Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/8qgINGgQUlI7W557or9XgNIdsQw.roa
File:                     8qgINGgQUlI7W557or9XgNIdsQw.roa (raw, json)
Hash identifier:          61D5wI67RYkHEmzkfJkqIN+m2k3i2WQz3KjaL+5xaKE=
Subject key identifier:   F2:A8:08:34:68:10:52:52:3B:5B:9E:7B:A2:BF:57:80:D2:1D:B1:0C
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019261FC78654B41E4A3E8CA5809650C8AA0
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/8qgINGgQUlI7W557or9XgNIdsQw.roa
Signing time:             Sun 06 Oct 2024 13:19:48 +0000
ROA not before:           Sun 06 Oct 2024 13:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51431
IP address blocks:        46.38.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:61:fc:78:65:4b:41:e4:a3:e8:ca:58:09:65:0c:8a:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct  6 13:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a80834681052523b5b9e7ba2bf5780d21db10c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:4f:2f:fe:aa:30:18:6d:4d:e5:21:eb:e7:
                    b3:70:21:29:74:2a:5f:e7:4a:52:59:28:20:5b:b8:
                    98:6b:4a:fc:07:ca:f0:79:b2:49:ad:dc:ec:8d:7a:
                    04:66:0b:d0:d6:08:c1:5b:91:07:80:6d:d7:ec:59:
                    da:d6:a7:25:5a:f5:d4:98:de:21:27:3f:fc:9d:82:
                    ba:73:1e:99:9a:cd:74:c4:cc:30:e1:b0:1e:68:03:
                    70:4d:fb:36:32:4d:23:b7:69:5a:fa:b9:cd:89:de:
                    a9:0b:f1:70:d7:08:ab:f1:da:b5:17:1e:02:42:4e:
                    43:fc:8c:c9:49:08:34:ee:f9:c1:31:fc:02:89:2d:
                    99:22:c0:4a:ad:7e:37:52:ca:8e:f6:fd:32:36:38:
                    66:d8:80:0f:d9:2c:93:94:71:be:f5:db:7c:bf:b8:
                    1a:4c:07:9d:48:14:af:30:b2:6d:5a:d2:7a:a4:63:
                    e6:d3:88:77:b2:a6:ee:09:80:3b:f4:16:88:cd:fa:
                    c9:b9:7c:9c:07:7d:60:d1:b1:79:97:c8:d7:a1:0d:
                    41:e3:45:65:e6:d5:3f:6e:1e:b0:df:5e:e8:23:0e:
                    44:01:a8:6a:d6:2e:f6:a5:fc:8f:a3:ff:0b:ee:1d:
                    02:0c:ed:a9:f5:24:b4:27:f5:7d:cc:a5:48:94:8b:
                    a5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A8:08:34:68:10:52:52:3B:5B:9E:7B:A2:BF:57:80:D2:1D:B1:0C
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/8qgINGgQUlI7W557or9XgNIdsQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:35:51:86:c3:1b:af:10:3e:37:c9:78:29:81:38:9b:e2:85:
         55:a2:7c:e0:c6:19:84:63:3a:25:7e:18:ad:b7:a8:d1:15:70:
         be:c7:e0:57:ac:ad:eb:00:ca:69:63:dd:a8:93:eb:72:56:b7:
         70:8e:f4:48:59:69:2f:7b:46:a4:71:2c:5e:3e:0b:eb:c0:54:
         1d:21:92:36:42:ac:59:79:e6:07:b3:6e:9c:b2:37:9e:98:82:
         66:65:f9:98:18:a3:86:59:fa:fd:7e:7c:57:ec:29:8d:2b:a7:
         3a:1b:70:4f:bf:d5:1a:7e:75:c3:a6:99:cd:81:29:5c:40:d8:
         1d:48:53:ec:0f:13:1d:1c:03:a5:57:c0:73:bc:9b:19:5e:f5:
         eb:3c:74:09:4b:1e:52:bc:d0:38:6a:4b:52:9b:df:b5:a8:95:
         27:ec:cd:0a:cf:c6:0c:42:f9:f7:7b:78:03:57:9a:11:ec:c6:
         b3:6a:40:1c:68:e1:99:cd:33:d8:da:03:0e:30:20:4a:b0:9e:
         12:e3:bc:85:b4:13:24:53:95:43:32:58:e7:ec:a0:98:15:cb:
         9d:7f:32:03:2c:a2:23:bd:8e:cb:07:b3:0a:47:00:ed:70:9c:
         95:1d:15:fc:35:91:14:8e:40:d4:e9:04:a7:f4:73:83:f2:eb:
         a4:e1:37:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJh/HhlS0Hko+jKWAllDIqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQxMDA2MTMxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE4MDgzNDY4MTA1MjUyM2I1YjllN2JhMmJmNTc4MGQyMWRiMTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAratPL/6qMBhtTeUh6+ezcCEpdCpf
50pSWSggW7iYa0r8B8rwebJJrdzsjXoEZgvQ1gjBW5EHgG3X7Fna1qclWvXUmN4h
Jz/8nYK6cx6Zms10xMww4bAeaANwTfs2Mk0jt2la+rnNid6pC/Fw1wir8dq1Fx4C
Qk5D/IzJSQg07vnBMfwCiS2ZIsBKrX43UsqO9v0yNjhm2IAP2SyTlHG+9dt8v7ga
TAedSBSvMLJtWtJ6pGPm04h3sqbuCYA79BaIzfrJuXycB31g0bF5l8jXoQ1B40Vl
5tU/bh6w317oIw5EAahq1i72pfyPo/8L7h0CDO2p9SS0J/V9zKVIlIulFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKoCDRoEFJSO1uee6K/V4DSHbEMMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvOHFnSU5HZ1FVbEk3VzU1N29yOVhnTklkc1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiaQMA0G
CSqGSIb3DQEBCwUAA4IBAQAuNVGGwxuvED43yXgpgTib4oVVonzgxhmEYzolfhit
t6jRFXC+x+BXrK3rAMppY92ok+tyVrdwjvRIWWkve0akcSxePgvrwFQdIZI2QqxZ
eeYHs26csjeemIJmZfmYGKOGWfr9fnxX7CmNK6c6G3BPv9UafnXDppnNgSlcQNgd
SFPsDxMdHAOlV8BzvJsZXvXrPHQJSx5SvNA4aktSm9+1qJUn7M0Kz8YMQvn3e3gD
V5oR7MazakAcaOGZzTPY2gMOMCBKsJ4S47yFtBMkU5VDMljn7KCYFcudfzIDLKIj
vY7LB7MKRwDtcJyVHRX8NZEUjkDU6QSn9HOD8uuk4TcY
-----END CERTIFICATE-----