Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/QCIHUGVE3kTIFoEuC8v1m31sM9g.roa
File:                     QCIHUGVE3kTIFoEuC8v1m31sM9g.roa (raw, json)
Hash identifier:          ppSGxtp9pbTOMMKdgb4eaIvDsRApADBFLQT39xhSeDw=
Subject key identifier:   40:22:07:50:65:44:DE:44:C8:16:81:2E:0B:CB:F5:9B:7D:6C:33:D8
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018CC8DE13F40B23FF5B0977BE519ED56330
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/QCIHUGVE3kTIFoEuC8v1m31sM9g.roa
Signing time:             Tue 02 Jan 2024 06:30:46 +0000
ROA not before:           Tue 02 Jan 2024 06:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.156.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 10:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:13:f4:0b:23:ff:5b:09:77:be:51:9e:d5:63:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  2 06:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=402207506544de44c816812e0bcbf59b7d6c33d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e6:ac:9b:26:71:d3:ef:67:ba:13:fe:96:0b:
                    15:9d:9a:8d:ed:39:b0:86:07:34:b1:ca:64:fb:31:
                    bd:f6:8c:b8:6c:45:14:a2:a5:d2:a8:ea:6d:69:30:
                    44:2d:f1:b4:c6:b1:2b:d3:cd:09:1e:b7:18:c6:cb:
                    21:e3:91:10:4b:b6:b7:08:5a:9f:a7:0f:e0:f4:bd:
                    fc:e6:01:84:85:79:ad:77:33:d2:59:ce:26:5b:f3:
                    3b:ed:aa:93:a5:14:5a:5a:8a:20:dd:ae:86:5f:36:
                    4e:37:83:db:e2:c4:fd:c4:47:51:8b:5a:cf:84:59:
                    e6:75:c7:cc:5f:d6:8e:04:32:2c:a4:d7:5b:90:9e:
                    0f:a3:ab:b6:2e:4d:a7:49:a2:e5:14:a7:77:49:b4:
                    f7:52:ab:ec:4d:3e:2a:57:19:af:17:d4:c3:f1:a1:
                    b2:a7:01:69:66:66:57:41:5c:3c:82:8d:f5:48:ce:
                    75:2a:b7:e5:92:7f:c0:f7:61:13:54:36:f9:d7:62:
                    88:62:f6:b7:81:72:aa:c6:65:97:09:61:84:0e:59:
                    ab:29:d8:4d:9c:9a:f3:c7:31:e0:1c:7e:57:78:65:
                    69:c1:2d:d0:9e:3e:46:c9:cd:ae:fa:2f:d6:27:a6:
                    a4:d8:19:95:8a:a8:d7:1e:2c:29:15:a2:0d:f2:b4:
                    16:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:22:07:50:65:44:DE:44:C8:16:81:2E:0B:CB:F5:9B:7D:6C:33:D8
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/QCIHUGVE3kTIFoEuC8v1m31sM9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:5a:47:18:19:83:5f:1a:5c:13:f8:2a:41:06:ed:d3:ea:40:
         68:9d:30:38:08:76:cb:d9:37:17:fe:a3:92:39:77:93:81:e9:
         18:76:b6:93:29:01:26:78:3a:25:61:cc:b0:fe:b0:1c:d8:61:
         82:ee:1b:0f:0e:6d:4c:72:ef:07:93:6a:30:0c:f1:ad:3b:9e:
         08:27:b2:0e:29:7d:f5:e5:8f:3c:26:d6:a2:24:a2:3f:09:01:
         2f:ad:60:0d:50:3d:93:75:3e:f6:29:44:08:ba:1c:fd:27:ec:
         6f:e0:e1:86:a4:2c:6b:de:21:ab:19:95:09:0c:05:97:7d:d6:
         58:8c:f6:04:c4:7f:91:8c:cb:2a:0f:03:d8:af:a6:70:2f:37:
         5c:b2:c7:a3:2d:80:4c:7b:61:c6:be:94:f1:c3:52:2c:52:e2:
         53:9c:a7:62:8d:4e:30:52:3b:96:0b:8b:7a:f4:fb:6a:44:6c:
         64:e6:a0:3c:c5:09:bf:81:65:13:a2:4b:f1:83:34:8a:7c:f4:
         63:d8:52:de:99:7b:14:e9:a7:ba:3e:a6:43:21:a1:c9:d8:4f:
         44:f1:56:c9:85:73:fd:d9:1e:ec:4f:92:73:9b:aa:ba:f2:40:
         c3:a5:d2:f2:91:b0:60:f6:7e:6a:ed:a3:c0:a2:b1:05:12:e0:
         85:ac:cd:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hP0CyP/Wwl3vlGe1WMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwMTAyMDYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDIyMDc1MDY1NDRkZTQ0YzgxNjgxMmUwYmNiZjU5YjdkNmMzM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+asmyZx0+9nuhP+lgsVnZqN7Tmw
hgc0scpk+zG99oy4bEUUoqXSqOptaTBELfG0xrEr080JHrcYxssh45EQS7a3CFqf
pw/g9L385gGEhXmtdzPSWc4mW/M77aqTpRRaWoog3a6GXzZON4Pb4sT9xEdRi1rP
hFnmdcfMX9aOBDIspNdbkJ4Po6u2Lk2nSaLlFKd3SbT3UqvsTT4qVxmvF9TD8aGy
pwFpZmZXQVw8go31SM51Krflkn/A92ETVDb512KIYva3gXKqxmWXCWGEDlmrKdhN
nJrzxzHgHH5XeGVpwS3Qnj5Gyc2u+i/WJ6ak2BmViqjXHiwpFaIN8rQWLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAiB1BlRN5EyBaBLgvL9Zt9bDPYMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvUUNJSFVHVkUza1RJRm9FdUM4djFtMzFzTTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZw0MA0G
CSqGSIb3DQEBCwUAA4IBAQBpWkcYGYNfGlwT+CpBBu3T6kBonTA4CHbL2TcX/qOS
OXeTgekYdraTKQEmeDolYcyw/rAc2GGC7hsPDm1Mcu8Hk2owDPGtO54IJ7IOKX31
5Y88JtaiJKI/CQEvrWANUD2TdT72KUQIuhz9J+xv4OGGpCxr3iGrGZUJDAWXfdZY
jPYExH+RjMsqDwPYr6ZwLzdcssejLYBMe2HGvpTxw1IsUuJTnKdijU4wUjuWC4t6
9PtqRGxk5qA8xQm/gWUTokvxgzSKfPRj2FLemXsU6ae6PqZDIaHJ2E9E8VbJhXP9
2R7sT5Jzm6q68kDDpdLykbBg9n5q7aPAorEFEuCFrM1e
-----END CERTIFICATE-----