Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/902301-5676-41fc-8ebd-7f17066957af/1/tbbst5Gbem6SMB-jQQT4kh35Has.roa
File:                     tbbst5Gbem6SMB-jQQT4kh35Has.roa (raw, json)
Hash identifier:          0Ulyhk8+dChE5L7M6RDZT5EE3J/X0MtT7u389avLlM0=
Subject key identifier:   B5:B6:EC:B7:91:9B:7A:6E:92:30:1F:A3:41:04:F8:92:1D:F9:1D:AB
Certificate issuer:       /CN=902bdb81caf33f10b05f8767b1a8e188b07e341b
Certificate serial:       018CC87101CCCFE76268056EF4CA87516E55
Authority key identifier: 90:2B:DB:81:CA:F3:3F:10:B0:5F:87:67:B1:A8:E1:88:B0:7E:34:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kCvbgcrzPxCwX4dnsajhiLB-NBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/902301-5676-41fc-8ebd-7f17066957af/1/tbbst5Gbem6SMB-jQQT4kh35Has.roa
Signing time:             Tue 02 Jan 2024 04:31:38 +0000
ROA not before:           Tue 02 Jan 2024 04:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31019
IP address blocks:        45.92.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/902301-5676-41fc-8ebd-7f17066957af/1/kCvbgcrzPxCwX4dnsajhiLB-NBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/902301-5676-41fc-8ebd-7f17066957af/1/kCvbgcrzPxCwX4dnsajhiLB-NBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kCvbgcrzPxCwX4dnsajhiLB-NBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:01:cc:cf:e7:62:68:05:6e:f4:ca:87:51:6e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=902bdb81caf33f10b05f8767b1a8e188b07e341b
        Validity
            Not Before: Jan  2 04:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5b6ecb7919b7a6e92301fa34104f8921df91dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6e:a3:3e:19:ea:d9:79:53:5e:6b:98:6f:9d:
                    b5:d4:02:61:df:a0:5a:6c:1e:36:d0:53:cb:2d:d3:
                    0b:67:62:3b:c8:14:7c:e0:cb:2d:d4:45:0a:87:06:
                    00:7f:01:e5:fd:22:71:80:14:b4:1d:ed:15:9e:af:
                    50:9f:14:16:ef:86:6a:d2:71:09:c6:87:49:45:f0:
                    6e:53:69:34:0c:66:6e:20:b2:09:12:14:53:fb:85:
                    ec:b5:94:a3:20:c9:a6:5a:7e:53:d1:aa:b8:31:b4:
                    79:97:b5:15:ac:9f:37:12:02:fb:06:60:6c:81:2e:
                    6e:71:66:82:92:5f:98:1b:7b:bf:e5:14:f9:62:4e:
                    31:67:08:95:3d:61:24:7f:17:83:b1:8e:31:3b:fc:
                    5c:31:fc:13:77:aa:7a:7b:29:02:68:bf:8c:a0:99:
                    18:d1:ed:7d:5f:71:b6:21:9b:10:ab:e1:7d:45:4c:
                    f7:65:5e:9e:0d:82:d2:25:aa:14:8a:c1:b5:b6:69:
                    23:24:cf:01:1b:1c:80:f4:cc:e1:26:2e:86:d1:a0:
                    34:b9:e1:1d:a6:35:1f:12:ef:31:c7:45:4b:bb:bc:
                    55:2c:6f:8c:ec:80:62:24:02:77:53:3e:06:1d:df:
                    ec:ff:e2:95:1b:30:11:29:32:8e:dd:76:27:32:49:
                    09:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B6:EC:B7:91:9B:7A:6E:92:30:1F:A3:41:04:F8:92:1D:F9:1D:AB
            X509v3 Authority Key Identifier:
