Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/R_YsGj-VAZv7ABWgGQcpSs4cvl4.roa
File:                     R_YsGj-VAZv7ABWgGQcpSs4cvl4.roa (raw, json)
Hash identifier:          AtnzT7K0lroMVQZaIqd8ZodVf2mbFvGHQcpC2NEULIA=
Subject key identifier:   47:F6:2C:1A:3F:95:01:9B:FB:00:15:A0:19:07:29:4A:CE:1C:BE:5E
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0192D1D1715B9EEDF07DF33C6A5E3939ACAD
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/R_YsGj-VAZv7ABWgGQcpSs4cvl4.roa
Signing time:             Mon 28 Oct 2024 06:30:17 +0000
ROA not before:           Mon 28 Oct 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215035
IP address blocks:        45.146.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:d1:71:5b:9e:ed:f0:7d:f3:3c:6a:5e:39:39:ac:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Oct 28 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47f62c1a3f95019bfb0015a01907294ace1cbe5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e5:93:3b:96:47:d1:0d:75:65:3a:f9:34:dc:
                    89:52:f6:3b:23:7d:81:f3:f4:55:64:2c:73:66:ba:
                    8c:97:80:1c:c2:76:c4:c0:2a:55:d5:16:72:22:49:
                    69:71:a6:a8:e4:ed:d8:27:bc:23:83:86:d9:71:e2:
                    98:38:89:e4:f4:f4:67:d4:dc:08:ea:1b:d5:a2:ca:
                    65:ae:2a:63:12:b9:8a:13:af:83:52:e8:8d:e6:9e:
                    be:47:f8:1f:ad:4a:44:26:cf:ca:5c:0f:f9:c9:8d:
                    c9:e3:b7:a0:02:f7:75:e3:b2:d3:19:5a:fd:b4:d6:
                    3d:52:ee:56:2c:3e:25:01:16:1b:f3:7c:52:2b:09:
                    c0:fb:09:d9:fc:48:d2:5b:c5:5e:44:13:78:c9:b6:
                    94:d5:60:c2:a6:df:bc:7e:44:18:7c:9b:ae:c5:bd:
                    d7:5b:1d:bd:07:3d:40:c1:43:18:2d:b2:dc:da:d2:
                    a7:5d:db:c3:85:4d:3b:23:31:f4:58:be:2b:22:5c:
                    64:66:39:b7:ac:4a:bd:c7:1d:f7:b5:74:db:30:d9:
                    e8:c6:c2:82:1a:af:db:2f:8d:b2:df:33:df:f9:96:
                    2f:87:22:ce:88:b3:80:9d:95:12:4f:01:2c:e4:e7:
                    66:36:1e:58:a9:0d:44:d6:cb:d9:12:a2:c6:63:b8:
                    e4:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F6:2C:1A:3F:95:01:9B:FB:00:15:A0:19:07:29:4A:CE:1C:BE:5E
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/R_YsGj-VAZv7ABWgGQcpSs4cvl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:cf:aa:1c:26:2c:09:d0:ab:4c:6f:32:25:a2:0a:ac:44:23:
         19:f3:5f:6c:df:3a:4e:12:9c:90:d0:aa:af:95:fd:d3:5f:7b:
         6f:70:3b:4d:ec:64:8d:31:f4:92:f1:21:ad:cf:91:02:a0:b3:
         f4:fb:e9:8b:ee:6d:51:16:71:20:68:d5:aa:06:b8:16:09:0d:
         10:4a:f7:71:e5:37:a6:f5:0d:70:d3:60:96:6c:d2:b2:b4:1a:
         51:8c:ed:5f:57:98:52:7c:22:a6:b4:f3:ae:88:4f:3c:26:8e:
         d7:3e:69:0a:ff:fd:27:9a:d4:5d:65:8d:44:a9:a3:55:0d:ce:
         c6:93:d8:15:1a:cd:ef:0f:a4:45:cb:77:89:bd:7a:a9:ae:a9:
         48:61:7d:5f:b6:31:49:03:6b:4c:2a:a7:30:a2:c7:3e:ad:b2:
         3c:bf:61:51:06:96:9d:ce:61:e7:4f:ac:5d:4d:e9:64:4b:cf:
         78:59:99:80:8c:4e:8b:4d:0f:56:92:14:df:09:bb:50:c9:45:
         36:d2:e2:f9:1f:94:c7:d8:5a:3c:5b:8b:f6:dc:91:20:1f:2f:
         ab:80:e6:70:de:2c:13:83:2b:b9:62:fa:33:1c:5f:3d:8d:e1:
         ab:c7:ea:80:70:40:7b:52:6e:34:b7:42:64:a6:94:07:46:8e:
         f5:a1:ec:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLR0XFbnu3wffM8al45OaytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQxMDI4MDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Y2MmMxYTNmOTUwMTliZmIwMDE1YTAxOTA3Mjk0YWNlMWNiZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OWTO5ZH0Q11ZTr5NNyJUvY7I32B
8/RVZCxzZrqMl4AcwnbEwCpV1RZyIklpcaao5O3YJ7wjg4bZceKYOInk9PRn1NwI
6hvVosplripjErmKE6+DUuiN5p6+R/gfrUpEJs/KXA/5yY3J47egAvd147LTGVr9
tNY9Uu5WLD4lARYb83xSKwnA+wnZ/EjSW8VeRBN4ybaU1WDCpt+8fkQYfJuuxb3X
Wx29Bz1AwUMYLbLc2tKnXdvDhU07IzH0WL4rIlxkZjm3rEq9xx33tXTbMNnoxsKC
Gq/bL42y3zPf+ZYvhyLOiLOAnZUSTwEs5OdmNh5YqQ1E1svZEqLGY7jkwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEf2LBo/lQGb+wAVoBkHKUrOHL5eMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvUl9Zc0dqLVZBWnY3QUJXZ0dRY3BTczRjdmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLLMA0G
CSqGSIb3DQEBCwUAA4IBAQAdz6ocJiwJ0KtMbzIlogqsRCMZ819s3zpOEpyQ0Kqv
lf3TX3tvcDtN7GSNMfSS8SGtz5ECoLP0++mL7m1RFnEgaNWqBrgWCQ0QSvdx5Tem
9Q1w02CWbNKytBpRjO1fV5hSfCKmtPOuiE88Jo7XPmkK//0nmtRdZY1EqaNVDc7G
k9gVGs3vD6RFy3eJvXqprqlIYX1ftjFJA2tMKqcwosc+rbI8v2FRBpadzmHnT6xd
TelkS894WZmAjE6LTQ9WkhTfCbtQyUU20uL5H5TH2Fo8W4v23JEgHy+rgOZw3iwT
gyu5YvozHF89jeGrx+qAcEB7Um40t0JkppQHRo71oewQ
-----END CERTIFICATE-----