Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/45772a-a10f-429d-b5db-9218f92f3036/1/RchneOAvGNYl60hNuMDRipljOns.roa
File:                     RchneOAvGNYl60hNuMDRipljOns.roa (raw, json)
Hash identifier:          oj+sTKW1p/S67/ZxMtky9VdXxsiQE9Vh/irr9hOKMig=
Subject key identifier:   45:C8:67:78:E0:2F:18:D6:25:EB:48:4D:B8:C0:D1:8A:99:63:3A:7B
Certificate issuer:       /CN=e9057470fd56f1b773b2e40abaee79f9966e4436
Certificate serial:       0191BCDE2C9A5CC1B844F8F408614ECD3424
Authority key identifier: E9:05:74:70:FD:56:F1:B7:73:B2:E4:0A:BA:EE:79:F9:96:6E:44:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QV0cP1W8bdzsuQKuu55-ZZuRDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/45772a-a10f-429d-b5db-9218f92f3036/1/RchneOAvGNYl60hNuMDRipljOns.roa
Signing time:             Wed 04 Sep 2024 11:49:22 +0000
ROA not before:           Wed 04 Sep 2024 11:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49321
IP address blocks:        164.138.192.0/21 maxlen: 21
                          2a00:bac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/45772a-a10f-429d-b5db-9218f92f3036/1/6QV0cP1W8bdzsuQKuu55-ZZuRDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/45772a-a10f-429d-b5db-9218f92f3036/1/6QV0cP1W8bdzsuQKuu55-ZZuRDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QV0cP1W8bdzsuQKuu55-ZZuRDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:de:2c:9a:5c:c1:b8:44:f8:f4:08:61:4e:cd:34:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9057470fd56f1b773b2e40abaee79f9966e4436
        Validity
            Not Before: Sep  4 11:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45c86778e02f18d625eb484db8c0d18a99633a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c0:0b:1f:b0:2c:f8:90:8c:93:97:79:23:72:
                    77:99:f4:86:93:48:98:a4:c0:d2:44:e1:d8:46:ab:
                    e3:af:48:85:aa:08:c3:f1:e3:b5:a1:39:32:1a:d6:
                    4f:95:59:80:67:f8:37:b4:eb:a1:0e:be:eb:9c:f3:
                    c3:41:40:8c:8f:ac:05:58:ba:0b:b4:87:a1:f1:31:
                    71:36:29:c1:5c:47:e7:90:06:69:71:ae:6f:7c:e2:
                    d9:67:2c:bf:4f:69:4b:d5:f4:7a:1e:6a:88:81:9a:
                    1f:dc:cb:dd:77:2b:bd:7f:90:d1:ba:9b:b6:20:41:
                    f9:43:be:08:63:7d:b5:d2:61:37:c0:a4:0e:e2:cc:
                    46:e7:b7:77:5d:1e:6e:6b:2c:31:81:44:d4:3d:2b:
                    b2:4a:25:e1:1c:3d:8a:dd:96:8c:26:4b:ea:2a:1b:
                    60:8d:33:c3:08:5d:1b:20:14:0f:71:ec:a4:4b:c7:
                    50:b7:c5:45:12:f2:86:ae:2b:fa:53:ac:b6:d1:cc:
                    f5:b1:96:a3:b8:c7:d9:27:6e:8e:4e:5c:fd:95:c8:
                    31:c8:e7:15:67:ae:0f:a9:77:05:4c:9d:6f:84:54:
                    db:8d:89:44:47:26:12:9d:45:29:97:98:0a:ff:3f:
                    76:a2:44:a8:f5:e9:67:55:69:d2:4e:8d:79:e1:5b:
                    e4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C8:67:78:E0:2F:18:D6:25:EB:48:4D:B8:C0:D1:8A:99:63:3A:7B
            X509v3 Authority Key Identifier:
