Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/H9S6jGrO3X_YWJiyY_m_L8--mMc.roa
File:                     H9S6jGrO3X_YWJiyY_m_L8--mMc.roa (raw, json)
Hash identifier:          AL0Nc/I3pgiTO+AIUm/aG6EMXvzaIJ5kdyW35w14qjY=
Subject key identifier:   1F:D4:BA:8C:6A:CE:DD:7F:D8:58:98:B2:63:F9:BF:2F:CF:BE:98:C7
Certificate issuer:       /CN=29ba0a1d7848d2c1b231dd3e6824420d18799913
Certificate serial:       018F5A1E3F1464F19C5C57EB7A4761BBADAE
Authority key identifier: 29:BA:0A:1D:78:48:D2:C1:B2:31:DD:3E:68:24:42:0D:18:79:99:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KboKHXhI0sGyMd0-aCRCDRh5mRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/H9S6jGrO3X_YWJiyY_m_L8--mMc.roa
Signing time:             Wed 08 May 2024 21:31:22 +0000
ROA not before:           Wed 08 May 2024 21:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208956
IP address blocks:        45.13.64.0/24 maxlen: 24
                          45.13.65.0/24 maxlen: 24
                          45.13.66.0/24 maxlen: 24
                          45.13.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/KboKHXhI0sGyMd0-aCRCDRh5mRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/KboKHXhI0sGyMd0-aCRCDRh5mRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KboKHXhI0sGyMd0-aCRCDRh5mRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5a:1e:3f:14:64:f1:9c:5c:57:eb:7a:47:61:bb:ad:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29ba0a1d7848d2c1b231dd3e6824420d18799913
        Validity
            Not Before: May  8 21:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd4ba8c6acedd7fd85898b263f9bf2fcfbe98c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:52:5b:56:28:48:23:11:ab:14:19:7e:f5:4a:
                    ef:cf:cb:64:57:21:ea:81:37:1e:eb:98:dc:84:04:
                    d2:67:db:68:e5:39:43:47:f9:08:f4:bb:b2:f7:45:
                    b2:ba:10:39:f7:0f:3b:d0:cf:52:fe:e9:45:be:0c:
                    1a:e8:7a:b7:11:e1:4a:c3:eb:fe:cc:53:38:46:91:
                    68:62:21:23:55:3a:80:34:ae:94:55:ee:e9:ce:ac:
                    db:f4:9c:84:ee:0e:7d:e4:05:01:38:10:87:da:d9:
                    5f:3a:14:d9:3a:2d:65:6d:17:36:27:10:58:4c:cc:
                    26:43:19:73:a1:e5:4f:b6:7f:b5:4c:fc:d2:c2:97:
                    df:b9:dc:2a:13:9c:4f:e1:c9:85:f8:a1:44:80:6a:
                    c3:46:15:83:d8:87:a5:60:51:dc:49:bd:e1:c5:dc:
                    66:2e:09:ac:6b:5a:83:b0:a6:8c:f9:5d:5a:a9:d0:
                    a7:d6:7c:03:a6:9c:68:9c:e4:05:da:5b:da:23:0d:
                    d5:69:9b:28:73:ad:45:58:4d:12:32:d5:ff:af:fa:
                    b3:d2:29:a3:6a:9f:d7:82:db:dc:95:57:f3:a2:8f:
                    61:12:2a:4c:8f:af:7a:e1:4e:7a:45:e6:e8:36:c6:
                    62:ba:13:4e:9c:81:d9:25:ec:28:3d:30:5f:cf:62:
                    a7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D4:BA:8C:6A:CE:DD:7F:D8:58:98:B2:63:F9:BF:2F:CF:BE:98:C7
            X509v3 Authority Key Identifier:
