Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2dfefc-24b5-41fb-b1ef-11b8c283ece4/1/gqZqbl8bgZiYMRj424vElO7P6K8.roa
File:                     gqZqbl8bgZiYMRj424vElO7P6K8.roa (raw, json)
Hash identifier:          Jv4rdhea3bNvrBpL+Xq0069YaSnnuYTyTtuhPGJQWuc=
Subject key identifier:   82:A6:6A:6E:5F:1B:81:98:98:31:18:F8:DB:8B:C4:94:EE:CF:E8:AF
Certificate issuer:       /CN=0e835b896da71d2daadff139d65b7298f8412417
Certificate serial:       018CC2DB1CDCDF076EACEFDAA450602B880B
Authority key identifier: 0E:83:5B:89:6D:A7:1D:2D:AA:DF:F1:39:D6:5B:72:98:F8:41:24:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DoNbiW2nHS2q3_E51ltymPhBJBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2dfefc-24b5-41fb-b1ef-11b8c283ece4/1/gqZqbl8bgZiYMRj424vElO7P6K8.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208516
IP address blocks:        45.131.236.0/22 maxlen: 24
                          2a0e:63c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2dfefc-24b5-41fb-b1ef-11b8c283ece4/1/DoNbiW2nHS2q3_E51ltymPhBJBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2dfefc-24b5-41fb-b1ef-11b8c283ece4/1/DoNbiW2nHS2q3_E51ltymPhBJBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DoNbiW2nHS2q3_E51ltymPhBJBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1c:dc:df:07:6e:ac:ef:da:a4:50:60:2b:88:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e835b896da71d2daadff139d65b7298f8412417
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82a66a6e5f1b8198983118f8db8bc494eecfe8af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4d:92:9b:51:4f:09:59:19:76:70:d3:ec:37:
                    89:13:c5:4c:8b:d3:b6:c6:9b:b9:9d:eb:c8:b4:88:
                    d5:2d:2b:1b:e2:01:78:45:bd:1a:01:c0:22:a5:72:
                    ea:80:f1:a7:2f:20:ab:90:9c:cc:33:31:0e:99:e6:
                    24:20:4b:d6:84:39:63:82:d3:31:4b:84:f0:9b:78:
                    e0:fc:dc:4c:60:ee:c5:d6:b9:06:4f:ce:2f:25:f1:
                    cd:25:46:76:51:0a:62:c6:18:20:71:f0:c7:73:af:
                    07:8c:47:0c:2f:14:e6:a8:ed:20:8a:31:b9:87:1f:
                    35:a0:fc:70:7a:32:03:d5:23:41:c3:61:86:df:d8:
                    7f:dd:bb:6c:b3:44:c7:5a:8f:d8:88:7a:ba:5d:8a:
                    e2:8e:1f:16:99:cb:f5:10:24:ac:56:a2:02:d7:b1:
                    85:56:5f:02:3c:1f:ec:a4:04:25:75:2c:2e:3c:30:
                    81:f3:48:5c:7c:ab:3d:5b:b9:fe:82:e7:56:e8:1a:
                    d7:96:1b:e6:ac:ae:c5:3c:68:6d:f2:2f:1a:10:f7:
                    54:71:b6:01:9e:2b:5f:4f:d4:2e:42:b7:c2:6a:1e:
                    20:7c:ef:4b:60:c6:06:f3:6b:61:4a:d8:bd:48:5a:
                    2a:04:14:2f:e3:61:25:86:99:38:62:13:e4:fe:3f:
                    68:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:A6:6A:6E:5F:1B:81:98:98:31:18:F8:DB:8B:C4:94:EE:CF:E8:AF
            X509v3 Authority Key Identifier:
