Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/kp5suYHRdxUnKzt1cufKwuZHniE.roa
File:                     kp5suYHRdxUnKzt1cufKwuZHniE.roa (raw, json)
Hash identifier:          hmNusV3Z3flLGPBNuZqWkzRio3vms651Ek5E82P54aQ=
Subject key identifier:   92:9E:6C:B9:81:D1:77:15:27:2B:3B:75:72:E7:CA:C2:E6:47:9E:21
Certificate issuer:       /CN=bc63a36d5c80651a89a76906c9e3402fb34568da
Certificate serial:       01917945CA39F1FEF47D92D6594C2365E4A9
Authority key identifier: BC:63:A3:6D:5C:80:65:1A:89:A7:69:06:C9:E3:40:2F:B3:45:68:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGOjbVyAZRqJp2kGyeNAL7NFaNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/kp5suYHRdxUnKzt1cufKwuZHniE.roa
Signing time:             Thu 22 Aug 2024 08:48:22 +0000
ROA not before:           Thu 22 Aug 2024 08:48:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12874
IP address blocks:        185.145.102.0/24 maxlen: 24
                          185.145.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/vGOjbVyAZRqJp2kGyeNAL7NFaNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/vGOjbVyAZRqJp2kGyeNAL7NFaNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGOjbVyAZRqJp2kGyeNAL7NFaNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:79:45:ca:39:f1:fe:f4:7d:92:d6:59:4c:23:65:e4:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc63a36d5c80651a89a76906c9e3402fb34568da
        Validity
            Not Before: Aug 22 08:48:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=929e6cb981d17715272b3b7572e7cac2e6479e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:31:22:b5:87:3d:aa:a9:48:02:f9:d9:a8:c4:
                    3d:c4:5c:98:0b:f9:e0:3e:5f:c7:21:c4:5f:fb:9b:
                    fe:62:42:20:50:dc:fb:75:d7:4f:d2:8c:b5:91:12:
                    1d:8d:9a:71:f2:87:f5:cb:5e:2c:94:5a:a8:86:80:
                    7a:05:01:8a:fd:4d:ec:39:e1:77:ab:d0:c2:52:fc:
                    0d:8f:69:b3:07:fd:6f:bf:63:16:d2:44:96:ad:60:
                    7a:24:3a:59:bb:9a:d3:f3:f0:b0:87:00:60:10:6f:
                    f7:41:f7:b8:ea:0b:74:40:54:1d:2c:65:c3:f1:6f:
                    0a:3d:5c:d3:e8:9c:f2:e5:cd:7b:29:70:e6:dd:3d:
                    d3:cf:72:41:96:45:ac:24:6b:14:d3:e2:c3:ab:81:
                    d9:7e:3b:32:74:f1:3f:a8:94:db:ea:71:73:38:4a:
                    fb:d2:14:68:4a:77:df:bd:79:1c:63:e1:0b:4f:15:
                    fc:1d:d0:87:92:a5:e6:7a:c7:b0:49:a2:be:c7:39:
                    69:ad:b8:14:63:e4:73:6a:be:60:c2:e9:29:8a:cf:
                    24:19:cf:36:74:1b:6d:57:46:0c:12:d6:fb:94:2c:
                    a2:b1:24:99:7f:e6:ce:a0:1c:cf:0a:ac:47:96:dc:
                    9a:71:9f:cd:68:f1:bf:e7:7b:c0:65:7a:ce:64:29:
                    82:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:9E:6C:B9:81:D1:77:15:27:2B:3B:75:72:E7:CA:C2:E6:47:9E:21
            X509v3 Authority Key Identifier:
                keyid:BC:63:A3:6D:5C:80:65:1A:89:A7:69:06:C9:E3:40:2F:B3:45:68:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGOjbVyAZRqJp2kGyeNAL7NFaNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/kp5suYHRdxUnKzt1cufKwuZHniE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/vGOjbVyAZRqJp2kGyeNAL7NFaNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:0a:ce:61:8e:0b:e5:47:12:9b:fc:f8:e0:3c:d2:3d:ce:1d:
         be:a2:05:0a:e5:c1:bf:fa:14:01:08:70:ec:0d:24:81:74:67:
         78:8a:e9:2a:e0:4e:a4:13:83:b2:c1:16:56:65:26:c0:c1:c1:
         15:63:91:66:a7:5e:04:a4:c2:4e:fd:4e:9d:65:2c:54:3d:5e:
         42:22:b3:25:8e:a6:10:65:79:ca:89:92:50:7c:35:0a:74:92:
         63:a0:f2:9f:d2:5c:4b:49:53:64:95:32:ae:fb:b1:ae:b9:8b:
         4c:53:4b:a5:0e:16:03:3e:f2:90:3f:dc:34:60:e9:6f:17:40:
         ce:16:7b:4f:3b:f4:33:58:f9:f1:f0:44:8a:20:ac:7e:4b:72:
         e0:40:8f:d7:60:e2:36:66:0e:60:05:87:77:7e:6f:b1:94:f5:
         ba:de:b9:5d:ec:ab:38:25:ac:7f:ce:c8:70:ad:34:35:c2:fd:
         63:6d:9b:ee:ff:a8:4d:30:9a:cd:45:72:b8:44:f8:d0:43:5b:
         e2:b7:58:27:ce:8b:62:7c:4a:54:0a:8b:5f:83:b5:d7:6d:a1:
         f7:03:d9:ce:b5:66:01:4f:53:d2:d4:d8:a0:3c:03:44:88:f8:
         75:6c:5b:82:b7:d9:0b:f3:0f:a0:3a:b7:01:2c:44:cb:18:33:
         9e:f2:91:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF5Rco58f70fZLWWUwjZeSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjNhMzZkNWM4MDY1MWE4OWE3NjkwNmM5ZTM0MDJmYjM0
NTY4ZGEwHhcNMjQwODIyMDg0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjllNmNiOTgxZDE3NzE1MjcyYjNiNzU3MmU3Y2FjMmU2NDc5ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDEitYc9qqlIAvnZqMQ9xFyYC/ng
Pl/HIcRf+5v+YkIgUNz7dddP0oy1kRIdjZpx8of1y14slFqohoB6BQGK/U3sOeF3
q9DCUvwNj2mzB/1vv2MW0kSWrWB6JDpZu5rT8/CwhwBgEG/3Qfe46gt0QFQdLGXD
8W8KPVzT6Jzy5c17KXDm3T3Tz3JBlkWsJGsU0+LDq4HZfjsydPE/qJTb6nFzOEr7
0hRoSnffvXkcY+ELTxX8HdCHkqXmesewSaK+xzlprbgUY+Rzar5gwukpis8kGc82
dBttV0YMEtb7lCyisSSZf+bOoBzPCqxHltyacZ/NaPG/53vAZXrOZCmCOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKebLmB0XcVJys7dXLnysLmR54hMB8GA1UdIwQY
MBaAFLxjo21cgGUaiadpBsnjQC+zRWjaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdPamJWeUFaUnFKcDJrR3llTkFMN05GYU5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jM2FiNjktNzE2Mi00MjIyLWFhMjAt
NGUzYjIwZWMxNmEzLzEva3A1c3VZSFJkeFVuS3p0MWN1Zkt3dVpIbmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jM2FiNjktNzE2Mi00MjIyLWFhMjAtNGUzYjIwZWMxNmEz
LzEvdkdPamJWeUFaUnFKcDJrR3llTkFMN05GYU5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZFmMA0G
CSqGSIb3DQEBCwUAA4IBAQB8Cs5hjgvlRxKb/PjgPNI9zh2+ogUK5cG/+hQBCHDs
DSSBdGd4iukq4E6kE4OywRZWZSbAwcEVY5Fmp14EpMJO/U6dZSxUPV5CIrMljqYQ
ZXnKiZJQfDUKdJJjoPKf0lxLSVNklTKu+7GuuYtMU0ulDhYDPvKQP9w0YOlvF0DO
FntPO/QzWPnx8ESKIKx+S3LgQI/XYOI2Zg5gBYd3fm+xlPW63rld7Ks4Jax/zshw
rTQ1wv1jbZvu/6hNMJrNRXK4RPjQQ1vit1gnzotifEpUCotfg7XXbaH3A9nOtWYB
T1PS1NigPANEiPh1bFuCt9kL8w+gOrcBLETLGDOe8pG0
-----END CERTIFICATE-----