                keyid:29:BA:0A:1D:78:48:D2:C1:B2:31:DD:3E:68:24:42:0D:18:79:99:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KboKHXhI0sGyMd0-aCRCDRh5mRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/H9S6jGrO3X_YWJiyY_m_L8--mMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/KboKHXhI0sGyMd0-aCRCDRh5mRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:71:a3:54:dc:7f:7a:d4:89:d1:6a:ca:ef:14:f1:5c:9b:2b:
         7d:b3:ca:ed:67:2f:82:7a:19:ee:52:12:5e:0b:b9:08:6e:30:
         06:b1:f5:bb:d3:88:10:cd:5b:95:4d:00:54:bf:c6:98:bf:5c:
         fe:bf:66:39:b7:cd:35:39:b4:85:c2:19:59:79:f5:7e:b5:3c:
         65:3f:19:cd:ad:75:8c:28:5e:a7:db:a9:59:f1:dd:39:9b:ef:
         5a:e5:7f:32:74:55:ca:8c:0f:8e:cd:ab:a2:57:f8:8f:70:b0:
         88:07:cf:53:13:c5:b5:55:79:8c:6d:15:3b:67:98:53:13:19:
         3e:9d:de:ee:66:ab:79:e7:8d:f9:4a:c6:2b:c6:bf:c2:37:0e:
         c9:e9:78:7a:a4:af:3e:76:f8:51:bb:6b:92:42:3f:72:95:f4:
         97:c6:f7:2e:61:58:ee:fe:9d:7d:1f:f2:91:90:c7:bc:d1:a6:
         d5:a6:38:89:a3:f1:2a:28:fc:f1:26:dd:77:c0:b9:10:06:0f:
         a2:86:7a:77:90:c0:7b:be:4f:83:a1:6e:98:f9:ad:fa:f7:a7:
         6f:c8:1f:16:72:3b:c8:89:20:bc:95:1e:35:ec:44:a8:0e:24:
         bb:3b:bb:de:bf:5c:f0:69:b9:f5:2f:31:68:fd:3b:e6:d4:09:
         49:30:5b:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9aHj8UZPGcXFfrekdhu62uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmEwYTFkNzg0OGQyYzFiMjMxZGQzZTY4MjQ0MjBkMTg3
OTk5MTMwHhcNMjQwNTA4MjEzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQ0YmE4YzZhY2VkZDdmZDg1ODk4YjI2M2Y5YmYyZmNmYmU5OGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFJbVihIIxGrFBl+9Urvz8tkVyHq
gTce65jchATSZ9to5TlDR/kI9Luy90WyuhA59w870M9S/ulFvgwa6Hq3EeFKw+v+
zFM4RpFoYiEjVTqANK6UVe7pzqzb9JyE7g595AUBOBCH2tlfOhTZOi1lbRc2JxBY
TMwmQxlzoeVPtn+1TPzSwpffudwqE5xP4cmF+KFEgGrDRhWD2IelYFHcSb3hxdxm
Lgmsa1qDsKaM+V1aqdCn1nwDppxonOQF2lvaIw3VaZsoc61FWE0SMtX/r/qz0imj
ap/XgtvclVfzoo9hEipMj6964U56ReboNsZiuhNOnIHZJewoPTBfz2KnAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/Uuoxqzt1/2FiYsmP5vy/PvpjHMB8GA1UdIwQY
MBaAFCm6Ch14SNLBsjHdPmgkQg0YeZkTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JvS0hYaEkwc0d5TWQwLWFDUkNEUmg1bVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8zMGMwYzAtOWVjYS00NjRmLThiOWYt
NmE1YjVmNWNhOWQzLzEvSDlTNmpHck8zWF9ZV0ppeVlfbV9MOC0tbU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8zMGMwYzAtOWVjYS00NjRmLThiOWYtNmE1YjVmNWNhOWQz
LzEvS2JvS0hYaEkwc0d5TWQwLWFDUkNEUmg1bVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ1AMA0G
CSqGSIb3DQEBCwUAA4IBAQCTcaNU3H961InRasrvFPFcmyt9s8rtZy+CehnuUhJe
C7kIbjAGsfW704gQzVuVTQBUv8aYv1z+v2Y5t801ObSFwhlZefV+tTxlPxnNrXWM
KF6n26lZ8d05m+9a5X8ydFXKjA+OzauiV/iPcLCIB89TE8W1VXmMbRU7Z5hTExk+
nd7uZqt55435SsYrxr/CNw7J6Xh6pK8+dvhRu2uSQj9ylfSXxvcuYVju/p19H/KR
kMe80abVpjiJo/EqKPzxJt13wLkQBg+ihnp3kMB7vk+DoW6Y+a3696dvyB8WcjvI
iSC8lR417ESoDiS7O7vev1zwabn1LzFo/Tvm1AlJMFuR
-----END CERTIFICATE-----