Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/qhMZIOXmjM3J4J7Lj70TflOMwH0.roa
File:                     qhMZIOXmjM3J4J7Lj70TflOMwH0.roa (raw, json)
Hash identifier:          XgBTJ+BkvXp2z9NmroMGGPoCx1tyg5bynEMuXFN2opA=
Subject key identifier:   AA:13:19:20:E5:E6:8C:CD:C9:E0:9E:CB:8F:BD:13:7E:53:8C:C0:7D
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       018CC50010237E1AF84C4578DDEE2DAF87E8
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/qhMZIOXmjM3J4J7Lj70TflOMwH0.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        45.142.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:10:23:7e:1a:f8:4c:45:78:dd:ee:2d:af:87:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa131920e5e68ccdc9e09ecb8fbd137e538cc07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:98:af:16:52:69:21:28:25:da:ce:4d:0d:80:
                    78:cd:f8:46:d2:d5:cd:75:b7:c6:c8:4d:0a:93:18:
                    4d:38:4c:aa:0d:03:61:6f:e4:e7:fd:a5:ea:5f:f6:
                    4e:9e:32:63:ef:fb:7d:1c:ce:90:19:cd:d1:54:c6:
                    39:65:56:4f:c1:30:69:8e:15:ae:9c:14:0f:9f:37:
                    77:28:22:44:1a:d7:17:7e:92:13:2e:46:d2:b4:ce:
                    0b:51:b2:0f:62:9a:d9:0f:68:58:5b:e4:78:de:bf:
                    4f:2b:02:7c:0e:00:e6:5e:db:b6:1f:fe:e6:b6:49:
                    1b:19:f4:5f:18:00:e4:bd:6e:60:0d:79:31:2a:6e:
                    fa:11:08:71:39:06:ed:76:3d:1d:de:8a:3c:6e:56:
                    4e:2b:74:c3:55:a9:6d:6a:ad:66:d4:a2:09:e7:a6:
                    7d:f8:3d:c1:4b:ae:9d:34:53:f2:3d:9a:b3:95:46:
                    b9:ee:3b:57:64:6a:e6:de:11:72:25:96:c3:15:7a:
                    5e:fe:78:fa:1c:c0:36:f2:11:fd:87:1f:7a:f5:03:
                    eb:bd:89:f9:fa:5b:52:27:ed:8d:47:96:9e:8d:52:
                    59:3b:0c:cb:a3:49:5d:72:7a:42:0c:92:4c:1d:d6:
                    17:16:47:11:66:18:5f:d5:bb:ff:e1:ee:9b:35:37:
                    e9:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:13:19:20:E5:E6:8C:CD:C9:E0:9E:CB:8F:BD:13:7E:53:8C:C0:7D
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/qhMZIOXmjM3J4J7Lj70TflOMwH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:78:25:fa:96:e5:32:a5:52:fb:9e:ad:c9:f5:6e:51:2e:16:
         15:53:ee:62:12:09:ee:ac:97:d4:ac:49:d0:c1:2b:e9:ae:7d:
         ef:e9:44:d9:e1:a7:ce:5e:d0:d4:3e:fa:86:07:b5:54:94:00:
         69:e7:d6:f0:69:43:9c:c1:cb:81:60:a0:68:cf:66:fe:bd:a9:
         17:0b:ee:09:e6:d1:31:48:65:b2:30:77:45:0d:c8:53:9c:ed:
         71:78:a5:14:2a:54:49:cb:1f:1b:c3:53:e0:92:f9:eb:87:04:
         6a:b9:59:0c:58:1a:07:a9:a2:8b:86:86:89:e1:f4:cf:8c:f4:
         b4:e2:44:d4:cf:66:16:19:2f:82:7f:6e:62:19:77:8b:27:f1:
         f5:ae:04:b4:bd:25:8c:49:ac:64:e4:4e:99:d1:98:5d:63:48:
         b9:84:d6:69:03:08:dc:4d:ce:16:34:e9:35:9f:6a:56:ed:d3:
         3a:fc:71:70:56:82:6d:19:00:1a:3a:bc:75:e0:1c:56:91:f8:
         48:2d:7a:02:7e:9a:95:32:d3:82:fd:f8:44:42:9e:f4:76:65:
         31:14:99:2e:b8:da:53:0c:9c:3f:80:c5:b6:d1:69:6a:44:2c:
         cf:03:02:bf:a8:b0:8d:d1:25:dc:88:13:3e:9a:55:27:ec:74:
         d9:ce:e5:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABAjfhr4TEV43e4tr4foMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTEzMTkyMGU1ZTY4Y2NkYzllMDllY2I4ZmJkMTM3ZTUzOGNjMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5ivFlJpISgl2s5NDYB4zfhG0tXN
dbfGyE0KkxhNOEyqDQNhb+Tn/aXqX/ZOnjJj7/t9HM6QGc3RVMY5ZVZPwTBpjhWu
nBQPnzd3KCJEGtcXfpITLkbStM4LUbIPYprZD2hYW+R43r9PKwJ8DgDmXtu2H/7m
tkkbGfRfGADkvW5gDXkxKm76EQhxOQbtdj0d3oo8blZOK3TDValtaq1m1KIJ56Z9
+D3BS66dNFPyPZqzlUa57jtXZGrm3hFyJZbDFXpe/nj6HMA28hH9hx969QPrvYn5
+ltSJ+2NR5aejVJZOwzLo0ldcnpCDJJMHdYXFkcRZhhf1bv/4e6bNTfpFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoTGSDl5ozNyeCey4+9E35TjMB9MB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvcWhNWklPWG1qTTNKNEo3TGo3MFRmbE9Nd0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY7+MA0G
CSqGSIb3DQEBCwUAA4IBAQCKeCX6luUypVL7nq3J9W5RLhYVU+5iEgnurJfUrEnQ
wSvprn3v6UTZ4afOXtDUPvqGB7VUlABp59bwaUOcwcuBYKBoz2b+vakXC+4J5tEx
SGWyMHdFDchTnO1xeKUUKlRJyx8bw1PgkvnrhwRquVkMWBoHqaKLhoaJ4fTPjPS0
4kTUz2YWGS+Cf25iGXeLJ/H1rgS0vSWMSaxk5E6Z0ZhdY0i5hNZpAwjcTc4WNOk1
n2pW7dM6/HFwVoJtGQAaOrx14BxWkfhILXoCfpqVMtOC/fhEQp70dmUxFJkuuNpT
DJw/gMW20WlqRCzPAwK/qLCN0SXciBM+mlUn7HTZzuUz
-----END CERTIFICATE-----