Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c15003-ed53-42d3-af09-e4e0b555ad59/1/ORwtWKVfhIVIDofb6NgsG3RKD-Q.roa
File:                     ORwtWKVfhIVIDofb6NgsG3RKD-Q.roa (raw, json)
Hash identifier:          QjVdHe0d7c2E0ZT+vhjMFVpn5eKp+N0gNNu2+7yHTFw=
Subject key identifier:   39:1C:2D:58:A5:5F:84:85:48:0E:87:DB:E8:D8:2C:1B:74:4A:0F:E4
Certificate issuer:       /CN=3d01bd949c55ed07e70242e15033d0a8474a9e1a
Certificate serial:       0191F54F9319484EBDD2EC86BD30F8E03589
Authority key identifier: 3D:01:BD:94:9C:55:ED:07:E7:02:42:E1:50:33:D0:A8:47:4A:9E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQG9lJxV7QfnAkLhUDPQqEdKnho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c15003-ed53-42d3-af09-e4e0b555ad59/1/ORwtWKVfhIVIDofb6NgsG3RKD-Q.roa
Signing time:             Sun 15 Sep 2024 10:51:58 +0000
ROA not before:           Sun 15 Sep 2024 10:51:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.133.24.0/24 maxlen: 24
                          45.133.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c15003-ed53-42d3-af09-e4e0b555ad59/1/PQG9lJxV7QfnAkLhUDPQqEdKnho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c15003-ed53-42d3-af09-e4e0b555ad59/1/PQG9lJxV7QfnAkLhUDPQqEdKnho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQG9lJxV7QfnAkLhUDPQqEdKnho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f5:4f:93:19:48:4e:bd:d2:ec:86:bd:30:f8:e0:35:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d01bd949c55ed07e70242e15033d0a8474a9e1a
        Validity
            Not Before: Sep 15 10:51:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391c2d58a55f8485480e87dbe8d82c1b744a0fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:67:4b:5e:a8:e6:40:54:ca:73:47:19:bc:4c:
                    59:e8:61:a8:2b:7f:8f:48:be:d6:ea:a6:1a:ed:93:
                    9f:ab:2c:95:cd:22:01:d3:22:ee:bd:20:13:2f:98:
                    48:c2:1c:a1:29:9c:ae:4c:ef:09:46:38:93:6f:ce:
                    9e:23:b1:10:3d:a7:41:6f:39:c6:e5:47:cf:34:0f:
                    17:43:fb:cf:6f:8b:bd:44:3a:8c:f7:90:5d:dc:2f:
                    35:54:62:77:cd:6b:71:8c:90:7e:1c:f2:8a:e0:87:
                    7e:d2:cf:e8:ec:63:40:b9:9a:e5:3b:1c:87:43:23:
                    4b:4a:1e:97:05:6e:d3:bf:6d:ec:ae:93:75:9b:e8:
                    a2:15:3e:d0:26:b6:6b:ff:8c:1a:7e:f2:fd:8e:72:
                    23:28:b4:37:c6:e1:1a:56:1b:ca:35:7b:0d:24:7f:
                    45:9d:af:e9:92:14:c8:d7:ed:1c:03:86:9e:c6:63:
                    d9:98:3f:6e:54:9b:69:92:0d:be:8e:62:a0:b5:8c:
                    ed:e9:5d:45:f5:11:63:5f:e0:4f:0d:7d:56:f4:b1:
                    7a:ae:b6:c5:3a:89:e2:04:8e:77:2b:a7:26:f5:2f:
                    d5:15:a7:ec:4b:07:91:11:e1:3b:b5:da:fd:25:fd:
                    6a:7d:73:09:fa:53:81:05:ab:4d:17:3a:30:77:5d:
                    38:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1C:2D:58:A5:5F:84:85:48:0E:87:DB:E8:D8:2C:1B:74:4A:0F:E4
            X509v3 Authority Key Identifier:
