Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ipc0sbGOXRcIq3Hfxk6p6mk718U.roa
File:                     ipc0sbGOXRcIq3Hfxk6p6mk718U.roa (raw, json)
Hash identifier:          Jnnz8hMwodRD2Df/594p7lE7g7K+XL0IyFs3od1QWVQ=
Subject key identifier:   8A:97:34:B1:B1:8E:5D:17:08:AB:71:DF:C6:4E:A9:EA:69:3B:D7:C5
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       01912142638E74DB3E1E54C17FB125948B82
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ipc0sbGOXRcIq3Hfxk6p6mk718U.roa
Signing time:             Mon 05 Aug 2024 06:38:04 +0000
ROA not before:           Mon 05 Aug 2024 06:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.155.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:21:42:63:8e:74:db:3e:1e:54:c1:7f:b1:25:94:8b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Aug  5 06:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a9734b1b18e5d1708ab71dfc64ea9ea693bd7c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3b:ff:a5:71:42:db:42:de:c9:9e:40:dc:ed:
                    c2:2e:93:f1:43:c1:fc:ee:b5:c8:9b:3f:46:1f:3f:
                    2d:f2:56:09:b7:ea:dd:f8:27:1b:0a:14:4d:26:3e:
                    0f:6d:f6:ab:f9:37:ba:a5:5a:63:d8:4d:b9:5e:7c:
                    6d:67:3c:2e:2b:18:92:df:24:ea:62:f6:fe:3c:fb:
                    d1:da:5a:52:c9:c7:bc:2c:bc:73:d0:f5:9d:54:18:
                    ea:58:58:23:f8:bb:82:64:8a:a4:81:44:d8:ce:4c:
                    c2:22:02:c0:fb:d0:5d:38:77:77:7e:9b:5a:53:b7:
                    8a:b5:47:f0:27:de:f9:c0:2d:41:5e:70:03:db:64:
                    f5:cf:1a:28:98:58:54:09:8e:6c:97:b2:ff:e7:b9:
                    a0:c7:9a:02:8b:68:3f:2b:b1:78:4d:f0:11:e6:23:
                    4c:57:27:89:f8:69:ca:55:0e:52:f2:ee:66:11:af:
                    53:91:02:67:33:0b:b4:70:4f:f1:55:3c:49:8d:60:
                    6a:28:50:0c:fa:f5:4b:6f:da:19:d2:3d:af:89:7f:
                    47:23:c1:af:da:d6:82:e8:e4:04:fa:dc:21:0a:ba:
                    72:a5:89:ec:b4:fe:ee:35:8d:03:16:aa:c7:f8:73:
                    3a:d3:7a:04:f1:7f:4e:31:25:fa:e7:3c:cb:4f:6c:
                    4c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:97:34:B1:B1:8E:5D:17:08:AB:71:DF:C6:4E:A9:EA:69:3B:D7:C5
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ipc0sbGOXRcIq3Hfxk6p6mk718U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:4d:f8:6a:35:42:73:a9:6d:c2:dd:27:af:21:89:60:c1:5a:
         d8:68:43:5a:2b:05:4b:bc:18:9c:0b:7a:7b:e0:9e:0c:15:8e:
         53:0c:5b:c2:f2:93:8a:61:d1:c5:50:ba:cb:f4:c5:a6:a1:bd:
         35:60:a5:40:83:91:ab:97:cb:a2:9d:aa:74:d8:57:22:47:99:
         8b:6f:3b:20:85:8d:38:fb:64:99:ad:f5:14:b7:7d:ad:7d:54:
         1f:96:6e:6e:e8:27:d3:6d:a4:7c:41:ba:b2:2c:34:c8:e7:78:
         66:d7:a3:7a:a4:96:89:cd:f8:78:ec:e3:cb:88:70:05:fe:b3:
         28:cc:9d:41:49:99:0b:08:4a:7c:b3:e2:ba:58:f1:e0:ee:ab:
         bf:70:c3:90:d1:c5:7c:be:05:e3:88:ee:ac:b9:b2:35:dc:b4:
         36:d3:9a:99:56:dd:30:7e:b1:64:57:a8:b9:5c:cf:c5:b8:0b:
         bf:6a:0b:3b:3b:88:b6:a2:18:92:ce:ee:6d:63:33:a4:11:50:
         5e:b7:3d:26:60:01:13:1d:76:df:0b:b4:74:0d:11:8a:1f:b0:
         e9:af:12:29:f9:52:67:76:6a:96:99:3d:33:b0:6d:a4:1f:f4:
         04:48:8d:24:74:5f:4a:43:95:38:f2:46:05:ce:e8:e8:c4:c0:
         99:c0:54:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEhQmOOdNs+HlTBf7EllIuCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwODA1MDYzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk3MzRiMWIxOGU1ZDE3MDhhYjcxZGZjNjRlYTllYTY5M2JkN2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDv/pXFC20LeyZ5A3O3CLpPxQ8H8
7rXImz9GHz8t8lYJt+rd+CcbChRNJj4Pbfar+Te6pVpj2E25XnxtZzwuKxiS3yTq
Yvb+PPvR2lpSyce8LLxz0PWdVBjqWFgj+LuCZIqkgUTYzkzCIgLA+9BdOHd3fpta
U7eKtUfwJ975wC1BXnAD22T1zxoomFhUCY5sl7L/57mgx5oCi2g/K7F4TfAR5iNM
VyeJ+GnKVQ5S8u5mEa9TkQJnMwu0cE/xVTxJjWBqKFAM+vVLb9oZ0j2viX9HI8Gv
2taC6OQE+twhCrpypYnstP7uNY0DFqrH+HM603oE8X9OMSX65zzLT2xMwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqXNLGxjl0XCKtx38ZOqeppO9fFMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvaXBjMHNiR09YUmNJcTNIZnhrNnA2bWs3MThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvyMA0G
CSqGSIb3DQEBCwUAA4IBAQAwTfhqNUJzqW3C3SevIYlgwVrYaENaKwVLvBicC3p7
4J4MFY5TDFvC8pOKYdHFULrL9MWmob01YKVAg5Grl8uinap02FciR5mLbzsghY04
+2SZrfUUt32tfVQflm5u6CfTbaR8QbqyLDTI53hm16N6pJaJzfh47OPLiHAF/rMo
zJ1BSZkLCEp8s+K6WPHg7qu/cMOQ0cV8vgXjiO6subI13LQ205qZVt0wfrFkV6i5
XM/FuAu/ags7O4i2ohiSzu5tYzOkEVBetz0mYAETHXbfC7R0DRGKH7DprxIp+VJn
dmqWmT0zsG2kH/QESI0kdF9KQ5U48kYFzujoxMCZwFS8
-----END CERTIFICATE-----