Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/kcLvebvinb_fU9cLNzlPp66YtiU.roa
File:                     kcLvebvinb_fU9cLNzlPp66YtiU.roa (raw, json)
Hash identifier:          GqEC4CeIrVTOV+TeT278EX0iWT/g3V3BH7w6DFrfyHs=
Subject key identifier:   91:C2:EF:79:BB:E2:9D:BF:DF:53:D7:0B:37:39:4F:A7:AE:98:B6:25
Certificate issuer:       /CN=0589ee303ff7d0d557599fa04b293dc2b16bb4d4
Certificate serial:       018CC72656155E2AD5F70E16069E3F24FDDD
Authority key identifier: 05:89:EE:30:3F:F7:D0:D5:57:59:9F:A0:4B:29:3D:C2:B1:6B:B4:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/kcLvebvinb_fU9cLNzlPp66YtiU.roa
Signing time:             Mon 01 Jan 2024 22:30:27 +0000
ROA not before:           Mon 01 Jan 2024 22:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212570
IP address blocks:        45.132.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:56:15:5e:2a:d5:f7:0e:16:06:9e:3f:24:fd:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0589ee303ff7d0d557599fa04b293dc2b16bb4d4
        Validity
            Not Before: Jan  1 22:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91c2ef79bbe29dbfdf53d70b37394fa7ae98b625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:80:bf:fd:7d:04:c9:b1:5f:7a:a1:48:19:54:
                    bd:7e:c0:09:b0:99:53:7c:90:97:28:af:e2:cd:69:
                    82:3d:ae:2f:cc:b8:4e:08:68:b4:87:44:e6:83:4d:
                    3e:62:9f:12:d4:78:80:90:39:0a:a8:55:44:5e:29:
                    60:5c:72:fb:f7:77:53:c2:c3:60:71:4c:41:ab:49:
                    25:de:c8:a3:93:e9:8e:ca:83:9f:b4:21:61:ec:c0:
                    bd:e7:e5:52:5e:bc:14:db:2e:b0:f1:12:72:bd:a9:
                    e8:1f:1e:4c:d8:72:dc:2e:e7:0e:9b:e7:0e:85:14:
                    c5:0f:98:3a:23:5e:9f:80:4d:5b:d7:b8:55:25:81:
                    6e:d4:d2:4c:d2:fe:f7:8c:1c:c7:04:43:c0:08:be:
                    21:33:4a:94:d2:85:eb:88:e6:72:bc:a1:12:8b:87:
                    8b:07:d9:01:ae:53:52:b0:be:82:88:2f:3a:b5:43:
                    d1:5a:48:dc:6e:8c:18:e3:07:60:e6:b5:e0:8e:91:
                    2a:44:c4:31:6c:bb:37:5a:f2:67:ef:4a:68:79:5b:
                    05:fd:75:e7:13:4e:11:f9:11:22:5f:e7:57:5a:a8:
                    2e:b6:15:8f:01:d4:7e:64:94:f7:f4:3c:f6:90:a2:
                    9e:f4:b0:8e:c5:c3:12:ba:47:9c:31:29:90:a7:88:
                    6c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C2:EF:79:BB:E2:9D:BF:DF:53:D7:0B:37:39:4F:A7:AE:98:B6:25
            X509v3 Authority Key Identifier:
                keyid:05:89:EE:30:3F:F7:D0:D5:57:59:9F:A0:4B:29:3D:C2:B1:6B:B4:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/kcLvebvinb_fU9cLNzlPp66YtiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a7:eb:cb:a7:84:c9:38:ee:02:37:31:b0:18:cf:2f:6e:61:
