3DQEBCwUAA4IBAQBHHIhNhHfLZny9kIAfS5SZApZXaFkv0C6Coh1qcSmf
wQ8LqhSxNRykO/z2ua1aF6OA+Lbr77+jPO1j3IviAtRD+Qhj002nPxCEwfHaRagg
gx2qwvlUCdD9msMbPn/B3to5QxlAZuxBrd7UzXS6u1B5rAqLX59TiDt5sJZo2jgw
2HkBnfFv5uBNBExRNw6s2HWAUdv6fXc7CylejYvvrmkq+pXJKi07edX6S6W5KKXr
volpapDL5MePmWbt4QwhCJ6N01MxR8L+1u3Uf/1HfM00ePzpbSsbUWaGW+xWr196
U/9CX/9h3LJlg3QStS/ce1CPUGdRI+3czzchyM2/FcQV
-----END CERTIFICATE-----