Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/Sjda_fX4b-hcjKYXP7M3QRPo7OU.roa
File:                     Sjda_fX4b-hcjKYXP7M3QRPo7OU.roa (raw, json)
Hash identifier:          1Q0A+JylAFgSoVPzoFq6PQzAUQWwlcWA8Y3bebSqMEQ=
Subject key identifier:   4A:37:5A:FD:F5:F8:6F:E8:5C:8C:A6:17:3F:B3:37:41:13:E8:EC:E5
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0191FE6308EE6B2D1368F49377ADFD3FD721
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/Sjda_fX4b-hcjKYXP7M3QRPo7OU.roa
Signing time:             Tue 17 Sep 2024 05:09:48 +0000
ROA not before:           Tue 17 Sep 2024 05:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.133.141.0/24 maxlen: 24
                          45.133.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fe:63:08:ee:6b:2d:13:68:f4:93:77:ad:fd:3f:d7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Sep 17 05:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a375afdf5f86fe85c8ca6173fb3374113e8ece5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ff:a5:74:c8:b6:59:a5:cf:72:c1:c4:c7:a2:
                    86:c8:3d:bb:8c:02:2a:2a:16:61:78:d3:8c:55:67:
                    6c:71:de:60:9c:c8:fc:64:51:b4:47:58:fd:e6:9c:
                    52:52:4d:0a:5a:a7:9a:e0:95:ea:8b:c9:f5:60:e9:
                    56:42:da:16:11:a4:9a:01:ba:cb:11:91:2f:22:da:
                    59:71:b0:91:f2:81:12:55:ca:00:00:73:1f:0b:7b:
                    eb:cb:11:82:34:d0:8b:08:5f:50:b2:bb:64:54:14:
                    8c:d5:cc:24:a0:0a:13:ce:cb:b0:82:34:0d:b4:62:
                    89:d6:fb:26:28:74:21:cc:77:aa:d8:00:61:45:30:
                    55:76:c1:ee:07:70:4e:86:cd:21:a1:cf:a0:9f:85:
                    9e:e1:7f:41:45:5d:7e:c6:94:1d:4f:e9:2a:82:d6:
                    db:6b:0c:f0:b7:e8:5e:7b:0a:c0:ce:82:50:36:f1:
                    d5:e8:a6:25:1d:1a:9e:ff:a7:53:7b:35:d3:ad:f0:
                    a6:e7:84:f5:61:b8:5f:59:89:84:41:65:f3:05:62:
                    c7:0e:34:9e:d5:b4:0c:73:c4:e0:13:43:8d:1f:a0:
                    1c:af:12:19:d4:38:ee:30:3a:58:0b:48:ef:cb:a2:
                    23:e4:29:80:bb:4d:d9:fd:66:cc:cf:9d:25:6d:06:
                    a4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:37:5A:FD:F5:F8:6F:E8:5C:8C:A6:17:3F:B3:37:41:13:E8:EC:E5
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/Sjda_fX4b-hcjKYXP7M3QRPo7OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.141.0/24
                  45.133.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:8d:9f:38:eb:a7:97:66:e0:07:56:f5:21:df:d8:5d:96:1c:
         c9:04:46:b8:ba:fc:fb:0c:68:c7:98:94:4b:17:52:2c:f3:3e:
         84:ec:82:71:50:d5:36:93:13:2c:03:72:86:87:94:42:dd:59:
         4d:9a:4a:cb:38:fc:77:5d:d3:d6:05:a9:d5:75:52:1d:ea:86:
         98:12:5f:ac:9b:55:78:d2:6a:b6:00:df:d6:17:43:5d:c1:b1:
         0b:e1:fa:fb:d5:63:00:ab:d0:2e:99:34:55:35:28:c8:fe:ed:
         7d:00:f3:6d:a1:1c:16:93:55:c9:37:a0:ab:92:98:13:34:ca:
         1a:e2:96:0e:f6:2f:39:a9:9c:bd:8d:54:88:39:d0:95:50:f2:
         3c:87:76:eb:cf:c0:0a:ee:15:14:df:40:f7:78:e1:1a:a8:52:
         d4:63:b2:99:5e:2c:6a:ef:ec:13:69:cf:66:60:89:ae:3f:e6:
         22:19:a0:43:b8:4c:e1:06:28:5b:93:45:b2:5f:14:95:e5:e5:
         23:bc:d7:d0:31:69:b7:d6:65:51:d4:17:1e:22:fe:40:1d:c1:
         3e:14:8d:74:40:cd:47:15:5b:92:eb:02:9e:02:87:5f:ed:73:
         3d:3d:17:74:3f:b9:44:61:21:83:48:c4:f8:1f:90:56:bb:53:
         9e:b1:58:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZH+Ywjuay0TaPSTd639P9chMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwOTE3MDUwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTM3NWFmZGY1Zjg2ZmU4NWM4Y2E2MTczZmIzMzc0MTEzZThlY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf+ldMi2WaXPcsHEx6KGyD27jAIq
KhZheNOMVWdscd5gnMj8ZFG0R1j95pxSUk0KWqea4JXqi8n1YOlWQtoWEaSaAbrL
EZEvItpZcbCR8oESVcoAAHMfC3vryxGCNNCLCF9QsrtkVBSM1cwkoAoTzsuwgjQN
tGKJ1vsmKHQhzHeq2ABhRTBVdsHuB3BOhs0hoc+gn4We4X9BRV1+xpQdT+kqgtbb
awzwt+heewrAzoJQNvHV6KYlHRqe/6dTezXTrfCm54T1YbhfWYmEQWXzBWLHDjSe
1bQMc8TgE0ONH6AcrxIZ1DjuMDpYC0jvy6Ij5CmAu03Z/WbMz50lbQakEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEo3Wv31+G/oXIymFz+zN0ET6OzlMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvU2pkYV9mWDRiLWhjaktZWFA3TTNRUlBvN09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYWNAwQA
LYWPMA0GCSqGSIb3DQEBCwUAA4IBAQBOjZ8466eXZuAHVvUh39hdlhzJBEa4uvz7
DGjHmJRLF1Is8z6E7IJxUNU2kxMsA3KGh5RC3VlNmkrLOPx3XdPWBanVdVId6oaY
El+sm1V40mq2AN/WF0NdwbEL4fr71WMAq9AumTRVNSjI/u19APNtoRwWk1XJN6Cr
kpgTNMoa4pYO9i85qZy9jVSIOdCVUPI8h3brz8AK7hUU30D3eOEaqFLUY7KZXixq
7+wTac9mYImuP+YiGaBDuEzhBihbk0WyXxSV5eUjvNfQMWm31mVR1BceIv5AHcE+
FI10QM1HFVuS6wKeAodf7XM9PRd0P7lEYSGDSMT4H5BWu1OesVhS
-----END CERTIFICATE-----