                keyid:0E:83:5B:89:6D:A7:1D:2D:AA:DF:F1:39:D6:5B:72:98:F8:41:24:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DoNbiW2nHS2q3_E51ltymPhBJBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2dfefc-24b5-41fb-b1ef-11b8c283ece4/1/gqZqbl8bgZiYMRj424vElO7P6K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2dfefc-24b5-41fb-b1ef-11b8c283ece4/1/DoNbiW2nHS2q3_E51ltymPhBJBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.236.0/22
                IPv6:
                  2a0e:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:f3:a8:71:a4:55:9c:d1:96:83:6c:bf:6a:2b:cd:f1:7c:82:
         e3:1c:89:cd:5f:e3:4b:2e:f4:05:f0:eb:2e:70:e6:70:c9:24:
         42:fb:05:3c:f9:5a:4f:da:99:c0:a1:05:98:64:39:bc:81:8b:
         7c:56:7b:95:b0:26:b7:27:9b:49:7f:a1:30:e1:16:59:e9:2b:
         91:8e:ee:1f:e3:f9:6f:5f:8f:1f:38:be:1a:19:08:95:fe:b5:
         99:17:1a:51:11:69:f2:08:70:9e:06:4f:c3:7f:d1:f2:05:56:
         ca:1c:92:7c:ea:60:66:60:c5:29:7e:45:35:4d:4a:dc:19:8d:
         57:c6:83:6e:0d:5b:7d:0f:1d:d4:61:ae:35:80:2a:1a:76:ed:
         90:0a:fa:16:1d:92:1e:82:ed:5c:50:92:06:51:8c:8d:28:51:
         33:0d:d5:d1:19:9d:c4:99:75:98:f9:f5:74:d3:75:95:38:f7:
         4a:cc:69:1a:4d:ff:7c:ce:2f:4d:2d:0c:cc:29:3d:57:8f:d8:
         94:ee:73:4d:3b:e0:41:36:46:22:0e:e8:84:a3:72:23:f5:bb:
         57:2d:ef:fc:09:ab:81:d0:d8:1c:02:83:22:96:63:0d:7f:87:
         20:72:cd:99:60:e8:2b:aa:91:7d:f2:32:99:bf:55:2e:63:63:
         ae:1f:31:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2xzc3wdurO/apFBgK4gLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlODM1Yjg5NmRhNzFkMmRhYWRmZjEzOWQ2NWI3Mjk4Zjg0
MTI0MTcwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmE2NmE2ZTVmMWI4MTk4OTgzMTE4ZjhkYjhiYzQ5NGVlY2ZlOGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj02Sm1FPCVkZdnDT7DeJE8VMi9O2
xpu5nevItIjVLSsb4gF4Rb0aAcAipXLqgPGnLyCrkJzMMzEOmeYkIEvWhDljgtMx
S4Twm3jg/NxMYO7F1rkGT84vJfHNJUZ2UQpixhggcfDHc68HjEcMLxTmqO0gijG5
hx81oPxwejID1SNBw2GG39h/3btss0THWo/YiHq6XYrijh8Wmcv1ECSsVqIC17GF
Vl8CPB/spAQldSwuPDCB80hcfKs9W7n+gudW6BrXlhvmrK7FPGht8i8aEPdUcbYB
nitfT9QuQrfCah4gfO9LYMYG82thSti9SFoqBBQv42Elhpk4YhPk/j9oIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIKmam5fG4GYmDEY+NuLxJTuz+ivMB8GA1UdIwQY
MBaAFA6DW4ltpx0tqt/xOdZbcpj4QSQXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG9OYmlXMm5IUzJxM19FNTFsdHltUGhCSkJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yZGZlZmMtMjRiNS00MWZiLWIxZWYt
MTFiOGMyODNlY2U0LzEvZ3FacWJsOGJnWmlZTVJqNDI0dkVsTzdQNks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yZGZlZmMtMjRiNS00MWZiLWIxZWYtMTFiOGMyODNlY2U0
LzEvRG9OYmlXMm5IUzJxM19FNTFsdHltUGhCSkJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYPsMA0E
AgACMAcDBQMqDmPAMA0GCSqGSIb3DQEBCwUAA4IBAQAP86hxpFWc0ZaDbL9qK83x
fILjHInNX+NLLvQF8OsucOZwySRC+wU8+VpP2pnAoQWYZDm8gYt8VnuVsCa3J5tJ
f6Ew4RZZ6SuRju4f4/lvX48fOL4aGQiV/rWZFxpREWnyCHCeBk/Df9HyBVbKHJJ8
6mBmYMUpfkU1TUrcGY1XxoNuDVt9Dx3UYa41gCoadu2QCvoWHZIegu1cUJIGUYyN
KFEzDdXRGZ3EmXWY+fV003WVOPdKzGkaTf98zi9NLQzMKT1Xj9iU7nNNO+BBNkYi
DuiEo3Ij9btXLe/8CauB0NgcAoMilmMNf4cgcs2ZYOgrqpF98jKZv1UuY2OuHzFq
-----END CERTIFICATE-----