Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/PFQxUp0toBg7wptUMAYxemMHdIE.roa
File:                     PFQxUp0toBg7wptUMAYxemMHdIE.roa (raw, json)
Hash identifier:          QmTlUkERnUriYchmm/EdxrmyutGo0sHdfb+G+UDIuEg=
Subject key identifier:   3C:54:31:52:9D:2D:A0:18:3B:C2:9B:54:30:06:31:7A:63:07:74:81
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B652CDD1755AACE6DF873E3D482FD
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/PFQxUp0toBg7wptUMAYxemMHdIE.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32181
IP address blocks:        45.153.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:65:2c:dd:17:55:aa:ce:6d:f8:73:e3:d4:82:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c5431529d2da0183bc29b543006317a63077481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a2:07:03:4d:74:0c:6e:de:74:23:60:bd:80:
                    92:57:2e:77:38:7f:e7:84:86:5d:4b:76:e7:47:8c:
                    dd:94:f5:da:fe:fb:a5:69:d8:20:b6:d1:1f:5e:08:
                    3b:17:ca:ae:1f:b3:08:bc:cc:d5:5d:71:81:73:a8:
                    8a:5b:e0:9f:06:55:71:b4:4e:83:13:90:ba:a5:b5:
                    b6:cd:4d:03:a3:a9:38:24:44:8c:b4:bd:77:4c:03:
                    c2:4d:f7:09:74:6b:23:90:95:c5:fb:58:df:37:85:
                    64:17:2b:08:75:2c:df:30:9a:5f:43:e7:c6:e4:0d:
                    06:a8:17:c4:3c:13:93:8b:ac:19:cc:72:42:96:dc:
                    d1:68:41:aa:fb:28:d9:e9:e2:62:8e:5b:16:50:14:
                    cc:d5:2a:81:8a:e2:7c:4d:f9:75:b2:95:5a:91:4a:
                    7a:b4:41:04:70:48:a9:29:90:e4:62:48:45:12:d8:
                    9a:57:69:87:bd:c5:f0:6a:81:0c:61:02:13:af:e3:
                    d6:ad:6e:de:fd:1d:14:89:14:06:eb:84:e9:3f:d8:
                    79:51:2d:3b:7b:3f:35:5d:88:3a:de:ca:5e:c2:08:
                    38:a0:23:2e:e6:b1:17:da:2b:fc:07:c5:0f:ae:f6:
                    7f:05:bd:6f:0f:87:48:04:6c:a3:78:7d:6b:1a:b4:
                    0d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:54:31:52:9D:2D:A0:18:3B:C2:9B:54:30:06:31:7A:63:07:74:81
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/PFQxUp0toBg7wptUMAYxemMHdIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:94:9a:7d:38:a9:78:86:b0:82:8c:a1:ac:01:ea:2b:69:1f:
         8b:94:04:5e:a3:ad:13:da:e4:89:3b:37:64:2b:55:1b:64:57:
         30:26:3c:4d:00:d3:f7:8f:89:51:bd:9a:e7:a0:2a:b2:87:58:
         64:bb:2b:eb:33:26:c9:a3:87:a8:9d:5e:4d:b8:ba:c3:fb:aa:
         1d:99:b6:5d:ad:47:82:8b:94:35:6f:00:f8:7a:c9:66:03:6b:
         e4:96:3c:44:e4:80:74:48:a5:ca:73:c9:36:72:0c:b8:2e:47:
         53:c8:be:ca:09:31:cd:7d:63:4e:68:e2:02:00:f4:c4:35:db:
         76:60:e9:f2:37:5f:ed:83:1f:c8:0b:85:c6:21:cf:90:28:ec:
         15:5e:87:bb:e3:61:f4:4d:df:84:df:0b:9f:36:4f:c1:a7:50:
         91:bc:ba:ea:fe:34:e4:f7:1c:64:c1:1e:f8:ec:b7:6b:38:51:
         74:88:cb:48:39:fa:4e:d4:be:82:d4:ed:24:95:95:05:2e:bc:
         70:d4:d8:30:7c:2e:bf:a5:a8:a0:e8:ab:e9:29:2c:06:9d:b0:
         9a:65:25:5d:f3:b9:92:fa:37:74:4a:15:0d:24:fc:47:99:8a:
         f9:6a:0d:f8:0f:30:cb:1c:3b:04:19:aa:6d:5d:d7:fd:ba:fa:
         6e:63:b7:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2Us3RdVqs5t+HPj1IL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU0MzE1MjlkMmRhMDE4M2JjMjliNTQzMDA2MzE3YTYzMDc3NDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaIHA010DG7edCNgvYCSVy53OH/n
hIZdS3bnR4zdlPXa/vuladggttEfXgg7F8quH7MIvMzVXXGBc6iKW+CfBlVxtE6D
E5C6pbW2zU0Do6k4JESMtL13TAPCTfcJdGsjkJXF+1jfN4VkFysIdSzfMJpfQ+fG
5A0GqBfEPBOTi6wZzHJCltzRaEGq+yjZ6eJijlsWUBTM1SqBiuJ8Tfl1spVakUp6
tEEEcEipKZDkYkhFEtiaV2mHvcXwaoEMYQITr+PWrW7e/R0UiRQG64TpP9h5US07
ez81XYg63spewgg4oCMu5rEX2iv8B8UPrvZ/Bb1vD4dIBGyjeH1rGrQNVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxUMVKdLaAYO8KbVDAGMXpjB3SBMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvUEZReFVwMHRvQmc3d3B0VU1BWXhlbU1IZElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZl9MA0G
CSqGSIb3DQEBCwUAA4IBAQCVlJp9OKl4hrCCjKGsAeoraR+LlAReo60T2uSJOzdk
K1UbZFcwJjxNANP3j4lRvZrnoCqyh1hkuyvrMybJo4eonV5NuLrD+6odmbZdrUeC
i5Q1bwD4eslmA2vkljxE5IB0SKXKc8k2cgy4LkdTyL7KCTHNfWNOaOICAPTENdt2
YOnyN1/tgx/IC4XGIc+QKOwVXoe742H0Td+E3wufNk/Bp1CRvLrq/jTk9xxkwR74
7LdrOFF0iMtIOfpO1L6C1O0klZUFLrxw1NgwfC6/paig6KvpKSwGnbCaZSVd87mS
+jd0ShUNJPxHmYr5ag34DzDLHDsEGaptXdf9uvpuY7eO
-----END CERTIFICATE-----