Route Origin Authorization

$ rpki-client -vvf rpki.sn-p.io/repo/sn-p-io/1/323030313a3637633a313239633a3a2f34382d313238203d3e20323030393735.roa
File:                     323030313a3637633a313239633a3a2f34382d313238203d3e20323030393735.roa (raw, json)
Hash identifier:          YbeNQUTJMkcRnxxbHI0l8mp82wr17SjiF8nlI2gVFdE=
Subject key identifier:   41:F4:AF:D9:D3:64:61:28:64:EB:05:09:82:C8:F5:82:5A:6C:85:C3
Certificate issuer:       /CN=45fad4649403f24502e9c3fa40103955bc3b5924
Certificate serial:       298529D4AB28A6C03CEB541E4E40E9928CDEB746
Authority key identifier: 45:FA:D4:64:94:03:F2:45:02:E9:C3:FA:40:10:39:55:BC:3B:59:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer
Subject info access:      rsync://rpki.sn-p.io/repo/sn-p-io/1/323030313a3637633a313239633a3a2f34382d313238203d3e20323030393735.roa
Signing time:             Tue 14 May 2024 15:32:46 +0000
ROA not before:           Tue 14 May 2024 15:27:46 +0000
ROA not after:            Tue 13 May 2025 15:32:46 +0000
asID:                     200975
IP address blocks:        2001:67c:129c::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.crl
                          rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:85:29:d4:ab:28:a6:c0:3c:eb:54:1e:4e:40:e9:92:8c:de:b7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45fad4649403f24502e9c3fa40103955bc3b5924
        Validity
            Not Before: May 14 15:27:46 2024 GMT
            Not After : May 13 15:32:46 2025 GMT
        Subject: CN=41F4AFD9D364612864EB050982C8F5825A6C85C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7d:8c:95:b8:52:e9:27:38:53:d2:8d:85:b6:
                    97:a6:3c:80:c5:17:12:1a:81:79:6b:11:c8:59:f4:
                    cb:a7:2d:a5:90:1c:b4:ea:a7:95:2d:03:5d:e5:ed:
                    47:3b:88:f7:c1:e9:3f:9e:2b:91:cd:4a:23:fe:fe:
                    f6:f1:32:12:82:06:97:1b:e5:9d:af:45:e1:52:f4:
                    ed:f4:51:9a:de:76:61:e7:4c:6a:6e:a0:86:b8:b7:
                    df:ea:5a:58:d9:28:6e:5c:01:67:f3:c8:96:9a:2e:
                    b1:82:cd:63:84:c9:0a:6c:97:8e:51:d2:43:94:28:
                    f8:26:0c:6b:f9:a0:ce:17:05:60:64:6e:a7:03:70:
                    42:df:d9:44:e3:1e:ee:56:2e:10:a5:9f:9d:2e:66:
                    72:86:9e:56:e5:9e:cc:ef:60:a3:86:f5:e8:2b:55:
                    e2:25:63:26:78:1a:b5:94:1c:6e:37:d8:82:46:88:
                    d7:e1:ff:46:e1:68:f8:30:fd:cf:4a:f7:c4:b3:c4:
                    b7:72:8d:18:64:8f:29:8c:27:0c:5f:8c:b2:20:47:
                    40:b0:8a:32:a8:67:7c:7b:db:7f:4c:d1:f3:f3:0d:
                    bf:50:2f:56:85:d1:55:81:ae:0b:e6:66:6d:69:9c:
                    5c:50:37:60:b2:80:05:b4:63:b8:5b:ca:b2:37:0f:
                    4b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F4:AF:D9:D3:64:61:28:64:EB:05:09:82:C8:F5:82:5A:6C:85:C3
            X509v3 Authority Key Identifier:
                keyid:45:FA:D4:64:94:03:F2:45:02:E9:C3:FA:40:10:39:55:BC:3B:59:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sn-p.io/repo/sn-p-io/1/323030313a3637633a313239633a3a2f34382d313238203d3e20323030393735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:129c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:f7:77:c7:9b:3e:62:88:39:74:57:c6:ab:7e:5b:06:2d:72:
         4d:1f:ab:47:16:fb:01:8e:8c:55:10:0c:6a:5e:f0:22:8e:d3:
         c7:58:6f:76:c1:fb:81:32:d5:56:b4:b9:1d:80:e3:b2:a3:ee:
         02:be:9a:02:a3:fa:ae:b9:c5:2b:29:5a:44:aa:64:86:4a:0b:
         fd:77:c6:0b:63:67:a5:e7:15:23:cd:24:ab:70:67:f9:64:3f:
         92:12:86:37:61:4b:73:ae:c2:7e:39:0b:fb:21:02:48:d0:46:
         b6:37:23:8d:f1:1f:f6:5a:eb:96:f1:46:c9:9e:36:59:78:3d:
         87:32:b5:e1:3f:ff:68:fc:f6:b9:8e:68:20:aa:20:9f:bd:a5:
         60:c4:f6:6e:a8:7c:3f:a4:cb:19:45:48:ba:24:de:b2:fd:00:
         06:5c:da:b3:cb:1a:98:86:67:6f:5d:dc:66:a2:2d:90:c9:d5:
         dd:c6:96:cd:e8:3a:ee:7b:46:76:c0:7c:97:38:d1:8e:97:a0:
         73:f4:e0:37:ea:19:0e:e6:57:b9:cd:44:00:a5:43:9c:b3:7f:
         02:7e:02:d4:d1:82:2d:18:0e:66:bc:a8:f3:94:0f:8a:14:6c:
         54:70:ef:66:fe:24:5d:92:40:f0:c5:6e:55:75:d0:3c:85:62:
         91:72:2a:36
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUKYUp1KsopsA861QeTkDpkozet0YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVmYWQ0NjQ5NDAzZjI0NTAyZTljM2ZhNDAxMDM5NTVi
YzNiNTkyNDAeFw0yNDA1MTQxNTI3NDZaFw0yNTA1MTMxNTMyNDZaMDMxMTAvBgNV
BAMTKDQxRjRBRkQ5RDM2NDYxMjg2NEVCMDUwOTgyQzhGNTgyNUE2Qzg1QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4fYyVuFLpJzhT0o2FtpemPIDF
FxIagXlrEchZ9MunLaWQHLTqp5UtA13l7Uc7iPfB6T+eK5HNSiP+/vbxMhKCBpcb
5Z2vReFS9O30UZredmHnTGpuoIa4t9/qWljZKG5cAWfzyJaaLrGCzWOEyQpsl45R
0kOUKPgmDGv5oM4XBWBkbqcDcELf2UTjHu5WLhCln50uZnKGnlblnszvYKOG9egr
VeIlYyZ4GrWUHG432IJGiNfh/0bhaPgw/c9K98SzxLdyjRhkjymMJwxfjLIgR0Cw
ijKoZ3x7239M0fPzDb9QL1aF0VWBrgvmZm1pnFxQN2CygAW0Y7hbyrI3D0uVAgMB
AAGjggHiMIIB3jAdBgNVHQ4EFgQUQfSv2dNkYShk6wUJgsj1glpshcMwHwYDVR0j
BBgwFoAURfrUZJQD8kUC6cP6QBA5Vbw7WSQwDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnBraS5zbi1wLmlvL3JlcG8vc24tcC1pby8x
LzQ1RkFENDY0OTQwM0YyNDUwMkU5QzNGQTQwMTAzOTU1QkMzQjU5MjQuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9SZnJVWkpRRDhrVUM2Y1A2UUJBNVZidzdXU1Eu
Y2VyMIGEBggrBgEFBQcBCwR4MHYwdAYIKwYBBQUHMAuGaHJzeW5jOi8vcnBraS5z
bi1wLmlvL3JlcG8vc24tcC1pby8xLzMyMzAzMDMxM2EzNjM3NjMzYTMxMzIzOTYz
M2EzYTJmMzQzODJkMzEzMjM4MjAzZDNlMjAzMjMwMzAzOTM3MzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAgAQZ8EpwwDQYJKoZIhvcNAQELBQADggEBALH3d8ebPmKIOXRXxqt+WwYtck0f
q0cW+wGOjFUQDGpe8CKO08dYb3bB+4Ey1Va0uR2A47Kj7gK+mgKj+q65xSspWkSq
ZIZKC/13xgtjZ6XnFSPNJKtwZ/lkP5IShjdhS3Ouwn45C/shAkjQRrY3I43xH/Za
65bxRsmeNll4PYcyteE//2j89rmOaCCqIJ+9pWDE9m6ofD+kyxlFSLok3rL9AAZc
2rPLGpiGZ29d3GaiLZDJ1d3Gls3oOu57RnbAfJc40Y6XoHP04DfqGQ7mV7nNRACl
Q5yzfwJ+AtTRgi0YDma8qPOUD4oUbFRw72b+JF2SQPDFblV10DyFYpFyKjY=
-----END CERTIFICATE-----