Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/_5u63omjn-3Ep5zGtCUSp_YfCZ0.roa
File:                     _5u63omjn-3Ep5zGtCUSp_YfCZ0.roa (raw, json)
Hash identifier:          BVDKzXj9olir1TmPExODg0fGUN9CdvOxpShgLN+H5A4=
Subject key identifier:   FF:9B:BA:DE:89:A3:9F:ED:C4:A7:9C:C6:B4:25:12:A7:F6:1F:09:9D
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       0192CA22E3B76F3D0CAEBCD1B503563EA35F
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/_5u63omjn-3Ep5zGtCUSp_YfCZ0.roa
Signing time:             Sat 26 Oct 2024 18:42:17 +0000
ROA not before:           Sat 26 Oct 2024 18:42:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152700
IP address blocks:        45.149.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ca:22:e3:b7:6f:3d:0c:ae:bc:d1:b5:03:56:3e:a3:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Oct 26 18:42:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff9bbade89a39fedc4a79cc6b42512a7f61f099d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9b:24:4a:36:2d:85:f3:f1:c6:56:28:10:28:
                    3a:a9:d1:30:8c:4f:c7:a1:6d:48:0f:7e:d9:1d:c4:
                    26:90:8b:06:2c:4f:68:49:61:ce:fc:f3:31:3e:a7:
                    48:f8:ee:cb:f5:23:2a:68:1a:91:c6:e1:10:dc:8c:
                    50:7f:8d:27:84:dc:a7:28:61:a4:66:7d:3b:7f:11:
                    f9:e4:5a:9c:ff:d7:64:7a:78:61:4f:55:be:be:da:
                    05:dc:97:24:61:86:96:58:1b:92:ad:65:77:a5:90:
                    53:76:a7:cf:7f:55:09:2f:24:04:4d:23:6a:31:8d:
                    1d:10:63:4e:31:b2:55:0d:53:92:20:58:63:ee:31:
                    ee:7c:d4:43:91:23:4a:b6:3f:21:ae:ef:68:da:ce:
                    63:24:39:ed:a5:2e:ee:2a:b7:c3:4f:e8:1c:86:d3:
                    45:0a:98:b0:00:d3:1b:d9:42:22:17:d6:2b:17:82:
                    f6:40:07:86:26:a4:23:a2:46:b3:b9:b1:58:d3:11:
                    c1:f6:b4:3f:37:2c:a0:20:c8:ef:7d:94:ca:dd:35:
                    ef:7b:20:fe:f1:af:66:11:32:fe:26:0a:17:06:76:
                    5d:b4:04:be:d2:6f:79:a0:e7:c8:52:b4:4d:f8:45:
                    08:09:00:6d:a1:9e:e9:3b:64:8b:7e:84:95:ce:c1:
                    a5:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:9B:BA:DE:89:A3:9F:ED:C4:A7:9C:C6:B4:25:12:A7:F6:1F:09:9D
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/_5u63omjn-3Ep5zGtCUSp_YfCZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c3:a5:5f:f2:7a:ff:90:9f:d2:18:72:18:92:fd:a5:c8:e5:
         69:79:25:44:cd:36:8d:e9:e3:1b:ee:fa:d6:55:fa:33:73:ab:
         8b:07:60:71:35:55:e7:10:6b:2d:91:87:67:57:c7:c0:8e:9b:
         87:16:9a:27:9e:86:76:c7:8b:a3:27:b5:31:38:d3:10:3d:42:
         be:81:3a:31:22:a8:cc:39:07:a5:d9:03:11:ab:b2:0e:1a:90:
         41:f8:78:5f:35:0a:48:fc:4e:27:15:d3:a5:26:d7:aa:01:ae:
         ed:4e:66:69:03:e3:d7:b8:8c:4a:17:75:e8:75:90:38:17:6a:
         a2:dc:dc:66:bd:ce:e6:40:6b:56:ab:55:15:40:77:60:5d:e4:
         f6:d4:e8:42:9d:85:4f:54:ee:b9:55:17:83:f2:39:91:e9:be:
         29:c0:76:e4:18:78:b3:42:4a:6b:80:34:9f:82:fe:77:77:46:
         4a:7b:f2:89:ab:d7:0a:00:16:90:63:f4:2b:3d:fb:bd:ee:be:
         3a:7f:ac:eb:43:ba:55:be:ad:46:1c:5d:37:cd:c2:52:e9:96:
         95:f9:69:39:54:20:39:ff:03:61:f5:b2:c5:a9:65:5a:66:ab:
         b9:01:c6:f7:9d:2a:7e:8e:34:0e:61:96:8c:08:81:6d:db:6e:
         bd:a5:de:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLKIuO3bz0MrrzRtQNWPqNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQxMDI2MTg0MjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjliYmFkZTg5YTM5ZmVkYzRhNzljYzZiNDI1MTJhN2Y2MWYwOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5skSjYthfPxxlYoECg6qdEwjE/H
oW1ID37ZHcQmkIsGLE9oSWHO/PMxPqdI+O7L9SMqaBqRxuEQ3IxQf40nhNynKGGk
Zn07fxH55Fqc/9dkenhhT1W+vtoF3JckYYaWWBuSrWV3pZBTdqfPf1UJLyQETSNq
MY0dEGNOMbJVDVOSIFhj7jHufNRDkSNKtj8hru9o2s5jJDntpS7uKrfDT+gchtNF
CpiwANMb2UIiF9YrF4L2QAeGJqQjokazubFY0xHB9rQ/NyygIMjvfZTK3TXveyD+
8a9mETL+JgoXBnZdtAS+0m95oOfIUrRN+EUICQBtoZ7pO2SLfoSVzsGlYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+but6Jo5/txKecxrQlEqf2HwmdMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvXzV1NjNvbWpuLTNFcDV6R3RDVVNwX1lmQ1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUGMA0G
CSqGSIb3DQEBCwUAA4IBAQAuw6Vf8nr/kJ/SGHIYkv2lyOVpeSVEzTaN6eMb7vrW
Vfozc6uLB2BxNVXnEGstkYdnV8fAjpuHFponnoZ2x4ujJ7UxONMQPUK+gToxIqjM
OQel2QMRq7IOGpBB+HhfNQpI/E4nFdOlJteqAa7tTmZpA+PXuIxKF3XodZA4F2qi
3Nxmvc7mQGtWq1UVQHdgXeT21OhCnYVPVO65VReD8jmR6b4pwHbkGHizQkprgDSf
gv53d0ZKe/KJq9cKABaQY/QrPfu97r46f6zrQ7pVvq1GHF03zcJS6ZaV+Wk5VCA5
/wNh9bLFqWVaZqu5Acb3nSp+jjQOYZaMCIFt2269pd5E
-----END CERTIFICATE-----