Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/SXEa-6VpeYyfuThTEJUo2Jo9A6g.roa
File:                     SXEa-6VpeYyfuThTEJUo2Jo9A6g.roa (raw, json)
Hash identifier:          rTRQtqPlzss4Q6N3Qsdn2JphK5gyq3htb5aMmaRR7kc=
Subject key identifier:   49:71:1A:FB:A5:69:79:8C:9F:B9:38:53:10:95:28:D8:9A:3D:03:A8
Certificate issuer:       /CN=e91ef22adaa16d53dcf637c569f4131f26215b91
Certificate serial:       01923455C404E372BFEA95D20F68E2FBCFCC
Authority key identifier: E9:1E:F2:2A:DA:A1:6D:53:DC:F6:37:C5:69:F4:13:1F:26:21:5B:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6R7yKtqhbVPc9jfFafQTHyYhW5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/SXEa-6VpeYyfuThTEJUo2Jo9A6g.roa
Signing time:             Fri 27 Sep 2024 16:34:48 +0000
ROA not before:           Fri 27 Sep 2024 16:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61424
IP address blocks:        45.129.141.0/24 maxlen: 24
                          2a09:31c0:beef::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/6R7yKtqhbVPc9jfFafQTHyYhW5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/6R7yKtqhbVPc9jfFafQTHyYhW5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6R7yKtqhbVPc9jfFafQTHyYhW5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:34:55:c4:04:e3:72:bf:ea:95:d2:0f:68:e2:fb:cf:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e91ef22adaa16d53dcf637c569f4131f26215b91
        Validity
            Not Before: Sep 27 16:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49711afba569798c9fb93853109528d89a3d03a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:66:9f:2d:57:3d:e6:f2:ae:5d:7b:ad:d1:1e:
                    a8:6b:e4:18:41:e2:22:cb:d4:47:eb:3c:75:18:50:
                    31:b0:6a:79:30:24:28:b5:bc:60:ca:b6:44:a6:7d:
                    8a:44:40:ca:2e:1d:20:26:e2:85:88:07:c2:82:50:
                    ef:1b:c3:aa:6e:b7:c0:77:6b:84:fd:3c:10:d8:c1:
                    a0:a5:90:18:3b:f3:0b:dd:2b:f4:44:f3:38:5a:1a:
                    e0:d6:74:0a:e4:5e:f7:c9:aa:df:91:f6:34:b9:6b:
                    38:5c:1b:70:43:13:e6:73:e5:91:54:d5:4c:97:07:
                    4b:c4:8d:8c:8a:70:7c:37:24:57:54:21:db:56:11:
                    8a:2b:57:f8:05:ee:5f:e3:85:8a:83:df:05:f6:58:
                    0e:20:43:59:6f:87:b9:ad:8d:f8:49:1f:94:79:61:
                    29:31:70:56:50:9d:67:9f:2e:63:1f:e3:6f:2b:99:
                    f2:98:10:0c:8b:2a:00:0c:67:eb:a0:19:33:c8:e6:
                    01:67:7c:c3:d4:91:68:43:bd:55:80:95:e4:bc:10:
                    6a:0c:97:2a:4f:52:0c:00:ea:62:32:b6:95:98:82:
                    22:f9:53:51:a2:e9:ac:3a:db:22:d2:c6:e1:b9:40:
                    e4:82:a4:b6:56:b2:94:48:6c:da:56:dc:d5:78:5f:
                    bb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:71:1A:FB:A5:69:79:8C:9F:B9:38:53:10:95:28:D8:9A:3D:03:A8
            X509v3 Authority Key Identifier:
