Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/qMN9ZGV6De2Xh52CAm3rMbrG0UI.roa
File:                     qMN9ZGV6De2Xh52CAm3rMbrG0UI.roa (raw, json)
Hash identifier:          Oq1eNEgKsyEzWS9bbTAf6SGM0cOWk3QsThnM2+T8u4Y=
Subject key identifier:   A8:C3:7D:64:65:7A:0D:ED:97:87:9D:82:02:6D:EB:31:BA:C6:D1:42
Certificate issuer:       /CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
Certificate serial:       01902C7AA929E48DBB77A872B7C90DBAE972
Authority key identifier: 03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/qMN9ZGV6De2Xh52CAm3rMbrG0UI.roa
Signing time:             Tue 18 Jun 2024 17:52:34 +0000
ROA not before:           Tue 18 Jun 2024 17:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214678
IP address blocks:        45.148.74.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 20:47:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2c:7a:a9:29:e4:8d:bb:77:a8:72:b7:c9:0d:ba:e9:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
        Validity
            Not Before: Jun 18 17:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8c37d64657a0ded97879d82026deb31bac6d142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c4:fc:06:1a:49:92:32:37:85:f0:22:59:1b:
                    f8:77:44:9e:e1:73:70:d7:e8:d7:d6:96:58:d2:bb:
                    dd:c1:4f:c4:7f:a3:42:7f:66:ae:95:5f:b1:37:cc:
                    4e:f3:58:21:6e:86:35:bc:ee:5c:1d:d7:11:5f:e9:
                    17:b5:d3:28:e8:26:40:9e:aa:76:cc:7f:6a:6c:2d:
                    9f:f4:2a:d9:b3:aa:dc:07:da:1b:91:a7:4c:5b:53:
                    48:e4:28:65:18:a9:04:68:88:22:2f:f9:67:a3:5e:
                    ad:b4:3d:c6:6b:8e:54:c7:e9:d1:b1:9b:d5:7a:f3:
                    35:35:01:a7:44:81:b7:08:1b:6b:74:d4:b6:3a:c9:
                    60:86:21:ba:96:f4:a6:ff:10:b3:12:c7:6d:d6:b6:
                    79:d8:00:8e:7a:13:da:aa:48:b1:37:18:e0:b2:b8:
                    fe:b7:8c:52:64:a7:70:58:d6:e5:10:96:30:19:11:
                    9f:83:6f:f7:62:6e:92:15:69:17:6c:d0:a0:93:ea:
                    4f:39:9b:6f:b4:d5:3f:f8:27:dc:31:8e:84:d3:45:
                    7b:d1:91:4b:74:33:7b:63:44:c4:66:6f:86:9c:40:
                    a5:65:9f:09:08:56:b2:6e:ca:90:4c:ed:a0:82:25:
                    69:bd:83:3d:dc:c6:3c:07:be:31:a1:9a:de:a7:a5:
                    e2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C3:7D:64:65:7A:0D:ED:97:87:9D:82:02:6D:EB:31:BA:C6:D1:42
            X509v3 Authority Key Identifier:
                keyid:03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/qMN9ZGV6De2Xh52CAm3rMbrG0UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:07:65:37:60:dc:0e:e0:cd:0d:92:1d:9b:56:8a:a9:1e:f0:
         c7:0b:f6:53:57:83:fa:4d:92:51:8f:6a:d0:ec:d4:e8:16:cc:
         d5:d6:8b:78:0b:ae:9d:4c:34:54:5a:24:c8:6a:1f:49:b0:0b:
         b9:da:bf:88:1e:87:f8:04:2d:d4:84:b2:91:fa:60:7f:a4:9a:
         a5:c5:72:59:26:c6:58:2f:e1:fb:e3:9a:f6:45:5c:30:ce:13:
         a5:b4:4f:f4:f8:63:22:e0:fc:07:82:03:bc:10:1f:4d:6a:d1:
         45:fb:6d:6b:92:c1:40:51:a0:de:0e:ce:e7:31:ea:88:e0:a6:
         d9:f4:19:d3:67:d1:c0:28:1e:bf:0f:a9:d8:10:10:90:15:97:
         a3:0c:36:d4:e7:af:23:fa:74:db:0e:ea:10:6c:a4:e9:33:ee:
         70:9a:29:a2:ad:ff:06:7a:bc:f1:03:ee:8c:d6:33:4a:27:69:
         4c:5d:2e:b2:c9:c0:28:d7:1d:9f:6f:bf:3b:62:b6:1b:63:a8:
         58:69:83:97:01:2c:b3:cb:1c:c6:f7:0e:14:e1:fd:55:ad:cf:
         d6:cb:47:18:10:a9:64:85:a0:e0:f4:44:58:a0:24:87:06:bd:
         1b:1a:23:ea:c3:20:ff:8d:50:0b:fb:37:77:54:aa:ce:c7:0c:
         33:15:49:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAseqkp5I27d6hyt8kNuulyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2JkYjA1OTVmYzQ4OTAyOTM4YTc4ZjQyYzFlYWYwYTE1
OWJmNDYwHhcNMjQwNjE4MTc1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGMzN2Q2NDY1N2EwZGVkOTc4NzlkODIwMjZkZWIzMWJhYzZkMTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMT8BhpJkjI3hfAiWRv4d0Se4XNw
1+jX1pZY0rvdwU/Ef6NCf2aulV+xN8xO81ghboY1vO5cHdcRX+kXtdMo6CZAnqp2
zH9qbC2f9CrZs6rcB9obkadMW1NI5ChlGKkEaIgiL/lno16ttD3Ga45Ux+nRsZvV
evM1NQGnRIG3CBtrdNS2OslghiG6lvSm/xCzEsdt1rZ52ACOehPaqkixNxjgsrj+
t4xSZKdwWNblEJYwGRGfg2/3Ym6SFWkXbNCgk+pPOZtvtNU/+CfcMY6E00V70ZFL
dDN7Y0TEZm+GnEClZZ8JCFaybsqQTO2ggiVpvYM93MY8B74xoZrep6XixwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjDfWRleg3tl4edggJt6zG6xtFCMB8GA1UdIwQY
MBaAFAPL2wWV/EiQKTinj0LB6vChWb9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYt
ZjY2MTM4MDY2MzU4LzEvcU1OOVpHVjZEZTJYaDUyQ0FtM3JNYnJHMFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYtZjY2MTM4MDY2MzU4
LzEvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZRKMA0G
CSqGSIb3DQEBCwUAA4IBAQBHB2U3YNwO4M0Nkh2bVoqpHvDHC/ZTV4P6TZJRj2rQ
7NToFszV1ot4C66dTDRUWiTIah9JsAu52r+IHof4BC3UhLKR+mB/pJqlxXJZJsZY
L+H745r2RVwwzhOltE/0+GMi4PwHggO8EB9NatFF+21rksFAUaDeDs7nMeqI4KbZ
9BnTZ9HAKB6/D6nYEBCQFZejDDbU568j+nTbDuoQbKTpM+5wmimirf8GerzxA+6M
1jNKJ2lMXS6yycAo1x2fb787YrYbY6hYaYOXASyzyxzG9w4U4f1Vrc/Wy0cYEKlk
haDg9ERYoCSHBr0bGiPqwyD/jVAL+zd3VKrOxwwzFUnC
-----END CERTIFICATE-----