         90:a5:32:0e:2a:80:58:99:47:3f:2f:e8:76:66:eb:67:95:3b:
         16:d1:5a:9c:63:2a:26:6b:60:d5:8c:65:52:0f:db:30:a3:33:
         9a:20:7d:b9:dd:47:c7:d4:ee:01:20:58:dc:ee:80:6f:0f:c2:
         c3:d8:0c:82:09:22:23:e8:1a:3d:da:56:f8:1d:3c:a6:83:f4:
         83:0d:92:43:19:cd:56:26:05:7c:08:a3:83:63:a8:ed:fd:21:
         e8:35:18:f5:e1:b0:5d:e5:0b:b0:33:e5:ba:73:09:16:7e:1f:
         98:3f:a7:71:c2:60:2d:a7:c6:61:f0:33:e1:89:66:86:e5:20:
         d9:5a:9a:67:28:1a:c9:26:02:ac:8f:5b:ff:8d:10:dd:c6:ae:
         bf:b5:b2:e7:f1:da:94:54:0f:6e:36:98:42:49:b2:59:91:b7:
         84:36:21:74:35:6e:37:d4:d8:95:fa:8a:39:3a:2c:34:fb:82:
         30:71:d0:53:7c:b0:71:d3:d9:31:df:38:87:88:61:b9:bf:c6:
         e5:d7:93:f7:53:bc:14:c9:78:ac:97:f8:e7:d1:cc:6e:5e:fc:
         b3:fd:c4:34:18:3e:e8:a5:b9:5b:94:b9:cf:1f:6e:62:0b:59:
         2c:a9:18:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJlYVXirV9w4WBp4/JP3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ODllZTMwM2ZmN2QwZDU1NzU5OWZhMDRiMjkzZGMyYjE2
YmI0ZDQwHhcNMjQwMTAxMjIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWMyZWY3OWJiZTI5ZGJmZGY1M2Q3MGIzNzM5NGZhN2FlOThiNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYC//X0EybFfeqFIGVS9fsAJsJlT
fJCXKK/izWmCPa4vzLhOCGi0h0Tmg00+Yp8S1HiAkDkKqFVEXilgXHL793dTwsNg
cUxBq0kl3sijk+mOyoOftCFh7MC95+VSXrwU2y6w8RJyvanoHx5M2HLcLucOm+cO
hRTFD5g6I16fgE1b17hVJYFu1NJM0v73jBzHBEPACL4hM0qU0oXriOZyvKESi4eL
B9kBrlNSsL6CiC86tUPRWkjcbowY4wdg5rXgjpEqRMQxbLs3WvJn70poeVsF/XXn
E04R+REiX+dXWqguthWPAdR+ZJT39Dz2kKKe9LCOxcMSukecMSmQp4hsbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHC73m74p2/31PXCzc5T6eumLYlMB8GA1UdIwQY
MBaAFAWJ7jA/99DVV1mfoEspPcKxa7TUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlludU1EXzMwTlZYV1otZ1N5azl3ckZydE5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80ZTE5OGUtMmY2MS00NmYzLWI1ZjYt
MDZkNmU5NDdlMzhmLzEva2NMdmVidmluYl9mVTljTE56bFBwNjZZdGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80ZTE5OGUtMmY2MS00NmYzLWI1ZjYtMDZkNmU5NDdlMzhm
LzEvQlludU1EXzMwTlZYV1otZ1N5azl3ckZydE5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYSTMA0G
CSqGSIb3DQEBCwUAA4IBAQAgp+vLp4TJOO4CNzGwGM8vbmGQpTIOKoBYmUc/L+h2
ZutnlTsW0VqcYyoma2DVjGVSD9swozOaIH253UfH1O4BIFjc7oBvD8LD2AyCCSIj
6Bo92lb4HTymg/SDDZJDGc1WJgV8CKODY6jt/SHoNRj14bBd5QuwM+W6cwkWfh+Y
P6dxwmAtp8Zh8DPhiWaG5SDZWppnKBrJJgKsj1v/jRDdxq6/tbLn8dqUVA9uNphC
SbJZkbeENiF0NW431NiV+oo5Oiw0+4IwcdBTfLBx09kx3ziHiGG5v8bl15P3U7wU
yXisl/jn0cxuXvyz/cQ0GD7opblblLnPH25iC1ksqRgG
-----END CERTIFICATE-----