                keyid:E9:1E:F2:2A:DA:A1:6D:53:DC:F6:37:C5:69:F4:13:1F:26:21:5B:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6R7yKtqhbVPc9jfFafQTHyYhW5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/SXEa-6VpeYyfuThTEJUo2Jo9A6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/6R7yKtqhbVPc9jfFafQTHyYhW5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.141.0/24
                IPv6:
                  2a09:31c0:beef::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:c2:63:71:a3:88:b3:8c:0f:9c:84:46:a9:50:a6:2f:00:04:
         69:39:50:0a:3f:d3:0b:58:a9:49:07:62:2b:ac:74:66:0d:f7:
         d3:99:b2:69:d4:30:21:4f:a5:e4:9d:2a:fb:7c:7d:a8:a2:28:
         77:16:28:ec:d6:80:67:28:a8:7f:ed:a4:e7:9e:41:ff:28:5b:
         b4:1d:22:49:78:5a:79:84:39:7e:2b:7a:07:e0:ed:16:4e:a7:
         c1:fc:f6:fd:27:3d:7b:95:7a:da:4f:90:65:f3:0b:64:e3:48:
         34:ad:96:e0:21:b7:1f:83:fb:bf:13:fa:93:f9:37:c6:7d:28:
         cd:cc:be:e5:74:1a:6f:2d:a0:04:cb:e0:62:1b:4c:01:e4:89:
         49:94:f2:98:7e:c8:80:d3:cc:16:84:f8:33:fb:81:ca:cf:29:
         a5:a1:14:79:de:05:50:fb:89:88:68:a9:c3:86:d7:00:f6:41:
         ae:79:ee:f2:2b:db:e6:fa:e9:1a:cb:02:59:66:08:fd:01:24:
         dd:28:bd:03:d7:c8:bb:72:1b:f0:8d:1d:5b:49:91:7e:72:4f:
         fc:33:33:cb:f1:70:75:8a:fa:f4:2c:f6:73:93:37:c0:d8:44:
         6e:b4:90:92:41:d6:57:99:c0:ce:a6:75:1b:1a:cf:e1:8e:bc:
         f9:0c:10:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZI0VcQE43K/6pXSD2ji+8/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MWVmMjJhZGFhMTZkNTNkY2Y2MzdjNTY5ZjQxMzFmMjYy
MTViOTEwHhcNMjQwOTI3MTYzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTcxMWFmYmE1Njk3OThjOWZiOTM4NTMxMDk1MjhkODlhM2QwM2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmafLVc95vKuXXut0R6oa+QYQeIi
y9RH6zx1GFAxsGp5MCQotbxgyrZEpn2KREDKLh0gJuKFiAfCglDvG8OqbrfAd2uE
/TwQ2MGgpZAYO/ML3Sv0RPM4Whrg1nQK5F73yarfkfY0uWs4XBtwQxPmc+WRVNVM
lwdLxI2MinB8NyRXVCHbVhGKK1f4Be5f44WKg98F9lgOIENZb4e5rY34SR+UeWEp
MXBWUJ1nny5jH+NvK5nymBAMiyoADGfroBkzyOYBZ3zD1JFoQ71VgJXkvBBqDJcq
T1IMAOpiMraVmIIi+VNRoumsOtsi0sbhuUDkgqS2VrKUSGzaVtzVeF+7XQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFElxGvulaXmMn7k4UxCVKNiaPQOoMB8GA1UdIwQY
MBaAFOke8iraoW1T3PY3xWn0Ex8mIVuRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlI3eUt0cWhiVlBjOWpmRmFmUVRIeVloVzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8xMTEzODUtMmViNi00YzZhLWI5YzQt
MzRhZTg5MWE3MmNmLzEvU1hFYS02VnBlWXlmdVRoVEVKVW8ySm85QTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8xMTEzODUtMmViNi00YzZhLWI5YzQtMzRhZTg5MWE3MmNm
LzEvNlI3eUt0cWhiVlBjOWpmRmFmUVRIeVloVzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALYGNMA8E
AgACMAkDBwAqCTHAvu8wDQYJKoZIhvcNAQELBQADggEBAErCY3GjiLOMD5yERqlQ
pi8ABGk5UAo/0wtYqUkHYiusdGYN99OZsmnUMCFPpeSdKvt8faiiKHcWKOzWgGco
qH/tpOeeQf8oW7QdIkl4WnmEOX4regfg7RZOp8H89v0nPXuVetpPkGXzC2TjSDSt
luAhtx+D+78T+pP5N8Z9KM3MvuV0Gm8toATL4GIbTAHkiUmU8ph+yIDTzBaE+DP7
gcrPKaWhFHneBVD7iYhoqcOG1wD2Qa557vIr2+b66RrLAllmCP0BJN0ovQPXyLty
G/CNHVtJkX5yT/wzM8vxcHWK+vQs9nOTN8DYRG60kJJB1leZwM6mdRsaz+GOvPkM
EJU=
-----END CERTIFICATE-----