Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/vin48qEwqMvqvC7ritLVIEYG82g.roa
File:                     vin48qEwqMvqvC7ritLVIEYG82g.roa (raw, json)
Hash identifier:          Ql/RvHzo00TX7Od9Bl5RKog3quWZGhZz8wiVbKFEuxM=
Subject key identifier:   BE:29:F8:F2:A1:30:A8:CB:EA:BC:2E:EB:8A:D2:D5:20:46:06:F3:68
Certificate issuer:       /CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
Certificate serial:       01929537724C7144515FB568179C971EEBF2
Authority key identifier: 80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/vin48qEwqMvqvC7ritLVIEYG82g.roa
Signing time:             Wed 16 Oct 2024 12:04:51 +0000
ROA not before:           Wed 16 Oct 2024 12:04:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44090
IP address blocks:        45.142.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:95:37:72:4c:71:44:51:5f:b5:68:17:9c:97:1e:eb:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
        Validity
            Not Before: Oct 16 12:04:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be29f8f2a130a8cbeabc2eeb8ad2d5204606f368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:75:c7:00:90:3e:f0:5f:a2:3a:33:a5:56:15:
                    b6:9e:a4:16:36:99:6d:d6:11:01:f0:96:d6:40:63:
                    9b:9e:4d:bb:dd:0e:0a:a6:07:52:65:5d:d6:8a:33:
                    12:32:eb:61:d9:26:d1:d7:a1:39:e5:55:26:08:17:
                    92:96:bc:a2:8d:21:d3:9a:5e:92:89:49:ea:ee:1a:
                    ba:7b:c7:52:24:ce:ee:5a:74:65:b8:af:e4:98:50:
                    8b:2d:a6:03:ec:95:6a:32:46:21:36:3f:09:27:d7:
                    c1:82:1f:7c:81:6f:8f:bd:e5:d1:71:93:62:06:e3:
                    f8:ba:0a:9c:28:ac:a7:a2:18:b4:45:86:0a:08:63:
                    90:7a:d2:6c:ed:09:ec:19:52:c7:1c:9e:27:8f:20:
                    b3:55:0f:d9:a1:51:93:7e:a2:b2:a0:bc:23:60:02:
                    97:a9:2c:39:66:43:e2:a2:2f:e5:37:11:89:43:ce:
                    e6:38:dd:34:a0:42:f3:1d:b8:77:7f:3f:c3:b6:94:
                    12:d8:02:79:4b:55:82:31:06:fb:9e:7d:27:47:5d:
                    6d:b9:6b:f2:e2:f5:d3:2e:24:32:60:0d:d4:5f:d0:
                    eb:a3:12:9d:f6:1e:26:8e:b2:50:b2:af:f2:4c:c1:
                    9d:59:bf:01:8f:7c:0b:f8:e4:89:79:3c:e5:f6:17:
                    9f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:29:F8:F2:A1:30:A8:CB:EA:BC:2E:EB:8A:D2:D5:20:46:06:F3:68
            X509v3 Authority Key Identifier:
                keyid:80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/vin48qEwqMvqvC7ritLVIEYG82g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:a8:52:14:10:65:68:e1:f1:83:7b:b5:df:72:dd:26:79:5b:
         d0:f6:9a:70:2a:0c:ee:7c:6e:b1:ee:4a:00:49:0f:26:90:e7:
         ec:70:00:54:18:25:ee:4e:10:56:48:4e:ea:a6:75:a3:78:1a:
         4d:66:dc:3f:7f:e8:bd:71:d1:3a:d1:48:fd:a9:0d:5a:6b:7e:
         ae:3c:c6:34:de:05:8f:fd:68:51:6a:96:6b:9d:03:66:8d:84:
         11:85:9b:f8:b8:85:2d:0d:04:4f:5e:02:8d:13:c7:dc:cd:88:
         3f:48:92:b5:5f:19:de:e0:a6:3b:e9:1b:df:8e:e8:b8:ed:88:
         af:fb:b3:2a:32:f0:a1:fc:23:ec:e3:ca:d5:dc:5f:bf:b4:50:
         c9:09:9b:4f:cb:8f:98:f9:b1:8d:15:f2:fa:0a:70:c8:d7:96:
         6d:22:58:4c:da:83:cf:fd:32:80:1f:c3:19:3d:38:de:18:dc:
         57:f8:bb:ea:42:01:71:85:c0:0e:6e:3d:5d:cf:30:c3:3a:76:
         3b:be:f0:6c:de:8b:f3:45:61:6a:ca:3d:55:9d:e3:95:8c:db:
         74:5e:7a:d8:46:a7:cc:b0:60:b2:ff:47:d8:03:41:68:7b:d4:
         9d:e5:e8:91:3b:91:40:a5:71:30:52:22:66:ed:68:78:a5:8f:
         3a:d1:0e:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKVN3JMcURRX7VoF5yXHuvyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYWQ4YzUyMGJiOTY3NzQ2MWRkYzRlYzA5Yjc2ZDczM2I3
ZDgzNzAwHhcNMjQxMDE2MTIwNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTI5ZjhmMmExMzBhOGNiZWFiYzJlZWI4YWQyZDUyMDQ2MDZmMzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3XHAJA+8F+iOjOlVhW2nqQWNplt
1hEB8JbWQGObnk273Q4KpgdSZV3WijMSMuth2SbR16E55VUmCBeSlryijSHTml6S
iUnq7hq6e8dSJM7uWnRluK/kmFCLLaYD7JVqMkYhNj8JJ9fBgh98gW+PveXRcZNi
BuP4ugqcKKynohi0RYYKCGOQetJs7QnsGVLHHJ4njyCzVQ/ZoVGTfqKyoLwjYAKX
qSw5ZkPioi/lNxGJQ87mON00oELzHbh3fz/DtpQS2AJ5S1WCMQb7nn0nR11tuWvy
4vXTLiQyYA3UX9DroxKd9h4mjrJQsq/yTMGdWb8Bj3wL+OSJeTzl9hefAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4p+PKhMKjL6rwu64rS1SBGBvNoMB8GA1UdIwQY
MBaAFICtjFILuWd0Yd3E7Am3bXM7fYNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEt
YzYxNzUxYzZiMTk1LzEvdmluNDhxRXdxTXZxdkM3cml0TFZJRVlHODJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEtYzYxNzUxYzZiMTk1
LzEvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY69MA0G
CSqGSIb3DQEBCwUAA4IBAQCEqFIUEGVo4fGDe7Xfct0meVvQ9ppwKgzufG6x7koA
SQ8mkOfscABUGCXuThBWSE7qpnWjeBpNZtw/f+i9cdE60Uj9qQ1aa36uPMY03gWP
/WhRapZrnQNmjYQRhZv4uIUtDQRPXgKNE8fczYg/SJK1Xxne4KY76Rvfjui47Yiv
+7MqMvCh/CPs48rV3F+/tFDJCZtPy4+Y+bGNFfL6CnDI15ZtIlhM2oPP/TKAH8MZ
PTjeGNxX+LvqQgFxhcAObj1dzzDDOnY7vvBs3ovzRWFqyj1VneOVjNt0XnrYRqfM
sGCy/0fYA0Foe9Sd5eiRO5FApXEwUiJm7Wh4pY860Q5v
-----END CERTIFICATE-----