Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/IuKFaLWdmO0X07_SgJk6aDGcquM.roa
File:                     IuKFaLWdmO0X07_SgJk6aDGcquM.roa (raw, json)
Hash identifier:          aN7ycUTtb9Av5V2mmetM+jGjZ7T1HsTJaSqraQ3Dtdk=
Subject key identifier:   22:E2:85:68:B5:9D:98:ED:17:D3:BF:D2:80:99:3A:68:31:9C:AA:E3
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0192CB25FB9E45E6FFF2A908F7643CFDA206
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/IuKFaLWdmO0X07_SgJk6aDGcquM.roa
Signing time:             Sat 26 Oct 2024 23:25:16 +0000
ROA not before:           Sat 26 Oct 2024 23:25:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.112.195.0/24 maxlen: 24
                          103.102.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cb:25:fb:9e:45:e6:ff:f2:a9:08:f7:64:3c:fd:a2:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Oct 26 23:25:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22e28568b59d98ed17d3bfd280993a68319caae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fb:52:1c:62:e4:e8:97:cf:cb:66:99:f0:40:
                    f8:ee:01:43:93:26:af:a3:b3:35:b5:5d:32:a0:f8:
                    ef:c4:e7:e1:72:3d:09:b7:c6:58:5f:fe:1c:e3:20:
                    0f:af:e5:b3:f6:4c:2e:4c:0f:10:d2:e7:f3:0d:5e:
                    99:d5:f7:e6:3c:65:ab:30:c3:c3:d9:8f:3f:1c:f1:
                    01:72:a8:16:3c:f5:8e:96:2b:c3:60:66:7b:7d:af:
                    b1:34:3a:d4:70:63:ab:e2:3d:29:59:a7:cc:94:77:
                    59:41:a5:ac:a5:39:b2:e6:bd:1e:bf:7d:d3:58:ac:
                    0a:8b:c5:c7:09:73:16:da:1e:4d:0b:85:b8:a7:e5:
                    3c:67:ba:36:90:8b:65:5f:e1:28:19:a5:9a:3d:8f:
                    1e:18:18:d5:a9:18:40:f1:52:d4:9f:8d:c6:ac:e2:
                    b0:be:8c:e8:7a:54:c1:f7:e1:f5:d7:50:ec:89:6f:
                    fc:12:b0:fe:b4:a2:00:78:03:1e:57:f8:52:9c:9d:
                    ff:a6:ba:23:82:6b:66:c0:6a:c3:1e:df:c9:8b:51:
                    d6:89:ff:cc:c9:ec:82:86:5a:3c:9b:3d:af:b3:72:
                    93:cd:6b:bd:6e:d8:9f:04:65:93:05:6a:6d:20:3e:
                    33:f5:1e:23:83:f9:c9:79:89:69:70:28:63:78:a7:
                    e4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E2:85:68:B5:9D:98:ED:17:D3:BF:D2:80:99:3A:68:31:9C:AA:E3
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/IuKFaLWdmO0X07_SgJk6aDGcquM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.195.0/24
                  103.102.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:49:84:51:9a:32:b3:e3:84:25:8b:0e:42:9b:81:a6:0c:a4:
         83:d9:55:7d:d9:4e:c9:fc:c9:02:a7:9d:b3:cb:1d:59:1e:b8:
         11:21:06:7b:71:9c:a2:7c:79:34:52:f9:87:35:3e:b3:3d:40:
         19:cc:3a:2e:ef:b2:c8:df:f4:74:45:5d:73:70:89:37:7b:17:
         78:3f:54:dc:d6:99:a1:69:b2:5d:8b:0a:96:f9:15:e8:37:84:
         de:ee:65:bf:42:05:58:9e:17:7d:d9:a4:d8:41:a2:40:d3:76:
         36:3c:03:74:75:ef:29:9a:cd:32:15:49:d5:9a:b4:ec:c7:73:
         37:c1:e1:c7:d1:09:6a:39:b9:7f:96:68:76:bb:e9:ac:3c:8a:
         9a:c5:ef:14:99:7d:07:22:ae:eb:4e:10:dd:7a:22:3f:9e:3d:
         87:fd:89:3e:35:b1:68:18:49:02:5a:92:64:a4:c4:e3:ed:99:
         40:8e:fc:97:30:6e:96:6f:1c:15:e5:f6:f1:c3:56:42:ef:c4:
         c2:5f:e7:b2:62:85:96:8a:de:62:88:8a:85:42:00:7c:ec:fb:
         c7:00:23:e7:bb:c5:f1:09:92:e8:69:fc:bf:64:3c:3b:fe:a7:
         2a:61:3a:88:38:d6:8f:13:24:32:8b:13:72:17:c0:5e:e3:86:
         c9:62:d9:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLLJfueReb/8qkI92Q8/aIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjQxMDI2MjMyNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmUyODU2OGI1OWQ5OGVkMTdkM2JmZDI4MDk5M2E2ODMxOWNhYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/tSHGLk6JfPy2aZ8ED47gFDkyav
o7M1tV0yoPjvxOfhcj0Jt8ZYX/4c4yAPr+Wz9kwuTA8Q0ufzDV6Z1ffmPGWrMMPD
2Y8/HPEBcqgWPPWOlivDYGZ7fa+xNDrUcGOr4j0pWafMlHdZQaWspTmy5r0ev33T
WKwKi8XHCXMW2h5NC4W4p+U8Z7o2kItlX+EoGaWaPY8eGBjVqRhA8VLUn43GrOKw
vozoelTB9+H111DsiW/8ErD+tKIAeAMeV/hSnJ3/projgmtmwGrDHt/Ji1HWif/M
yeyChlo8mz2vs3KTzWu9btifBGWTBWptID4z9R4jg/nJeYlpcChjeKfkFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCLihWi1nZjtF9O/0oCZOmgxnKrjMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvSXVLRmFMV2RtTzBYMDdfU2dKazZhREdjcXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALXDDAwQA
Z2bnMA0GCSqGSIb3DQEBCwUAA4IBAQAySYRRmjKz44Qliw5Cm4GmDKSD2VV92U7J
/MkCp52zyx1ZHrgRIQZ7cZyifHk0UvmHNT6zPUAZzDou77LI3/R0RV1zcIk3exd4
P1Tc1pmhabJdiwqW+RXoN4Te7mW/QgVYnhd92aTYQaJA03Y2PAN0de8pms0yFUnV
mrTsx3M3weHH0QlqObl/lmh2u+msPIqaxe8UmX0HIq7rThDdeiI/nj2H/Yk+NbFo
GEkCWpJkpMTj7ZlAjvyXMG6WbxwV5fbxw1ZC78TCX+eyYoWWit5iiIqFQgB87PvH
ACPnu8XxCZLoafy/ZDw7/qcqYTqIONaPEyQyixNyF8Be44bJYtmN
-----END CERTIFICATE-----