Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HttRt05v3SN48vJz9HnxkL7s-Nc.roa
File:                     HttRt05v3SN48vJz9HnxkL7s-Nc.roa (raw, json)
Hash identifier:          9iKI2FabiSVwY10dPI5bmefYU4nyF9L35EH3xcLkQWw=
Subject key identifier:   1E:DB:51:B7:4E:6F:DD:23:78:F2:F2:73:F4:79:F1:90:BE:EC:F8:D7
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019179F1E8FE17EB814EB10B2F9E9403973A
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HttRt05v3SN48vJz9HnxkL7s-Nc.roa
Signing time:             Thu 22 Aug 2024 11:56:22 +0000
ROA not before:           Thu 22 Aug 2024 11:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35372
IP address blocks:        45.11.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:79:f1:e8:fe:17:eb:81:4e:b1:0b:2f:9e:94:03:97:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Aug 22 11:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1edb51b74e6fdd2378f2f273f479f190beecf8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:56:45:49:c7:d2:22:5e:ae:3f:7f:76:c9:da:
                    b6:90:e2:2c:f2:ea:0a:7c:8f:80:43:3e:ca:83:e2:
                    e3:97:24:1b:cd:ba:f8:b5:03:65:a3:d2:75:f6:db:
                    8e:e8:f3:6e:bc:4e:17:5d:96:d0:e6:81:70:97:29:
                    b1:0d:7c:b4:7c:4d:e6:86:1f:a2:19:c8:bf:e4:ba:
                    03:ec:c7:43:34:0f:0a:18:4c:58:31:82:1b:08:c8:
                    c3:7a:8d:46:8f:1d:92:9b:9b:e6:5c:9f:b3:7b:f7:
                    5d:d2:fe:57:22:3f:58:5d:25:8a:a6:f8:61:92:8f:
                    17:6b:e8:57:4b:7a:da:e7:34:99:3c:87:81:76:f4:
                    9a:a1:ac:3e:7b:73:a6:a9:33:20:45:26:87:b2:7a:
                    a3:ff:7a:f1:b0:7f:28:c1:c5:99:a6:02:58:3d:22:
                    96:36:de:cf:23:fe:aa:04:c6:56:f3:2d:47:ec:64:
                    c8:63:da:ad:b0:6f:82:3c:22:44:a9:93:f8:1b:b7:
                    09:26:99:23:d0:dc:49:62:e6:18:6d:ec:8f:eb:e1:
                    b0:ee:99:5f:29:d8:f9:fe:08:8e:f3:4f:d4:21:79:
                    92:e2:a4:70:0d:1d:87:9e:4c:15:40:11:75:65:8b:
                    4e:9d:54:f1:07:75:74:b9:60:01:c5:1e:5f:d5:ce:
                    a1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:DB:51:B7:4E:6F:DD:23:78:F2:F2:73:F4:79:F1:90:BE:EC:F8:D7
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HttRt05v3SN48vJz9HnxkL7s-Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f4:4b:e9:6d:eb:81:8d:f8:dd:ce:be:7a:6c:cd:59:70:fb:
         74:7e:b1:82:e2:76:2d:ce:7a:fd:d1:1c:91:f3:14:33:be:e4:
         13:28:5e:ec:78:bb:b2:c9:6c:e2:e9:4a:21:25:cd:4d:1f:88:
         52:58:ed:c5:0b:db:8a:34:2f:8e:13:ef:7c:fb:8b:87:ae:28:
         09:90:a8:f5:1b:ac:38:f3:df:53:c6:81:89:7b:69:95:75:bf:
         52:d3:b2:f5:36:0f:f0:50:63:6e:bc:13:75:88:6f:cb:a9:1b:
         8d:23:53:22:1a:36:75:2b:b3:c8:09:f4:c5:59:3f:0f:9a:df:
         dd:2d:64:c9:00:ac:52:b6:31:bf:f7:4e:ab:dc:c4:47:86:19:
         fb:de:9b:38:1e:ba:76:be:5e:93:e0:bb:8f:9f:b0:e3:7e:f2:
         9d:89:11:44:0e:88:1a:78:c3:1e:d5:74:d3:04:78:77:10:5e:
         3c:c4:c4:9e:49:0b:cf:9e:13:04:6b:67:26:9d:62:73:5a:e8:
         83:4c:f8:f1:b5:ab:e0:cd:5c:96:6d:43:d6:62:be:77:db:73:
         04:6a:b6:ad:f4:ef:fa:6b:c9:4e:b8:cf:ae:b0:30:b8:83:a6:
         2a:f9:39:50:8d:83:55:70:4f:91:56:a0:c2:47:22:c8:00:a4:
         16:2d:fa:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF58ej+F+uBTrELL56UA5c6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwODIyMTE1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWRiNTFiNzRlNmZkZDIzNzhmMmYyNzNmNDc5ZjE5MGJlZWNmOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFZFScfSIl6uP392ydq2kOIs8uoK
fI+AQz7Kg+LjlyQbzbr4tQNlo9J19tuO6PNuvE4XXZbQ5oFwlymxDXy0fE3mhh+i
Gci/5LoD7MdDNA8KGExYMYIbCMjDeo1Gjx2Sm5vmXJ+ze/dd0v5XIj9YXSWKpvhh
ko8Xa+hXS3ra5zSZPIeBdvSaoaw+e3OmqTMgRSaHsnqj/3rxsH8owcWZpgJYPSKW
Nt7PI/6qBMZW8y1H7GTIY9qtsG+CPCJEqZP4G7cJJpkj0NxJYuYYbeyP6+Gw7plf
Kdj5/giO80/UIXmS4qRwDR2HnkwVQBF1ZYtOnVTxB3V0uWABxR5f1c6hTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7bUbdOb90jePLyc/R58ZC+7PjXMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSHR0UnQwNXYzU040OHZKejlIbnhrTDdzLU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu4MA0G
CSqGSIb3DQEBCwUAA4IBAQBh9EvpbeuBjfjdzr56bM1ZcPt0frGC4nYtznr90RyR
8xQzvuQTKF7seLuyyWzi6UohJc1NH4hSWO3FC9uKNC+OE+98+4uHrigJkKj1G6w4
899TxoGJe2mVdb9S07L1Ng/wUGNuvBN1iG/LqRuNI1MiGjZ1K7PICfTFWT8Pmt/d
LWTJAKxStjG/906r3MRHhhn73ps4Hrp2vl6T4LuPn7DjfvKdiRFEDogaeMMe1XTT
BHh3EF48xMSeSQvPnhMEa2cmnWJzWuiDTPjxtavgzVyWbUPWYr5323MEarat9O/6
a8lOuM+usDC4g6Yq+TlQjYNVcE+RVqDCRyLIAKQWLfpl
-----END CERTIFICATE-----