                keyid:E9:05:74:70:FD:56:F1:B7:73:B2:E4:0A:BA:EE:79:F9:96:6E:44:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QV0cP1W8bdzsuQKuu55-ZZuRDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/45772a-a10f-429d-b5db-9218f92f3036/1/RchneOAvGNYl60hNuMDRipljOns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/45772a-a10f-429d-b5db-9218f92f3036/1/6QV0cP1W8bdzsuQKuu55-ZZuRDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.192.0/21
                IPv6:
                  2a00:bac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:1d:76:66:3a:68:4b:d8:0b:1c:d9:01:89:49:b6:d0:6f:b4:
         37:59:20:c0:42:2d:d8:1d:70:c4:ac:ab:e0:78:2d:f4:d0:94:
         d6:05:a4:24:0a:e4:37:96:1d:77:c8:af:18:4e:c6:d4:de:e4:
         d2:f8:98:0e:02:24:77:7b:ff:2f:c9:fb:0b:0d:e6:4f:ca:5d:
         23:69:d7:8d:a3:ac:56:27:42:36:b4:09:74:4a:77:c9:ac:d9:
         8b:17:f4:63:d1:32:93:b8:72:8b:0b:f7:79:d7:fc:39:41:fd:
         8e:46:9a:bc:1e:4f:e7:0f:82:89:2b:1c:1b:29:31:cc:0a:d5:
         e9:a2:ef:35:28:a5:b6:43:08:e5:37:35:36:06:33:42:23:67:
         b3:fb:cb:ee:2d:9e:90:5e:2d:a5:86:d1:ad:f0:ef:87:4f:69:
         d3:4e:94:cb:50:f1:a2:2e:a2:90:91:8a:6d:fb:03:5b:39:11:
         00:2c:e6:58:4d:81:c7:73:8a:a9:16:dd:9f:b6:b2:13:f0:57:
         7d:5a:07:14:7e:87:6b:77:29:60:44:e7:10:b9:83:b1:8a:8c:
         97:03:5d:c4:82:06:94:65:3e:3e:fb:fd:b2:87:75:4c:49:23:
         f1:71:6f:49:9b:a5:11:33:66:0f:0e:1c:f6:92:16:e4:e5:fc:
         70:cd:0e:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZG83iyaXMG4RPj0CGFOzTQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDU3NDcwZmQ1NmYxYjc3M2IyZTQwYWJhZWU3OWY5OTY2
ZTQ0MzYwHhcNMjQwOTA0MTE0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWM4Njc3OGUwMmYxOGQ2MjVlYjQ4NGRiOGMwZDE4YTk5NjMzYTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocALH7As+JCMk5d5I3J3mfSGk0iY
pMDSROHYRqvjr0iFqgjD8eO1oTkyGtZPlVmAZ/g3tOuhDr7rnPPDQUCMj6wFWLoL
tIeh8TFxNinBXEfnkAZpca5vfOLZZyy/T2lL1fR6HmqIgZof3Mvddyu9f5DRupu2
IEH5Q74IY3210mE3wKQO4sxG57d3XR5uaywxgUTUPSuySiXhHD2K3ZaMJkvqKhtg
jTPDCF0bIBQPceykS8dQt8VFEvKGriv6U6y20cz1sZajuMfZJ26OTlz9lcgxyOcV
Z64PqXcFTJ1vhFTbjYlERyYSnUUpl5gK/z92okSo9elnVWnSTo154VvkkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEXIZ3jgLxjWJetITbjA0YqZYzp7MB8GA1UdIwQY
MBaAFOkFdHD9VvG3c7LkCrruefmWbkQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFWMGNQMVc4YmR6c3VRS3V1NTUtWlp1UkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80NTc3MmEtYTEwZi00MjlkLWI1ZGIt
OTIxOGY5MmYzMDM2LzEvUmNobmVPQXZHTllsNjBoTnVNRFJpcGxqT25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80NTc3MmEtYTEwZi00MjlkLWI1ZGItOTIxOGY5MmYzMDM2
LzEvNlFWMGNQMVc4YmR6c3VRS3V1NTUtWlp1UkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDpIrAMA0E
AgACMAcDBQAqALrAMA0GCSqGSIb3DQEBCwUAA4IBAQCOHXZmOmhL2Asc2QGJSbbQ
b7Q3WSDAQi3YHXDErKvgeC300JTWBaQkCuQ3lh13yK8YTsbU3uTS+JgOAiR3e/8v
yfsLDeZPyl0jadeNo6xWJ0I2tAl0SnfJrNmLF/Rj0TKTuHKLC/d51/w5Qf2ORpq8
Hk/nD4KJKxwbKTHMCtXpou81KKW2QwjlNzU2BjNCI2ez+8vuLZ6QXi2lhtGt8O+H
T2nTTpTLUPGiLqKQkYpt+wNbOREALOZYTYHHc4qpFt2ftrIT8Fd9WgcUfodrdylg
ROcQuYOxioyXA13EggaUZT4++/2yh3VMSSPxcW9Jm6URM2YPDhz2khbk5fxwzQ5Q
-----END CERTIFICATE-----