Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/TyZTYxAEJNHHkGRjgj7NowaJNJA.roa
File:                     TyZTYxAEJNHHkGRjgj7NowaJNJA.roa (raw, json)
Hash identifier:          qtI8RkVXdPdkkq19hPGcpFbutELsCTVT6eg6R46kSVQ=
Subject key identifier:   4F:26:53:63:10:04:24:D1:C7:90:64:63:82:3E:CD:A3:06:89:34:90
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DE21F8A9504D392B9F4F04E53940
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/TyZTYxAEJNHHkGRjgj7NowaJNJA.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139659
IP address blocks:        45.11.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:de:21:f8:a9:50:4d:39:2b:9f:4f:04:e5:39:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f265363100424d1c7906463823ecda306893490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:3e:44:65:36:d6:48:bc:ab:91:e7:4c:c6:
                    bb:ed:48:94:2f:b0:3a:8c:48:b9:c5:a5:66:c0:3e:
                    9f:1a:a8:eb:96:33:0f:47:52:a3:50:9e:bf:06:c5:
                    84:84:b5:ed:37:d2:df:2c:f6:3b:ce:1c:17:e9:e7:
                    8f:a4:ec:cc:5f:7f:2d:f8:90:c7:11:ae:c9:06:d2:
                    06:41:af:58:b9:33:11:f3:f2:a6:39:15:1e:60:ca:
                    1c:6a:4f:5d:bc:18:60:3b:eb:42:14:95:c9:70:a0:
                    45:aa:20:27:c8:c8:4b:c7:7d:8d:11:37:f3:bd:b4:
                    c9:07:ba:ac:7f:e0:bc:44:c1:79:34:05:b1:18:40:
                    0b:2c:8f:29:70:0b:09:2a:5a:c3:7d:60:9d:1c:34:
                    46:19:a7:8d:f4:04:7e:0d:9a:a9:ef:24:15:6c:ce:
                    9e:15:3e:3d:69:0f:bb:af:89:40:45:60:7d:df:a9:
                    83:15:d7:32:3c:93:54:34:b8:b6:c7:77:dd:20:c1:
                    f5:f2:5f:f0:49:91:f5:32:1e:ce:12:82:ae:18:87:
                    fe:bb:92:1a:1c:bf:85:72:74:62:f2:2e:83:5b:f7:
                    7d:99:5a:7e:4f:5f:84:72:fb:b3:3d:1f:28:54:dd:
                    65:05:30:16:33:ca:3b:5f:f2:5a:27:ee:48:92:24:
                    66:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:26:53:63:10:04:24:D1:C7:90:64:63:82:3E:CD:A3:06:89:34:90
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/TyZTYxAEJNHHkGRjgj7NowaJNJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ce:a4:d5:e9:b0:15:0f:8d:99:bd:e2:05:44:4e:19:43:dc:
         09:20:08:90:cd:bb:35:ce:a6:5a:f8:af:3d:5a:d7:b4:c3:a6:
         85:03:ae:d6:e3:6b:5f:7f:11:cd:a5:8b:43:44:f4:4b:6e:43:
         68:3f:a2:3c:fa:0b:a9:50:c4:ff:ed:c4:a2:7a:1c:3d:30:01:
         13:cf:e1:e9:d7:0c:36:47:26:7f:6f:3c:5d:82:84:91:ba:c0:
         1f:06:c1:d5:8c:e1:93:ff:dd:92:fe:23:58:cf:3b:c5:11:62:
         9b:a7:64:08:c7:2f:0a:7b:57:b9:69:d6:ee:70:86:db:bd:01:
         e5:0b:84:4c:89:7b:ca:46:37:f9:ae:9b:78:53:a8:fb:24:d3:
         e2:86:ad:e4:e6:d2:ff:a4:9d:e0:69:2d:e9:d0:a6:f1:6a:2c:
         61:68:22:59:6d:8e:40:17:0b:e8:ff:4e:8d:78:48:e4:a1:ac:
         11:e6:a8:30:9e:c3:37:5f:70:57:01:6a:09:e6:fa:f9:73:7d:
         b7:0f:f7:67:27:8d:78:33:34:58:88:bc:74:f4:d9:6b:c9:3b:
         96:ce:71:11:51:c4:82:92:2a:00:e7:2c:38:25:4e:47:4b:8d:
         9f:8b:0f:dc:ec:13:2b:60:41:9b:b4:64:c3:46:1d:28:51:f4:
         27:a4:44:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd4h+KlQTTkrn08E5TlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjI2NTM2MzEwMDQyNGQxYzc5MDY0NjM4MjNlY2RhMzA2ODkzNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/E+RGU21ki8q5HnTMa77UiUL7A6
jEi5xaVmwD6fGqjrljMPR1KjUJ6/BsWEhLXtN9LfLPY7zhwX6eePpOzMX38t+JDH
Ea7JBtIGQa9YuTMR8/KmORUeYMocak9dvBhgO+tCFJXJcKBFqiAnyMhLx32NETfz
vbTJB7qsf+C8RMF5NAWxGEALLI8pcAsJKlrDfWCdHDRGGaeN9AR+DZqp7yQVbM6e
FT49aQ+7r4lARWB936mDFdcyPJNUNLi2x3fdIMH18l/wSZH1Mh7OEoKuGIf+u5Ia
HL+FcnRi8i6DW/d9mVp+T1+EcvuzPR8oVN1lBTAWM8o7X/JaJ+5IkiRm/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8mU2MQBCTRx5BkY4I+zaMGiTSQMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvVHlaVFl4QUVKTkhIa0dSamdqN05vd2FKTkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQsuMA0G
CSqGSIb3DQEBCwUAA4IBAQBmzqTV6bAVD42ZveIFRE4ZQ9wJIAiQzbs1zqZa+K89
Wte0w6aFA67W42tffxHNpYtDRPRLbkNoP6I8+gupUMT/7cSiehw9MAETz+Hp1ww2
RyZ/bzxdgoSRusAfBsHVjOGT/92S/iNYzzvFEWKbp2QIxy8Ke1e5adbucIbbvQHl
C4RMiXvKRjf5rpt4U6j7JNPihq3k5tL/pJ3gaS3p0KbxaixhaCJZbY5AFwvo/06N
eEjkoawR5qgwnsM3X3BXAWoJ5vr5c323D/dnJ414MzRYiLx09NlryTuWznERUcSC
kioA5yw4JU5HS42fiw/c7BMrYEGbtGTDRh0oUfQnpEQm
-----END CERTIFICATE-----