Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/BsYzlC9om29XC5ZoIuyf-96MAJ8.roa
File:                     BsYzlC9om29XC5ZoIuyf-96MAJ8.roa (raw, json)
Hash identifier:          47pR6DHPCp/NxOO+ejNObshofeg6IoRVkhboYH5ljek=
Subject key identifier:   06:C6:33:94:2F:68:9B:6F:57:0B:96:68:22:EC:9F:FB:DE:8C:00:9F
Certificate issuer:       /CN=8069d9ffe048a70003f16f06e24d9bf2db85eb52
Certificate serial:       018CC64B01D6B635ECEB78AC55073621607D
Authority key identifier: 80:69:D9:FF:E0:48:A7:00:03:F1:6F:06:E2:4D:9B:F2:DB:85:EB:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/BsYzlC9om29XC5ZoIuyf-96MAJ8.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210681
IP address blocks:        45.129.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:01:d6:b6:35:ec:eb:78:ac:55:07:36:21:60:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8069d9ffe048a70003f16f06e24d9bf2db85eb52
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06c633942f689b6f570b966822ec9ffbde8c009f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:25:2a:bb:3d:4e:54:60:11:b2:ea:b0:26:47:
                    84:6e:a1:14:48:ca:4c:0f:f9:47:c4:70:77:93:fc:
                    94:4a:e6:13:3b:8e:2c:c3:58:38:f1:a1:08:ab:9b:
                    ef:0d:6b:9a:14:d6:ed:ea:3f:61:5d:12:9a:5c:50:
                    47:11:6c:dd:ab:2e:6d:d7:07:fe:89:9b:0c:9f:9f:
                    e2:5c:2e:55:94:5a:a4:3d:35:74:99:df:01:6e:a9:
                    3c:ce:6d:3a:91:7c:29:55:33:ea:64:e6:f1:4a:9d:
                    83:69:ee:64:3e:20:b5:61:8e:42:f3:9f:6f:e6:26:
                    2b:12:a1:f3:96:63:49:10:d8:68:14:51:11:dd:42:
                    46:23:38:a8:3e:64:37:e6:2d:c0:05:60:8d:41:5b:
                    ed:e8:a3:7b:59:1e:c8:01:14:ae:99:f8:bc:7b:25:
                    75:0a:f4:fb:c1:64:fe:08:1c:94:30:fc:59:27:10:
                    6e:60:97:0d:a5:c9:35:3b:67:95:01:3a:b3:24:06:
                    34:66:28:d4:59:0f:a0:6e:24:09:96:18:c8:7b:1b:
                    72:d4:08:5b:86:e3:1e:1d:9a:76:4f:ed:ac:17:90:
                    d8:e7:0b:92:ef:0f:0c:c1:b3:93:38:be:5b:5a:cc:
                    c7:c8:d4:fd:d0:82:08:18:9c:33:32:12:4e:10:c1:
                    07:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C6:33:94:2F:68:9B:6F:57:0B:96:68:22:EC:9F:FB:DE:8C:00:9F
            X509v3 Authority Key Identifier:
                keyid:80:69:D9:FF:E0:48:A7:00:03:F1:6F:06:E2:4D:9B:F2:DB:85:EB:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/BsYzlC9om29XC5ZoIuyf-96MAJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:25:27:c9:7b:10:ae:1a:56:18:08:b2:c4:51:e2:71:0e:14:
         d4:cd:db:85:20:d7:b1:82:67:c2:12:2e:8d:a7:1a:fb:f8:56:
         ad:ee:75:47:58:ae:1a:c6:48:b4:fb:43:80:04:47:8f:a4:4e:
         90:75:e7:49:77:97:5d:b3:f1:c6:a6:82:cb:57:ea:ea:de:8b:
         86:60:70:cd:42:2c:27:3d:b4:2e:9e:f7:7a:a4:7d:d6:98:6d:
         33:24:a9:a5:08:8d:ef:08:93:14:50:fb:cd:8e:6a:6a:4a:b3:
         c8:09:90:69:a4:3d:6a:d3:21:9d:ab:e5:5e:5c:4f:a6:7a:17:
         6d:c8:b0:d3:e8:10:fb:c2:fb:34:4e:09:8d:3f:30:88:26:c2:
         2d:24:f2:f1:b3:3f:a4:07:81:69:e1:50:8c:78:d3:94:67:f3:
         59:fa:86:c0:58:14:c7:e7:5c:c3:22:b2:a0:90:2b:f6:70:fa:
         65:5f:40:48:57:53:8a:72:d3:d2:72:86:0b:4e:d0:73:d1:bc:
         c4:eb:15:7a:6a:57:7c:45:cc:e0:c2:44:98:91:06:54:09:c1:
         89:61:30:61:d2:08:0d:ae:e9:c7:ea:08:6b:a4:bc:53:34:c3:
         91:59:f1:7d:f6:d2:af:1f:69:32:4e:ed:47:1d:bd:1f:e4:48:
         33:a7:3c:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwHWtjXs63isVQc2IWB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNjlkOWZmZTA0OGE3MDAwM2YxNmYwNmUyNGQ5YmYyZGI4
NWViNTIwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmM2MzM5NDJmNjg5YjZmNTcwYjk2NjgyMmVjOWZmYmRlOGMwMDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCUquz1OVGARsuqwJkeEbqEUSMpM
D/lHxHB3k/yUSuYTO44sw1g48aEIq5vvDWuaFNbt6j9hXRKaXFBHEWzdqy5t1wf+
iZsMn5/iXC5VlFqkPTV0md8Bbqk8zm06kXwpVTPqZObxSp2Dae5kPiC1YY5C859v
5iYrEqHzlmNJENhoFFER3UJGIzioPmQ35i3ABWCNQVvt6KN7WR7IARSumfi8eyV1
CvT7wWT+CByUMPxZJxBuYJcNpck1O2eVATqzJAY0ZijUWQ+gbiQJlhjIexty1Ahb
huMeHZp2T+2sF5DY5wuS7w8MwbOTOL5bWszHyNT90IIIGJwzMhJOEMEHlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbGM5QvaJtvVwuWaCLsn/vejACfMB8GA1UdIwQY
MBaAFIBp2f/gSKcAA/FvBuJNm/LbhetSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0duWl8tQklwd0FEOFc4RzRrMmI4dHVGNjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lNjQxNDgtNGM4Yy00ZTg0LTkyNWIt
ZTAyMmUzMDA5YTcxLzEvQnNZemxDOW9tMjlYQzVab0l1eWYtOTZNQUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lNjQxNDgtNGM4Yy00ZTg0LTkyNWItZTAyMmUzMDA5YTcx
LzEvZ0duWl8tQklwd0FEOFc4RzRrMmI4dHVGNjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYF6MA0G
CSqGSIb3DQEBCwUAA4IBAQDMJSfJexCuGlYYCLLEUeJxDhTUzduFINexgmfCEi6N
pxr7+Fat7nVHWK4axki0+0OABEePpE6QdedJd5dds/HGpoLLV+rq3ouGYHDNQiwn
PbQunvd6pH3WmG0zJKmlCI3vCJMUUPvNjmpqSrPICZBppD1q0yGdq+VeXE+mehdt
yLDT6BD7wvs0TgmNPzCIJsItJPLxsz+kB4Fp4VCMeNOUZ/NZ+obAWBTH51zDIrKg
kCv2cPplX0BIV1OKctPScoYLTtBz0bzE6xV6ald8RczgwkSYkQZUCcGJYTBh0ggN
runH6ghrpLxTNMORWfF99tKvH2kyTu1HHb0f5EgzpzxD
-----END CERTIFICATE-----