Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/74twGgGzH-KLln_Jx5ZJHKeuIQE.roa
File:                     74twGgGzH-KLln_Jx5ZJHKeuIQE.roa (raw, json)
Hash identifier:          4lomE+DhVSO6R0wQjbGF5DlW3gbbq8buSXrg1UozDYs=
Subject key identifier:   EF:8B:70:1A:01:B3:1F:E2:8B:96:7F:C9:C7:96:49:1C:A7:AE:21:01
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019353A9631E8E510A871FECC4648272D825
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/74twGgGzH-KLln_Jx5ZJHKeuIQE.roa
Signing time:             Fri 22 Nov 2024 11:37:10 +0000
ROA not before:           Fri 22 Nov 2024 11:37:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.202.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:a9:63:1e:8e:51:0a:87:1f:ec:c4:64:82:72:d8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Nov 22 11:37:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef8b701a01b31fe28b967fc9c796491ca7ae2101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:41:99:96:f5:85:41:d9:d6:67:0a:8c:2a:bc:
                    88:4a:96:25:47:a5:91:e6:10:d9:25:4e:b7:70:0b:
                    a1:41:6b:59:92:9f:f5:fc:ad:d6:c0:12:e3:7a:e5:
                    06:a6:7e:31:1f:56:4e:2c:6f:71:c0:c2:f9:95:67:
                    2a:96:69:d6:9c:2c:d8:0e:a3:d5:48:54:eb:37:a4:
                    c2:a3:d4:80:9a:98:b3:6a:c7:10:a4:c7:1f:b1:20:
                    50:4b:f0:d1:a9:87:4b:e4:05:d6:dd:54:c7:f4:99:
                    b5:a5:41:e5:2c:92:16:b8:9c:77:a7:cd:ca:4c:26:
                    e9:03:e9:e7:ed:46:e3:fc:26:74:7b:5f:91:a2:6c:
                    f7:dd:ac:c5:7e:d3:ed:46:4c:58:ef:05:fe:16:cf:
                    54:3c:76:2f:59:62:c0:88:c8:ec:ee:ff:d4:33:11:
                    ec:5c:a5:b7:40:5b:52:59:88:a7:53:e6:47:40:15:
                    56:95:cb:01:32:3c:10:c4:ec:13:ee:3c:5f:f2:82:
                    52:a2:a8:5c:80:15:56:dd:fc:09:88:54:c5:99:e7:
                    40:32:2b:3c:24:c0:c6:9a:d5:d9:c9:6f:bc:79:7d:
                    02:bf:8a:39:b6:59:06:35:4b:e9:b9:d2:37:a5:b4:
                    13:46:50:17:5f:24:b0:dd:82:99:02:81:79:47:9a:
                    e0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:8B:70:1A:01:B3:1F:E2:8B:96:7F:C9:C7:96:49:1C:A7:AE:21:01
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/74twGgGzH-KLln_Jx5ZJHKeuIQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:5e:35:e9:3d:3d:80:b1:bb:66:66:b8:9a:2c:90:d7:f0:0e:
         2e:64:54:5e:07:30:fa:03:b9:f5:4a:43:ef:e8:60:a2:30:19:
         ed:2a:5f:3a:ed:b0:37:f6:f7:b9:73:7a:e0:ef:a6:54:42:d8:
         6c:52:54:1c:7b:a4:e0:a3:64:2f:90:19:98:d7:a5:9a:47:8b:
         ce:bc:64:c1:75:53:c7:ac:6d:c5:b8:01:d1:68:93:c6:a6:b9:
         0b:b7:64:b0:81:fc:55:92:17:53:cc:70:68:87:82:94:31:41:
         76:b8:f8:15:24:f0:1b:cf:0a:cc:dd:3b:8f:3b:69:81:62:5d:
         8b:53:52:d8:06:9f:f0:56:73:44:3f:f7:08:82:8f:1d:5a:d5:
         f4:92:05:57:6a:43:51:8a:3c:4e:ad:25:26:2a:99:4c:37:b2:
         6d:9d:7a:9a:87:93:d3:40:e1:34:2d:b4:2d:f9:6e:46:46:5b:
         43:e9:52:87:cf:86:f9:23:5a:38:28:6a:04:36:10:28:14:84:
         32:4e:f2:b1:e0:3b:93:89:b1:d9:ee:52:98:21:5b:fc:6c:7b:
         a3:6d:fa:0b:ad:bb:9a:f4:72:cb:a8:c0:c6:d8:7a:11:81:59:
         85:8a:42:20:0d:a4:ec:fb:24:c5:32:49:ec:ca:03:2b:bf:d6:
         c6:e3:67:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNTqWMejlEKhx/sxGSCctglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQxMTIyMTEzNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjhiNzAxYTAxYjMxZmUyOGI5NjdmYzljNzk2NDkxY2E3YWUyMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEGZlvWFQdnWZwqMKryISpYlR6WR
5hDZJU63cAuhQWtZkp/1/K3WwBLjeuUGpn4xH1ZOLG9xwML5lWcqlmnWnCzYDqPV
SFTrN6TCo9SAmpizascQpMcfsSBQS/DRqYdL5AXW3VTH9Jm1pUHlLJIWuJx3p83K
TCbpA+nn7Ubj/CZ0e1+Romz33azFftPtRkxY7wX+Fs9UPHYvWWLAiMjs7v/UMxHs
XKW3QFtSWYinU+ZHQBVWlcsBMjwQxOwT7jxf8oJSoqhcgBVW3fwJiFTFmedAMis8
JMDGmtXZyW+8eX0Cv4o5tlkGNUvpudI3pbQTRlAXXySw3YKZAoF5R5rgnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+LcBoBsx/ii5Z/yceWSRynriEBMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvNzR0d0dnR3pILUtMbG5fSng1WkpIS2V1SVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLKMA0G
CSqGSIb3DQEBCwUAA4IBAQA3XjXpPT2AsbtmZriaLJDX8A4uZFReBzD6A7n1SkPv
6GCiMBntKl867bA39ve5c3rg76ZUQthsUlQce6Tgo2QvkBmY16WaR4vOvGTBdVPH
rG3FuAHRaJPGprkLt2SwgfxVkhdTzHBoh4KUMUF2uPgVJPAbzwrM3TuPO2mBYl2L
U1LYBp/wVnNEP/cIgo8dWtX0kgVXakNRijxOrSUmKplMN7JtnXqah5PTQOE0LbQt
+W5GRltD6VKHz4b5I1o4KGoENhAoFIQyTvKx4DuTibHZ7lKYIVv8bHujbfoLrbua
9HLLqMDG2HoRgVmFikIgDaTs+yTFMknsygMrv9bG42dB
-----END CERTIFICATE-----