                keyid:90:2B:DB:81:CA:F3:3F:10:B0:5F:87:67:B1:A8:E1:88:B0:7E:34:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kCvbgcrzPxCwX4dnsajhiLB-NBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/902301-5676-41fc-8ebd-7f17066957af/1/tbbst5Gbem6SMB-jQQT4kh35Has.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/902301-5676-41fc-8ebd-7f17066957af/1/kCvbgcrzPxCwX4dnsajhiLB-NBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:c9:ee:af:f7:66:bf:02:e5:03:58:ad:43:dd:09:f5:9e:20:
         68:cd:a7:e2:cc:2a:46:cd:35:58:81:0c:54:33:03:f0:db:36:
         7c:3a:78:c5:9c:d1:97:8d:a5:26:0e:19:48:3a:67:66:80:77:
         7b:d2:ef:c3:76:b4:7d:4f:90:94:16:78:b4:ea:8c:7c:b8:94:
         52:f2:6f:f3:e7:75:00:f7:33:f5:e3:2e:92:4a:85:73:bd:91:
         73:ff:1a:bf:c3:87:f9:ca:90:ed:40:34:f7:58:d5:b8:4f:36:
         e6:12:42:4b:ad:5e:f4:2c:27:42:ac:5f:3d:51:1d:f4:9f:cb:
         ab:77:34:7a:f2:2a:9f:d1:7a:73:af:eb:dd:56:02:2b:02:f9:
         19:18:af:33:4c:56:3e:ba:b2:b6:3b:ca:5e:e7:e9:93:39:3f:
         21:36:3d:37:d9:91:60:56:33:81:08:6a:1c:47:4a:aa:be:6f:
         a9:f4:11:61:54:13:b0:a3:6e:5d:b4:4e:28:79:11:60:a6:e7:
         cb:fe:2f:47:d3:80:0f:6a:53:bb:f7:29:7a:eb:26:cb:26:a8:
         94:ae:36:da:1f:35:b1:83:5d:b8:0f:81:e6:0e:96:54:ed:74:
         64:6c:b2:e9:f4:dd:4e:6f:cd:3d:c7:1a:b3:92:f1:61:d1:6b:
         b5:7c:26:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQHMz+diaAVu9MqHUW5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwMmJkYjgxY2FmMzNmMTBiMDVmODc2N2IxYThlMTg4YjA3
ZTM0MWIwHhcNMjQwMTAyMDQzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI2ZWNiNzkxOWI3YTZlOTIzMDFmYTM0MTA0Zjg5MjFkZjkxZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgG6jPhnq2XlTXmuYb5211AJh36Ba
bB420FPLLdMLZ2I7yBR84Mst1EUKhwYAfwHl/SJxgBS0He0Vnq9QnxQW74Zq0nEJ
xodJRfBuU2k0DGZuILIJEhRT+4XstZSjIMmmWn5T0aq4MbR5l7UVrJ83EgL7BmBs
gS5ucWaCkl+YG3u/5RT5Yk4xZwiVPWEkfxeDsY4xO/xcMfwTd6p6eykCaL+MoJkY
0e19X3G2IZsQq+F9RUz3ZV6eDYLSJaoUisG1tmkjJM8BGxyA9MzhJi6G0aA0ueEd
pjUfEu8xx0VLu7xVLG+M7IBiJAJ3Uz4GHd/s/+KVGzARKTKO3XYnMkkJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW27LeRm3pukjAfo0EE+JId+R2rMB8GA1UdIwQY
MBaAFJAr24HK8z8QsF+HZ7Go4YiwfjQbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0N2YmdjcnpQeEN3WDRkbnNhamhpTEItTkJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC85MDIzMDEtNTY3Ni00MWZjLThlYmQt
N2YxNzA2Njk1N2FmLzEvdGJic3Q1R2JlbTZTTUItalFRVDRraDM1SGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC85MDIzMDEtNTY3Ni00MWZjLThlYmQtN2YxNzA2Njk1N2Fm
LzEva0N2YmdjcnpQeEN3WDRkbnNhamhpTEItTkJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVxPMA0G
CSqGSIb3DQEBCwUAA4IBAQBhye6v92a/AuUDWK1D3Qn1niBozafizCpGzTVYgQxU
MwPw2zZ8OnjFnNGXjaUmDhlIOmdmgHd70u/DdrR9T5CUFni06ox8uJRS8m/z53UA
9zP14y6SSoVzvZFz/xq/w4f5ypDtQDT3WNW4TzbmEkJLrV70LCdCrF89UR30n8ur
dzR68iqf0Xpzr+vdVgIrAvkZGK8zTFY+urK2O8pe5+mTOT8hNj032ZFgVjOBCGoc
R0qqvm+p9BFhVBOwo25dtE4oeRFgpufL/i9H04APalO79yl66ybLJqiUrjbaHzWx
g124D4HmDpZU7XRkbLLp9N1Ob809xxqzkvFh0Wu1fCbo
-----END CERTIFICATE-----