Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/F1Gfcfjyn5NtrW8N2nl0lrEiVwA.roa
File:                     F1Gfcfjyn5NtrW8N2nl0lrEiVwA.roa (raw, json)
Hash identifier:          tEkKanTPswZxMWVrUr3AtbCmKfmTa0++9Le5Cv4elL0=
Subject key identifier:   17:51:9F:71:F8:F2:9F:93:6D:AD:6F:0D:DA:79:74:96:B1:22:57:00
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       0192191AF0E6709BE7B20A837E049765F031
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/F1Gfcfjyn5NtrW8N2nl0lrEiVwA.roa
Signing time:             Sun 22 Sep 2024 09:40:48 +0000
ROA not before:           Sun 22 Sep 2024 09:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        45.140.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:19:1a:f0:e6:70:9b:e7:b2:0a:83:7e:04:97:65:f0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Sep 22 09:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17519f71f8f29f936dad6f0dda797496b1225700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:c2:5b:09:6c:fc:9c:74:fe:2b:6d:fa:a5:24:
                    d6:71:80:44:c2:5a:08:3e:83:0c:f8:a2:d4:96:62:
                    39:47:99:5c:af:40:c2:7e:c2:e4:95:21:6e:c4:cf:
                    2f:cc:71:8d:fe:3a:c5:bf:7a:8f:c3:dc:b2:f6:ba:
                    42:dc:58:0a:26:5b:6e:10:2a:b2:3a:74:f1:f3:ae:
                    e3:55:0f:7e:f2:b9:0e:e6:57:34:e3:2d:25:33:2a:
                    40:bf:28:80:63:fa:ce:1e:ef:5b:57:7a:26:62:f0:
                    a8:ea:59:86:e2:c6:42:17:8c:20:4b:04:0f:55:b4:
                    7c:ce:7d:d7:dc:24:84:81:cf:1a:fa:7c:11:cd:e9:
                    f0:24:ff:22:e4:b1:18:ed:7c:c4:31:0f:3f:74:bf:
                    6b:78:52:a1:48:bb:03:9c:85:49:4b:09:ae:d1:b2:
                    2a:43:08:7b:df:62:17:69:30:f7:ba:8d:6f:d1:6d:
                    f3:e6:b2:b6:be:78:4f:5c:2c:50:5e:00:11:2e:84:
                    69:18:63:28:8b:5f:4e:91:43:aa:3b:38:d4:eb:fc:
                    ba:f1:69:1f:0e:1b:a0:58:01:02:08:cb:9f:b0:49:
                    ea:bc:19:6a:db:35:32:15:69:2f:b9:89:26:34:72:
                    91:ac:b3:e5:3a:34:4a:ca:8a:51:20:80:c6:b0:2d:
                    4c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:51:9F:71:F8:F2:9F:93:6D:AD:6F:0D:DA:79:74:96:B1:22:57:00
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/F1Gfcfjyn5NtrW8N2nl0lrEiVwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b0:70:d5:03:99:b6:af:cd:84:fe:b1:f6:57:de:ae:fa:ae:
         1d:45:85:5f:54:4e:49:4a:13:e1:43:bc:fb:f1:7a:aa:c9:ca:
         5e:c0:15:30:3e:70:ad:16:c6:f5:d2:3b:83:0e:c8:9e:11:7c:
         5e:d6:1b:5d:cf:7a:30:58:b5:7e:0d:e4:3b:f9:7b:29:80:1f:
         3a:53:64:db:89:d6:bc:51:53:3b:cc:a9:12:87:0f:2f:6c:13:
         8e:4d:39:25:06:2f:f7:a4:16:70:d1:00:d1:ce:29:e2:d6:96:
         fb:ad:ff:cd:3c:31:5e:36:28:06:64:23:84:bd:af:f0:7a:89:
         b7:47:83:84:07:15:00:b9:b5:d9:5c:91:09:1a:df:52:33:90:
         ff:d8:5b:e5:b3:32:4a:66:e7:59:51:34:79:77:85:39:d4:71:
         d9:5c:36:fb:52:f4:a1:9f:39:24:00:27:e4:fa:a9:84:ea:a2:
         a6:48:dd:9b:9d:02:56:5e:8a:cc:3b:5a:58:1a:b4:8d:70:29:
         80:79:0b:64:4a:89:99:4d:76:c7:6a:d3:f7:9a:f5:84:03:77:
         bd:6a:00:72:b9:b4:b6:5a:f8:14:b4:7a:38:a1:89:bf:83:d2:
         5b:08:f3:f7:84:2a:13:19:c3:5f:8b:c1:2f:89:0e:21:ae:0e:
         09:fb:16:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIZGvDmcJvnsgqDfgSXZfAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQwOTIyMDk0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzUxOWY3MWY4ZjI5ZjkzNmRhZDZmMGRkYTc5NzQ5NmIxMjI1NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78JbCWz8nHT+K236pSTWcYBEwloI
PoMM+KLUlmI5R5lcr0DCfsLklSFuxM8vzHGN/jrFv3qPw9yy9rpC3FgKJltuECqy
OnTx867jVQ9+8rkO5lc04y0lMypAvyiAY/rOHu9bV3omYvCo6lmG4sZCF4wgSwQP
VbR8zn3X3CSEgc8a+nwRzenwJP8i5LEY7XzEMQ8/dL9reFKhSLsDnIVJSwmu0bIq
Qwh732IXaTD3uo1v0W3z5rK2vnhPXCxQXgARLoRpGGMoi19OkUOqOzjU6/y68Wkf
DhugWAECCMufsEnqvBlq2zUyFWkvuYkmNHKRrLPlOjRKyopRIIDGsC1MbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdRn3H48p+Tba1vDdp5dJaxIlcAMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvRjFHZmNmanluNU50clc4TjJubDBsckVpVndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYw5MA0G
CSqGSIb3DQEBCwUAA4IBAQAasHDVA5m2r82E/rH2V96u+q4dRYVfVE5JShPhQ7z7
8XqqycpewBUwPnCtFsb10juDDsieEXxe1htdz3owWLV+DeQ7+XspgB86U2Tbida8
UVM7zKkShw8vbBOOTTklBi/3pBZw0QDRzini1pb7rf/NPDFeNigGZCOEva/weom3
R4OEBxUAubXZXJEJGt9SM5D/2FvlszJKZudZUTR5d4U51HHZXDb7UvShnzkkACfk
+qmE6qKmSN2bnQJWXorMO1pYGrSNcCmAeQtkSomZTXbHatP3mvWEA3e9agByubS2
WvgUtHo4oYm/g9JbCPP3hCoTGcNfi8EviQ4hrg4J+xZT
-----END CERTIFICATE-----