Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Y2etQywV7677Wd-v3xiYLS0vNy8.roa
File:                     Y2etQywV7677Wd-v3xiYLS0vNy8.roa (raw, json)
Hash identifier:          QXZ5U2dJXz7ehjY1MzJ5qw3xmL/gWLPBNAH8Felq5CQ=
Subject key identifier:   63:67:AD:43:2C:15:EF:AE:FB:59:DF:AF:DF:18:98:2D:2D:2F:37:2F
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       01913254337F3DF5D9EEC0E2B8FBD839358E
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Y2etQywV7677Wd-v3xiYLS0vNy8.roa
Signing time:             Thu 08 Aug 2024 14:11:04 +0000
ROA not before:           Thu 08 Aug 2024 14:11:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.149.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:54:33:7f:3d:f5:d9:ee:c0:e2:b8:fb:d8:39:35:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Aug  8 14:11:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6367ad432c15efaefb59dfafdf18982d2d2f372f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:53:1b:db:31:56:16:0c:12:83:f5:27:ff:04:
                    db:77:c7:43:b5:e0:88:da:d2:50:f6:7a:8d:7f:e9:
                    8d:5b:94:e5:27:92:5d:9f:9c:d0:83:49:6e:74:e9:
                    20:b2:93:75:97:f4:04:eb:09:2d:ea:07:b8:6b:24:
                    94:2b:7a:fc:53:74:4b:5a:b4:a2:b0:ed:9c:c6:8b:
                    03:76:56:5c:44:62:e4:51:84:d1:1f:22:2d:bc:7f:
                    b3:60:5f:6b:25:fc:53:ab:2e:a6:38:85:77:b0:d9:
                    3e:b7:18:d6:61:a4:e0:46:5e:a6:03:98:50:42:83:
                    54:61:d2:44:70:0d:bb:e8:63:53:2e:70:f9:d1:0d:
                    3d:71:a9:5a:2e:6c:e0:45:0a:ac:fe:3e:12:85:ad:
                    9d:4a:d7:cb:00:fb:39:1e:ba:4a:0d:d5:a6:5a:9c:
                    9a:e8:f3:98:10:c4:c5:f2:56:99:9a:10:65:82:a0:
                    96:3e:72:2c:58:ac:88:05:94:fb:bf:38:cd:42:d2:
                    d8:bb:bd:fc:e7:7c:b1:3b:c1:0e:bc:4b:17:4f:8b:
                    b1:8d:a2:f2:27:a9:4b:e6:21:54:02:86:b7:e1:39:
                    7c:80:0c:a0:ba:28:be:6f:4c:2d:b9:5f:e0:65:eb:
                    c1:93:e6:56:c4:1a:dd:2b:db:9f:6b:8b:33:f9:80:
                    32:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:67:AD:43:2C:15:EF:AE:FB:59:DF:AF:DF:18:98:2D:2D:2F:37:2F
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Y2etQywV7677Wd-v3xiYLS0vNy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:53:d8:e0:83:80:90:d6:8f:e8:70:a2:c0:9e:bc:24:fd:51:
         a0:5c:b5:95:e2:3f:92:4f:8a:5d:c3:d5:97:8a:0b:b7:38:c2:
         41:35:3f:ad:52:55:f6:d9:93:a5:9d:1e:95:7d:5e:e6:fa:77:
         0e:11:b1:09:52:7d:4c:85:e7:5d:a0:df:e6:72:33:bf:45:cd:
         44:c1:76:e9:c6:93:b0:ef:3f:54:e8:eb:f0:e7:48:cc:d4:04:
         91:5c:ab:64:da:a4:da:04:bc:fa:7f:04:06:60:c9:00:d3:30:
         0b:92:8e:94:86:59:86:a5:13:c8:22:be:9c:e0:e3:0b:76:f6:
         92:2a:cb:21:7e:1f:64:f6:40:df:f8:d8:f3:b0:db:75:39:91:
         7a:4d:29:14:17:9b:78:ce:69:85:e8:cd:d4:77:14:f9:54:a4:
         0d:df:93:13:23:20:ef:2a:62:a1:be:80:59:e1:61:a0:3a:e2:
         9b:dc:e9:e2:f2:5a:82:eb:8a:05:65:fa:c5:9d:c1:b2:35:bb:
         23:62:77:52:20:84:9d:e0:59:e5:bf:3c:35:1d:59:07:fe:b8:
         00:d6:29:98:04:e5:77:cb:7a:8f:cc:cb:f4:ab:3a:64:93:d9:
         3e:d8:55:8e:d7:b7:64:e7:f1:7b:8d:90:4e:81:17:14:25:5f:
         e5:31:a2:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEyVDN/PfXZ7sDiuPvYOTWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQwODA4MTQxMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzY3YWQ0MzJjMTVlZmFlZmI1OWRmYWZkZjE4OTgyZDJkMmYzNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FMb2zFWFgwSg/Un/wTbd8dDteCI
2tJQ9nqNf+mNW5TlJ5Jdn5zQg0ludOkgspN1l/QE6wkt6ge4aySUK3r8U3RLWrSi
sO2cxosDdlZcRGLkUYTRHyItvH+zYF9rJfxTqy6mOIV3sNk+txjWYaTgRl6mA5hQ
QoNUYdJEcA276GNTLnD50Q09calaLmzgRQqs/j4Sha2dStfLAPs5HrpKDdWmWpya
6POYEMTF8laZmhBlgqCWPnIsWKyIBZT7vzjNQtLYu73853yxO8EOvEsXT4uxjaLy
J6lL5iFUAoa34Tl8gAyguii+b0wtuV/gZevBk+ZWxBrdK9ufa4sz+YAyowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNnrUMsFe+u+1nfr98YmC0tLzcvMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvWTJldFF5d1Y3Njc3V2QtdjN4aVlMUzB2Tnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUFMA0G
CSqGSIb3DQEBCwUAA4IBAQALU9jgg4CQ1o/ocKLAnrwk/VGgXLWV4j+ST4pdw9WX
igu3OMJBNT+tUlX22ZOlnR6VfV7m+ncOEbEJUn1MheddoN/mcjO/Rc1EwXbpxpOw
7z9U6Ovw50jM1ASRXKtk2qTaBLz6fwQGYMkA0zALko6UhlmGpRPIIr6c4OMLdvaS
Ksshfh9k9kDf+NjzsNt1OZF6TSkUF5t4zmmF6M3UdxT5VKQN35MTIyDvKmKhvoBZ
4WGgOuKb3Oni8lqC64oFZfrFncGyNbsjYndSIISd4Fnlvzw1HVkH/rgA1imYBOV3
y3qPzMv0qzpkk9k+2FWO17dk5/F7jZBOgRcUJV/lMaJH
-----END CERTIFICATE-----