Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/FHu848aJQ4c7A6t4HjDwijti_5Q.roa
File:                     FHu848aJQ4c7A6t4HjDwijti_5Q.roa (raw, json)
Hash identifier:          YHWn1qPt5H/13LhL681L8Xl4qxGHgPZVPx1pEYsFx08=
Subject key identifier:   14:7B:BC:E3:C6:89:43:87:3B:03:AB:78:1E:30:F0:8A:3B:62:FF:94
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01927602DDCBEEC126B165C82540BAAF8A3C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/FHu848aJQ4c7A6t4HjDwijti_5Q.roa
Signing time:             Thu 10 Oct 2024 10:39:12 +0000
ROA not before:           Thu 10 Oct 2024 10:39:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        45.139.4.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:02:dd:cb:ee:c1:26:b1:65:c8:25:40:ba:af:8a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct 10 10:39:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=147bbce3c68943873b03ab781e30f08a3b62ff94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1e:c1:51:b7:98:83:4a:6a:4e:2a:fc:54:ad:
                    2f:c0:13:ab:c4:b5:67:af:51:fc:c2:26:1c:a7:de:
                    1d:8a:34:b8:7e:d3:07:a3:d5:42:68:a1:90:c2:3b:
                    76:27:49:12:b6:b1:e1:db:bb:82:40:27:41:68:b5:
                    0a:5c:c7:6a:0c:4c:ac:e3:88:94:ae:59:4f:9b:9c:
                    5f:17:15:cd:fe:32:1a:6a:81:74:36:e6:54:9f:fd:
                    0a:b2:91:87:53:23:5c:9e:d3:bc:a9:60:7b:c5:d2:
                    60:a1:ee:9d:28:44:f1:73:3b:a2:5b:c1:52:1a:89:
                    4c:ad:75:5d:ec:85:79:1d:58:ee:2a:7e:4c:e1:fe:
                    1a:fc:01:3a:54:a5:a5:42:26:01:52:e4:11:4e:d7:
                    39:c4:f7:6b:c7:21:39:20:d5:3c:ed:a4:8b:ba:84:
                    bb:db:de:93:c3:b3:e3:8f:ce:5e:89:3a:48:22:e9:
                    15:2a:47:66:9e:15:c6:6d:b3:7f:33:9e:a7:4a:53:
                    89:46:0b:db:43:98:fa:d7:58:95:c7:f3:9a:39:65:
                    86:6c:cd:c5:8c:e9:d7:6f:27:02:93:b2:de:65:32:
                    9e:e6:0b:e4:3c:9b:95:c9:49:8c:05:2f:94:81:32:
                    c0:2b:da:76:62:21:82:7e:7b:fe:90:89:5d:03:dc:
                    5f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7B:BC:E3:C6:89:43:87:3B:03:AB:78:1E:30:F0:8A:3B:62:FF:94
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/FHu848aJQ4c7A6t4HjDwijti_5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d5:0d:ca:e9:84:35:4a:ea:59:bb:5c:b1:9b:b8:34:6d:e3:85:
         bc:20:5d:d5:4f:08:c5:60:eb:b0:48:47:bc:ca:89:fb:b5:61:
         41:24:81:47:58:69:f2:f2:3c:7d:19:86:80:d3:45:e7:5c:76:
         68:5e:b0:9c:9c:cc:45:ed:fa:88:16:0e:8b:d3:76:ac:f9:8b:
         41:3b:08:fe:71:14:24:63:cf:d7:38:69:5b:a7:dc:84:ed:75:
         07:3d:c6:8f:3f:1a:c4:84:19:f1:e8:40:4a:7b:de:ba:67:0f:
         74:a9:95:80:67:e8:9e:c3:ad:10:c5:f3:02:f8:15:5a:e6:8c:
         74:90:17:95:f9:3a:ed:16:3a:99:e1:33:0a:c9:04:8f:f0:38:
         bd:74:ab:ca:84:40:ef:5a:98:57:03:98:3d:ef:c8:7b:3d:0d:
         9e:58:b0:63:52:82:88:48:0c:3d:cd:31:fa:25:07:85:9f:82:
         23:23:ab:d2:a6:9d:92:05:21:7a:ff:66:da:8a:c2:fe:a9:27:
         26:f9:ec:c6:6e:e7:41:c0:e9:ce:9f:61:4d:9e:ea:e7:d8:42:
         6f:c1:96:b3:82:08:48:36:2b:ef:83:e9:be:3b:2d:b7:fd:b1:
         b8:c5:4f:75:7e:12:3c:5b:06:93:69:b5:58:49:4c:3f:51:bd:
         c0:16:a4:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ2At3L7sEmsWXIJUC6r4o8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQxMDEwMTAzOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdiYmNlM2M2ODk0Mzg3M2IwM2FiNzgxZTMwZjA4YTNiNjJmZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux7BUbeYg0pqTir8VK0vwBOrxLVn
r1H8wiYcp94dijS4ftMHo9VCaKGQwjt2J0kStrHh27uCQCdBaLUKXMdqDEys44iU
rllPm5xfFxXN/jIaaoF0NuZUn/0KspGHUyNcntO8qWB7xdJgoe6dKETxczuiW8FS
GolMrXVd7IV5HVjuKn5M4f4a/AE6VKWlQiYBUuQRTtc5xPdrxyE5INU87aSLuoS7
296Tw7Pjj85eiTpIIukVKkdmnhXGbbN/M56nSlOJRgvbQ5j611iVx/OaOWWGbM3F
jOnXbycCk7LeZTKe5gvkPJuVyUmMBS+UgTLAK9p2YiGCfnv+kIldA9xfIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR7vOPGiUOHOwOreB4w8Io7Yv+UMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRkh1ODQ4YUpRNGM3QTZ0NEhqRHdpanRpXzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYsEMA0G
CSqGSIb3DQEBCwUAA4IBAQDVDcrphDVK6lm7XLGbuDRt44W8IF3VTwjFYOuwSEe8
yon7tWFBJIFHWGny8jx9GYaA00XnXHZoXrCcnMxF7fqIFg6L03as+YtBOwj+cRQk
Y8/XOGlbp9yE7XUHPcaPPxrEhBnx6EBKe966Zw90qZWAZ+iew60QxfMC+BVa5ox0
kBeV+TrtFjqZ4TMKyQSP8Di9dKvKhEDvWphXA5g978h7PQ2eWLBjUoKISAw9zTH6
JQeFn4IjI6vSpp2SBSF6/2baisL+qScm+ezGbudBwOnOn2FNnurn2EJvwZazgghI
Nivvg+m+Oy23/bG4xU91fhI8WwaTabVYSUw/Ub3AFqTi
-----END CERTIFICATE-----