Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ppSA-FcV9YYVOAwV9IRZNjmNaP8.roa
File:                     ppSA-FcV9YYVOAwV9IRZNjmNaP8.roa (raw, json)
Hash identifier:          lJyItbL4Ylb+P6nuDVlo9G3yCVmFVVQLaJ8mGKaRutk=
Subject key identifier:   A6:94:80:F8:57:15:F5:86:15:38:0C:15:F4:84:59:36:39:8D:68:FF
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018FCD313EF421B53B6672C40EBC47194FED
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ppSA-FcV9YYVOAwV9IRZNjmNaP8.roa
Signing time:             Fri 31 May 2024 05:48:27 +0000
ROA not before:           Fri 31 May 2024 05:48:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.145.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cd:31:3e:f4:21:b5:3b:66:72:c4:0e:bc:47:19:4f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: May 31 05:48:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a69480f85715f58615380c15f4845936398d68ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ce:2e:45:62:a0:c6:5e:83:74:51:df:61:68:
                    82:f0:e3:c4:d1:cb:93:75:ab:dc:fa:62:10:93:91:
                    ce:18:d3:7f:10:6a:0e:de:5e:07:9f:46:4f:27:59:
                    9e:5f:8b:80:d9:26:6e:3c:09:58:e9:77:3b:51:42:
                    ed:82:33:b8:8e:24:47:53:22:e7:de:65:20:b6:ae:
                    9a:61:62:f9:5d:ad:47:3c:db:41:db:89:29:28:30:
                    91:06:93:52:8e:75:c2:2b:cf:52:14:c7:4e:02:51:
                    83:e4:5d:2e:36:27:cd:84:52:89:86:47:bd:9a:ce:
                    26:60:95:48:ba:1e:14:ac:5f:78:54:a6:9f:ab:3e:
                    64:9c:38:94:88:a5:a2:4c:cd:40:f0:33:13:4a:a8:
                    92:9d:1c:1c:70:bc:93:9c:2a:53:52:a2:7f:cb:5c:
                    83:d0:18:32:fd:0c:3e:3b:11:96:67:04:da:61:b2:
                    af:0a:d8:53:3a:2d:39:ab:45:76:24:b7:4f:91:94:
                    43:ed:69:cb:a6:ce:d9:64:d5:21:69:30:a1:38:68:
                    de:4d:aa:6a:18:92:26:10:b4:50:c6:a4:e6:04:e9:
                    ac:47:a7:02:08:fa:3f:21:bc:60:63:85:09:c1:2d:
                    7d:12:2c:db:90:aa:27:41:82:58:6d:f5:b0:19:89:
                    b4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:94:80:F8:57:15:F5:86:15:38:0C:15:F4:84:59:36:39:8D:68:FF
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ppSA-FcV9YYVOAwV9IRZNjmNaP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:fe:f7:2f:dc:7a:8e:c5:30:da:03:6a:2c:dd:d1:73:83:1e:
         bd:2f:1b:4f:11:37:a7:4b:07:2d:67:f8:28:ee:d0:60:c8:a2:
         c4:69:58:91:9c:08:88:13:00:e7:04:62:64:6f:2f:36:03:83:
         d1:04:a4:9e:dd:37:a9:14:1d:e0:76:15:40:17:56:61:bc:bd:
         78:d3:6f:df:d1:d7:87:3e:b8:a2:6d:30:ed:84:98:04:a3:0f:
         a2:2f:22:a9:09:ef:f6:90:76:96:4f:4e:9b:ac:7c:27:24:0d:
         92:d7:16:6b:cc:6f:0c:d7:40:0f:31:34:05:38:42:f2:e2:d9:
         26:f3:c0:a9:87:e1:67:a0:8f:f6:ee:5c:50:9b:60:15:60:15:
         ec:dc:15:92:f6:0c:d3:e8:53:66:f4:30:4f:ce:5c:03:e9:e7:
         2d:bf:68:97:0f:38:6a:b1:5e:1e:d8:e0:1c:88:a6:e8:3c:aa:
         a1:13:02:1f:86:e5:e4:da:6e:7d:8f:cf:4a:1b:61:44:47:63:
         7e:48:82:62:94:6b:9b:3f:d6:0b:5f:ce:38:e0:3f:58:e7:81:
         d5:8a:87:16:5f:71:a8:03:3f:62:c0:11:38:c4:95:5a:a9:f5:
         96:fd:dd:d9:84:42:53:4d:3f:18:5e:70:b8:79:d1:ee:a8:74:
         4d:7a:3a:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/NMT70IbU7ZnLEDrxHGU/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwNTMxMDU0ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk0ODBmODU3MTVmNTg2MTUzODBjMTVmNDg0NTkzNjM5OGQ2OGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps4uRWKgxl6DdFHfYWiC8OPE0cuT
davc+mIQk5HOGNN/EGoO3l4Hn0ZPJ1meX4uA2SZuPAlY6Xc7UULtgjO4jiRHUyLn
3mUgtq6aYWL5Xa1HPNtB24kpKDCRBpNSjnXCK89SFMdOAlGD5F0uNifNhFKJhke9
ms4mYJVIuh4UrF94VKafqz5knDiUiKWiTM1A8DMTSqiSnRwccLyTnCpTUqJ/y1yD
0Bgy/Qw+OxGWZwTaYbKvCthTOi05q0V2JLdPkZRD7WnLps7ZZNUhaTChOGjeTapq
GJImELRQxqTmBOmsR6cCCPo/IbxgY4UJwS19EizbkKonQYJYbfWwGYm00wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaUgPhXFfWGFTgMFfSEWTY5jWj/MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvcHBTQS1GY1Y5WVlWT0F3VjlJUlpOam1OYVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQAB/vcv3HqOxTDaA2os3dFzgx69LxtPETenSwctZ/go
7tBgyKLEaViRnAiIEwDnBGJkby82A4PRBKSe3TepFB3gdhVAF1ZhvL1402/f0deH
PriibTDthJgEow+iLyKpCe/2kHaWT06brHwnJA2S1xZrzG8M10APMTQFOELy4tkm
88Cph+FnoI/27lxQm2AVYBXs3BWS9gzT6FNm9DBPzlwD6ectv2iXDzhqsV4e2OAc
iKboPKqhEwIfhuXk2m59j89KG2FER2N+SIJilGubP9YLX8444D9Y54HViocWX3Go
Az9iwBE4xJVaqfWW/d3ZhEJTTT8YXnC4edHuqHRNejos
-----END CERTIFICATE-----