Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/AhoyAAKJAmZ57wAZFCst5Li0B8k.roa
File:                     AhoyAAKJAmZ57wAZFCst5Li0B8k.roa (raw, json)
Hash identifier:          6HldS76ad+8W+NPVAquxuYjj87FRBgxCEboSir6/wO8=
Subject key identifier:   02:1A:32:00:02:89:02:66:79:EF:00:19:14:2B:2D:E4:B8:B4:07:C9
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       01910512354F785D75D67737FA1279B05B75
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/AhoyAAKJAmZ57wAZFCst5Li0B8k.roa
Signing time:             Tue 30 Jul 2024 19:16:04 +0000
ROA not before:           Tue 30 Jul 2024 19:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        151.145.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:05:12:35:4f:78:5d:75:d6:77:37:fa:12:79:b0:5b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jul 30 19:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=021a32000289026679ef0019142b2de4b8b407c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:83:3e:3f:df:66:87:7d:8b:d1:b1:28:32:06:
                    07:8e:7d:90:e6:ae:d5:ab:80:be:ba:91:4c:70:1d:
                    d0:30:eb:70:7e:26:b6:33:e9:38:ef:94:f1:3b:cb:
                    75:00:bb:fd:a0:64:a7:e6:8b:43:ea:dd:a5:75:b3:
                    c0:e0:6b:6e:cc:c5:eb:7a:60:fe:b9:58:6c:19:fb:
                    62:d0:94:fd:1f:df:09:f5:80:f4:48:e5:77:72:9b:
                    de:54:34:ef:18:16:c3:97:fe:99:f3:88:c7:88:4c:
                    ab:75:c6:cb:1c:6f:08:ec:60:4f:57:4c:97:33:ff:
                    75:a6:0a:9d:b4:85:22:45:88:04:bc:57:22:20:6f:
                    94:12:03:cd:f6:16:64:9a:80:96:e9:98:85:e9:4f:
                    12:9d:d9:41:cb:ab:b0:5a:8a:ad:81:44:b3:3b:2d:
                    7b:c3:65:6d:8b:9e:2d:60:21:ed:be:45:f3:b2:b0:
                    bb:68:e2:92:73:a5:d0:93:9c:7b:9b:bf:60:4e:51:
                    9a:fe:79:26:e4:37:1b:df:78:d2:7f:fc:00:95:bf:
                    ef:3a:1b:e0:72:d3:61:b2:0d:4b:a7:8a:fe:bb:b1:
                    c7:0b:9f:51:6e:78:ac:fe:6e:b6:31:cf:e2:0a:ba:
                    c6:47:83:86:02:56:36:1a:cd:e3:eb:6c:f8:6c:44:
                    61:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1A:32:00:02:89:02:66:79:EF:00:19:14:2B:2D:E4:B8:B4:07:C9
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/AhoyAAKJAmZ57wAZFCst5Li0B8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.145.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         73:40:50:52:09:0f:56:51:a8:a6:f9:d3:a3:44:07:e8:6c:f5:
         d2:54:c8:67:87:ac:98:42:bc:84:da:dc:dc:72:66:6f:30:9d:
         5c:6f:5d:98:4b:9c:53:b8:20:47:6c:2d:fd:31:a4:2d:55:7c:
         e4:37:b1:29:32:13:76:9e:2a:15:75:51:f4:d4:39:9d:4e:0f:
         7a:75:31:8e:74:8b:4e:be:90:3a:0e:14:85:79:a4:78:8b:33:
         99:e8:34:8d:22:ef:9b:ab:91:44:50:87:c9:68:5c:49:ea:8c:
         ed:15:68:d1:42:58:62:f8:c6:22:26:bb:68:7a:93:7c:cc:c0:
         8f:64:34:6f:21:44:74:a0:4a:6f:d5:96:ac:e7:d0:7f:13:cc:
         29:44:0f:cf:23:27:fe:08:bd:ce:0f:0e:39:00:f4:e8:36:f4:
         b3:b7:09:90:24:a5:19:75:b2:95:fd:a7:58:f7:18:b6:d6:5f:
         1f:33:43:d4:44:dc:35:70:97:0f:2a:0a:e9:b9:31:c1:32:ac:
         66:9c:ee:c1:50:b8:09:f9:ca:5d:67:79:ff:82:45:71:74:0c:
         3e:6c:fa:50:20:f2:f1:ae:25:4d:4e:a3:50:49:cf:5d:36:7e:
         3a:d3:2c:7d:9a:9c:ca:cd:39:48:03:c7:40:ef:63:6f:4e:ac:
         e9:98:76:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEFEjVPeF111nc3+hJ5sFt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjQwNzMwMTkxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjFhMzIwMDAyODkwMjY2NzllZjAwMTkxNDJiMmRlNGI4YjQwN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84M+P99mh32L0bEoMgYHjn2Q5q7V
q4C+upFMcB3QMOtwfia2M+k475TxO8t1ALv9oGSn5otD6t2ldbPA4GtuzMXremD+
uVhsGfti0JT9H98J9YD0SOV3cpveVDTvGBbDl/6Z84jHiEyrdcbLHG8I7GBPV0yX
M/91pgqdtIUiRYgEvFciIG+UEgPN9hZkmoCW6ZiF6U8SndlBy6uwWoqtgUSzOy17
w2Vti54tYCHtvkXzsrC7aOKSc6XQk5x7m79gTlGa/nkm5Dcb33jSf/wAlb/vOhvg
ctNhsg1Lp4r+u7HHC59Rbnis/m62Mc/iCrrGR4OGAlY2Gs3j62z4bERhzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIaMgACiQJmee8AGRQrLeS4tAfJMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvQWhveUFBS0pBbVo1N3dBWkZDc3Q1TGkwQjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFl5GgMA0G
CSqGSIb3DQEBCwUAA4IBAQBzQFBSCQ9WUaim+dOjRAfobPXSVMhnh6yYQryE2tzc
cmZvMJ1cb12YS5xTuCBHbC39MaQtVXzkN7EpMhN2nioVdVH01DmdTg96dTGOdItO
vpA6DhSFeaR4izOZ6DSNIu+bq5FEUIfJaFxJ6oztFWjRQlhi+MYiJrtoepN8zMCP
ZDRvIUR0oEpv1Zas59B/E8wpRA/PIyf+CL3ODw45APToNvSztwmQJKUZdbKV/adY
9xi21l8fM0PURNw1cJcPKgrpuTHBMqxmnO7BULgJ+cpdZ3n/gkVxdAw+bPpQIPLx
riVNTqNQSc9dNn460yx9mpzKzTlIA8dA72NvTqzpmHZC
-----END CERTIFICATE-----