Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/vK7quuDSBYcDW04PnbcKHxV1OY4.roa
File:                     vK7quuDSBYcDW04PnbcKHxV1OY4.roa (raw, json)
Hash identifier:          ybnD7c/Zfplg7YrZZdyScbvHowbc7bkVeq2zBDuE2CM=
Subject key identifier:   BC:AE:EA:BA:E0:D2:05:87:03:5B:4E:0F:9D:B7:0A:1F:15:75:39:8E
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DBC2611FC367B10B671275A6BCFA
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/vK7quuDSBYcDW04PnbcKHxV1OY4.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57848
IP address blocks:        45.131.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:db:c2:61:1f:c3:67:b1:0b:67:12:75:a6:bc:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcaeeabae0d20587035b4e0f9db70a1f1575398e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0f:75:8b:a3:b3:b8:87:25:df:36:12:fa:fd:
                    57:0f:e7:86:30:c5:58:b9:f0:5e:ae:47:f2:2c:3f:
                    27:e2:e9:f3:a6:20:3c:ea:12:09:45:e6:d5:88:25:
                    46:f1:74:c4:e8:2f:cb:da:13:6c:8a:89:29:ec:96:
                    37:98:3a:36:b9:f0:ca:b1:ed:c0:83:ac:b0:f9:b6:
                    54:fe:2c:4a:62:d3:c2:90:47:13:b5:80:a9:f3:f8:
                    ac:a3:0e:b3:f2:f5:69:79:56:f2:9a:78:93:b0:4e:
                    87:8a:2e:2e:7a:19:e1:55:f8:39:ac:5c:af:4a:de:
                    a8:f8:87:d3:41:a3:9c:1a:e0:a9:81:9f:a5:28:50:
                    92:97:e2:f2:bf:82:65:82:ca:18:8a:be:61:42:83:
                    26:c3:c8:70:84:78:22:48:64:77:31:30:cc:f3:4e:
                    69:09:23:16:a4:0e:ba:b5:e7:c2:fb:71:a9:4f:80:
                    97:dc:da:74:38:d9:65:19:45:ea:4b:a2:20:54:b4:
                    ee:e2:dd:eb:a8:94:07:a6:e5:3f:49:67:02:37:a6:
                    dc:c0:3c:e8:a1:01:d4:5e:c4:fb:e6:5e:73:b8:2f:
                    63:d0:d4:8f:64:bc:12:10:ea:42:43:68:6b:03:3c:
                    ea:73:f8:dd:a9:6f:26:10:62:63:a7:cc:54:48:8c:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AE:EA:BA:E0:D2:05:87:03:5B:4E:0F:9D:B7:0A:1F:15:75:39:8E
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/vK7quuDSBYcDW04PnbcKHxV1OY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:de:9e:80:74:9d:53:4f:29:30:f2:9b:58:97:28:67:20:78:
         e0:6a:e3:8e:f7:35:a3:b8:e1:bb:f5:a4:84:2f:af:7a:28:10:
         9a:fc:b1:3d:d7:86:0a:70:0f:f0:c5:dc:01:df:a6:52:c1:4f:
         a4:ef:21:11:21:f0:71:e1:04:69:89:13:19:85:33:a2:cf:18:
         eb:6a:36:e4:82:37:bf:24:92:f0:e2:3c:a8:60:03:c5:0b:b0:
         f4:0c:61:0e:fa:42:74:32:87:58:32:4a:45:96:4e:4b:12:c1:
         58:86:eb:42:73:b2:48:43:ea:5d:f4:c5:92:d6:a7:48:bf:b0:
         cf:f6:0f:f5:a1:83:36:8c:25:d5:92:16:99:36:d0:1b:43:d3:
         2e:38:9f:10:e1:e0:1f:b9:ff:28:10:7c:94:c7:c6:90:c7:f1:
         2c:ac:09:c7:cb:8e:6a:3f:a3:56:ad:7d:c8:af:2f:a8:16:b3:
         53:c6:4b:13:7c:fc:ba:8a:21:7e:a8:6e:56:01:ed:7c:69:40:
         99:52:c3:0f:99:7f:cf:d4:55:3a:c9:aa:d5:4c:d0:7c:12:6e:
         34:76:f8:7e:f0:bb:15:61:c7:bc:a1:8e:2d:f5:49:88:5b:51:
         62:bf:d5:19:72:82:ef:57:4a:55:72:02:5b:61:8c:86:a5:0e:
         dd:68:36:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdvCYR/DZ7ELZxJ1prz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2FlZWFiYWUwZDIwNTg3MDM1YjRlMGY5ZGI3MGExZjE1NzUzOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog91i6OzuIcl3zYS+v1XD+eGMMVY
ufBerkfyLD8n4unzpiA86hIJRebViCVG8XTE6C/L2hNsiokp7JY3mDo2ufDKse3A
g6yw+bZU/ixKYtPCkEcTtYCp8/isow6z8vVpeVbymniTsE6Hii4uehnhVfg5rFyv
St6o+IfTQaOcGuCpgZ+lKFCSl+Lyv4JlgsoYir5hQoMmw8hwhHgiSGR3MTDM805p
CSMWpA66tefC+3GpT4CX3Np0ONllGUXqS6IgVLTu4t3rqJQHpuU/SWcCN6bcwDzo
oQHUXsT75l5zuC9j0NSPZLwSEOpCQ2hrAzzqc/jdqW8mEGJjp8xUSIwWjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyu6rrg0gWHA1tOD523Ch8VdTmOMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvdks3cXV1RFNCWWNEVzA0UG5iY0tIeFYxT1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYOYMA0G
CSqGSIb3DQEBCwUAA4IBAQA23p6AdJ1TTykw8ptYlyhnIHjgauOO9zWjuOG79aSE
L696KBCa/LE914YKcA/wxdwB36ZSwU+k7yERIfBx4QRpiRMZhTOizxjrajbkgje/
JJLw4jyoYAPFC7D0DGEO+kJ0ModYMkpFlk5LEsFYhutCc7JIQ+pd9MWS1qdIv7DP
9g/1oYM2jCXVkhaZNtAbQ9MuOJ8Q4eAfuf8oEHyUx8aQx/EsrAnHy45qP6NWrX3I
ry+oFrNTxksTfPy6iiF+qG5WAe18aUCZUsMPmX/P1FU6yarVTNB8Em40dvh+8LsV
Yce8oY4t9UmIW1Fiv9UZcoLvV0pVcgJbYYyGpQ7daDa6
-----END CERTIFICATE-----