                keyid:3D:01:BD:94:9C:55:ED:07:E7:02:42:E1:50:33:D0:A8:47:4A:9E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQG9lJxV7QfnAkLhUDPQqEdKnho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c15003-ed53-42d3-af09-e4e0b555ad59/1/ORwtWKVfhIVIDofb6NgsG3RKD-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c15003-ed53-42d3-af09-e4e0b555ad59/1/PQG9lJxV7QfnAkLhUDPQqEdKnho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:e7:c3:2e:c4:91:b2:16:64:7e:60:03:0e:5d:f2:88:a4:6a:
         dc:38:95:4c:17:fe:bd:a7:96:f9:d1:2b:49:dd:0b:74:09:d6:
         bb:a9:ee:c6:57:b2:5c:09:97:b5:b8:ac:44:f3:a2:0a:3b:41:
         34:86:c7:a3:c7:62:c0:4d:c7:f4:ea:50:34:84:ef:be:d0:81:
         dd:6b:22:f8:03:62:10:fc:2e:b4:85:00:a0:cd:b3:73:54:a0:
         f5:ef:9e:62:b3:bd:fc:49:3d:3c:d3:59:70:83:5e:16:6d:40:
         11:14:52:c9:a3:9a:12:fd:85:91:e1:e0:f8:1f:57:7f:1f:56:
         e2:03:9c:07:20:71:58:92:a0:88:c7:b8:a6:96:9f:55:a5:e1:
         64:a7:08:67:75:8a:3e:b6:6a:f0:2b:53:0d:af:a9:00:0a:bd:
         0c:3c:b6:63:04:fe:7b:a1:c7:4d:fc:aa:ae:7e:1b:cf:0a:f2:
         f4:13:d1:2a:d2:40:af:6d:53:8b:27:1f:53:dc:89:cd:33:c1:
         35:d2:1f:20:85:2f:f6:13:15:5b:c6:45:9a:e9:05:6f:4c:37:
         3c:87:82:dd:8f:be:3b:d1:b6:b5:05:d4:bf:da:5b:c0:a2:16:
         bb:35:2d:88:49:59:71:6a:9b:93:1f:5b:60:0f:78:64:3f:c8:
         7c:6b:a5:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH1T5MZSE690uyGvTD44DWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDFiZDk0OWM1NWVkMDdlNzAyNDJlMTUwMzNkMGE4NDc0
YTllMWEwHhcNMjQwOTE1MTA1MTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFjMmQ1OGE1NWY4NDg1NDgwZTg3ZGJlOGQ4MmMxYjc0NGEwZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12dLXqjmQFTKc0cZvExZ6GGoK3+P
SL7W6qYa7ZOfqyyVzSIB0yLuvSATL5hIwhyhKZyuTO8JRjiTb86eI7EQPadBbznG
5UfPNA8XQ/vPb4u9RDqM95Bd3C81VGJ3zWtxjJB+HPKK4Id+0s/o7GNAuZrlOxyH
QyNLSh6XBW7Tv23srpN1m+iiFT7QJrZr/4wafvL9jnIjKLQ3xuEaVhvKNXsNJH9F
na/pkhTI1+0cA4aexmPZmD9uVJtpkg2+jmKgtYzt6V1F9RFjX+BPDX1W9LF6rrbF
OoniBI53K6cm9S/VFafsSweREeE7tdr9Jf1qfXMJ+lOBBatNFzowd104+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkcLVilX4SFSA6H2+jYLBt0Sg/kMB8GA1UdIwQY
MBaAFD0BvZScVe0H5wJC4VAz0KhHSp4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFHOWxKeFY3UWZuQWtMaFVEUFFxRWRLbmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMTUwMDMtZWQ1My00MmQzLWFmMDkt
ZTRlMGI1NTVhZDU5LzEvT1J3dFdLVmZoSVZJRG9mYjZOZ3NHM1JLRC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMTUwMDMtZWQ1My00MmQzLWFmMDktZTRlMGI1NTVhZDU5
LzEvUFFHOWxKeFY3UWZuQWtMaFVEUFFxRWRLbmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYUYMA0G
CSqGSIb3DQEBCwUAA4IBAQAs58MuxJGyFmR+YAMOXfKIpGrcOJVMF/69p5b50StJ
3Qt0Cda7qe7GV7JcCZe1uKxE86IKO0E0hsejx2LATcf06lA0hO++0IHdayL4A2IQ
/C60hQCgzbNzVKD1755is738ST0801lwg14WbUARFFLJo5oS/YWR4eD4H1d/H1bi
A5wHIHFYkqCIx7imlp9VpeFkpwhndYo+tmrwK1MNr6kACr0MPLZjBP57ocdN/Kqu
fhvPCvL0E9Eq0kCvbVOLJx9T3InNM8E10h8ghS/2ExVbxkWa6QVvTDc8h4Ldj747
0ba1BdS/2lvAoha7NS2ISVlxapuTH1tgD3hkP8h8a6UG
-----END CERTIFICATE-----