Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/sQYwUu9NXiwQ_HluJtK1sQ4Z1pc.roa
File:                     sQYwUu9NXiwQ_HluJtK1sQ4Z1pc.roa (raw, json)
Hash identifier:          DE4xyQzThDVLrEd1cMSQsRF0ssnhh5D1m6g/ReH1+rU=
Subject key identifier:   B1:06:30:52:EF:4D:5E:2C:10:FC:79:6E:26:D2:B5:B1:0E:19:D6:97
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019368EB47AF3CFA4046E9236A0CDEB9901F
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/sQYwUu9NXiwQ_HluJtK1sQ4Z1pc.roa
Signing time:             Tue 26 Nov 2024 14:41:09 +0000
ROA not before:           Tue 26 Nov 2024 14:41:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.152.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:eb:47:af:3c:fa:40:46:e9:23:6a:0c:de:b9:90:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 14:41:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1063052ef4d5e2c10fc796e26d2b5b10e19d697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a2:22:3d:e4:2a:3c:f9:f4:36:10:08:01:e7:
                    0a:ca:f9:e8:1b:32:4d:52:f0:61:c8:b4:b6:32:4a:
                    2a:69:8a:fe:88:89:da:f9:28:c7:98:19:15:16:05:
                    4e:3b:f1:47:80:80:4e:12:57:dc:12:e8:67:e2:b7:
                    55:ac:77:9f:53:9a:2a:af:57:bf:3e:97:21:ea:5d:
                    e3:15:99:cd:64:c5:44:3e:e3:c2:df:c9:e4:da:ca:
                    ed:3a:0f:02:93:1c:6d:b5:83:dd:f5:c9:7c:ff:40:
                    b1:44:4e:42:ce:c6:ac:06:b7:c5:a5:12:d9:2b:bb:
                    71:9f:a9:69:30:89:a1:01:5d:c3:fd:69:81:76:17:
                    88:87:71:e1:a8:2f:44:86:2d:07:90:f9:be:03:79:
                    a8:4e:bd:66:cf:15:27:7e:26:97:d9:78:a8:ca:8f:
                    d9:98:37:63:e7:28:4c:06:db:04:fe:58:e4:80:b2:
                    3d:51:ce:82:8f:53:dd:a9:b3:54:fb:a3:88:30:da:
                    6f:31:50:9d:d6:45:4e:2a:cb:51:65:b9:80:73:b7:
                    77:0f:14:1f:20:39:fa:14:a9:e8:7d:31:13:8b:c1:
                    5c:5a:5b:07:0b:c1:db:70:60:04:fe:59:c4:3e:8e:
                    de:3f:22:af:81:37:22:00:26:c9:c5:34:d3:d4:52:
                    a9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:06:30:52:EF:4D:5E:2C:10:FC:79:6E:26:D2:B5:B1:0E:19:D6:97
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/sQYwUu9NXiwQ_HluJtK1sQ4Z1pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:41:19:44:7b:1e:d2:ae:b1:b4:07:dd:fc:6d:ed:39:fb:e9:
         89:2d:44:52:a2:45:55:fa:4b:46:cf:80:6a:f6:90:6c:18:57:
         5a:8b:d3:66:1f:a8:84:12:bf:28:6a:48:f0:fd:e4:f7:e3:c6:
         bc:24:fe:d1:0f:2e:9c:39:6a:8f:c9:97:86:ce:3b:e6:5f:70:
         27:db:cf:0f:ff:eb:3f:aa:08:4e:44:f3:77:5b:23:84:47:d1:
         ad:fa:ee:30:91:cb:17:05:dd:53:07:3a:f0:eb:6f:4b:dc:10:
         49:68:66:97:73:19:f5:1a:72:a3:f1:c7:d4:60:71:2a:60:b9:
         ba:ed:ff:d5:3e:bf:39:57:de:4c:b5:64:56:cd:99:13:23:f5:
         8b:f7:19:4f:ba:6c:2b:ba:56:5f:b7:64:b0:ba:fe:98:70:89:
         29:97:3c:be:06:76:70:a3:b1:43:61:54:d2:56:ad:a7:c9:3d:
         df:57:c0:fb:7a:59:8c:25:da:68:00:89:74:45:99:90:2a:c3:
         3e:be:48:d0:42:d8:1d:2f:a0:95:a3:83:a3:40:d2:a5:ec:05:
         c7:03:26:00:1b:04:be:dc:c3:66:99:2b:bb:f9:a8:4f:d7:09:
         8b:c0:5e:e3:f6:6c:c6:b5:af:6d:21:07:93:a4:99:8e:54:10:
         57:60:bc:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNo60evPPpARukjagzeuZAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTQ0MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTA2MzA1MmVmNGQ1ZTJjMTBmYzc5NmUyNmQyYjViMTBlMTlkNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06IiPeQqPPn0NhAIAecKyvnoGzJN
UvBhyLS2MkoqaYr+iIna+SjHmBkVFgVOO/FHgIBOElfcEuhn4rdVrHefU5oqr1e/
Ppch6l3jFZnNZMVEPuPC38nk2srtOg8CkxxttYPd9cl8/0CxRE5CzsasBrfFpRLZ
K7txn6lpMImhAV3D/WmBdheIh3HhqC9Ehi0HkPm+A3moTr1mzxUnfiaX2Xioyo/Z
mDdj5yhMBtsE/ljkgLI9Uc6Cj1PdqbNU+6OIMNpvMVCd1kVOKstRZbmAc7d3DxQf
IDn6FKnofTETi8FcWlsHC8HbcGAE/lnEPo7ePyKvgTciACbJxTTT1FKpeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEGMFLvTV4sEPx5bibStbEOGdaXMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvc1FZd1V1OU5YaXdRX0hsdUp0SzFzUTRaMXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZizMA0G
CSqGSIb3DQEBCwUAA4IBAQCZQRlEex7SrrG0B938be05++mJLURSokVV+ktGz4Bq
9pBsGFdai9NmH6iEEr8oakjw/eT348a8JP7RDy6cOWqPyZeGzjvmX3An288P/+s/
qghORPN3WyOER9Gt+u4wkcsXBd1TBzrw629L3BBJaGaXcxn1GnKj8cfUYHEqYLm6
7f/VPr85V95MtWRWzZkTI/WL9xlPumwrulZft2Swuv6YcIkplzy+BnZwo7FDYVTS
Vq2nyT3fV8D7elmMJdpoAIl0RZmQKsM+vkjQQtgdL6CVo4OjQNKl7AXHAyYAGwS+
3MNmmSu7+ahP1wmLwF7j9mzGta9tIQeTpJmOVBBXYLyl
-----END CERTIFICATE-----