Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dQYrkaHyky1RyADan5AsjAcAfQs.roa
File:                     dQYrkaHyky1RyADan5AsjAcAfQs.roa (raw, json)
Hash identifier:          Kt/aAugM+Ux/EmYB4dzAl/Xw0pDab2+M6Ik+d0YzmFA=
Subject key identifier:   75:06:2B:91:A1:F2:93:2D:51:C8:00:DA:9F:90:2C:8C:07:00:7D:0B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018CC9BC2645F0B17A2E5D51F9C4293DE823
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dQYrkaHyky1RyADan5AsjAcAfQs.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        45.141.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 10:41:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:26:45:f0:b1:7a:2e:5d:51:f9:c4:29:3d:e8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75062b91a1f2932d51c800da9f902c8c07007d0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c7:6b:b8:1d:58:ea:05:ee:72:1f:bf:e1:92:
                    2c:2e:8e:33:aa:92:76:ae:b8:5d:da:6c:06:f1:4d:
                    cf:3c:c5:7d:70:98:53:a8:25:b4:2d:a8:33:b7:53:
                    9f:86:e2:63:f0:da:2f:74:01:ce:a5:4b:63:10:c9:
                    e8:38:df:49:81:ba:55:4c:ff:e0:98:5f:c5:34:8b:
                    1e:01:ee:e3:49:40:6c:60:7a:7e:96:4a:78:72:69:
                    b5:6f:2d:6e:58:7b:95:97:2c:a1:37:49:d5:4d:89:
                    0f:df:b8:8b:63:ff:37:66:a5:95:21:1d:fe:18:04:
                    53:f4:36:c3:d5:ac:73:85:eb:7d:45:95:85:a4:bb:
                    92:18:d3:9b:28:1d:9b:65:db:78:be:1e:14:2e:eb:
                    d9:ac:d4:b7:cc:d9:11:f6:7d:75:2b:00:5e:57:96:
                    3a:50:8f:8b:75:94:37:e2:0a:e9:cc:ad:7d:6d:c9:
                    f7:40:46:8a:5e:32:53:4e:5d:14:fc:c3:70:75:62:
                    5e:4c:79:f1:d6:5e:2b:fb:fe:d0:31:a6:e9:2c:10:
                    40:4e:8e:88:5f:5d:3b:bf:b9:c8:24:18:d8:94:2d:
                    1d:d7:8f:47:3c:b2:72:f1:9e:e5:1f:ab:9d:b8:48:
                    3b:5c:19:7e:e7:72:ad:9e:50:68:05:5f:6b:49:20:
                    38:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:06:2B:91:A1:F2:93:2D:51:C8:00:DA:9F:90:2C:8C:07:00:7D:0B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dQYrkaHyky1RyADan5AsjAcAfQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:03:98:53:f3:bf:25:8f:e7:b6:1a:9f:4f:ca:5c:cb:4a:cb:
         6f:dd:94:f9:63:60:cc:b8:f9:ad:14:e1:1b:d4:c1:8b:fc:73:
         ce:35:20:e0:e2:75:e5:48:c6:ea:39:90:f4:8c:d5:94:c2:09:
         f2:9a:8d:97:42:19:35:4d:21:b7:2e:03:c9:fc:73:db:98:56:
         28:63:b8:53:73:ad:1e:d0:e4:4d:05:5a:df:c6:10:64:8e:84:
         b1:c7:48:07:d3:0a:7e:62:61:af:75:26:af:5f:9c:6f:82:cf:
         37:33:34:26:dc:d9:f1:13:b2:e1:2d:37:35:f2:56:dd:8d:97:
         1c:7e:69:6d:d4:29:94:c1:4c:52:6d:8b:7c:2c:8e:b1:8b:ac:
         7e:1b:50:91:8e:91:26:2c:6a:5b:f5:ca:8f:93:4c:e6:9e:68:
         bb:cb:25:10:91:63:d4:ce:a6:94:ec:3e:49:25:a5:38:34:aa:
         df:4a:0f:4d:2c:1f:ae:56:d9:fd:4f:d2:f5:a0:fa:20:c6:dd:
         46:c7:e9:e4:c7:c9:4a:63:99:09:f7:8d:61:d8:fc:17:3a:79:
         4d:21:2c:a5:78:d0:8f:6f:2b:95:9a:68:0a:b7:d6:c9:49:0c:
         8f:78:90:20:b3:d1:d4:07:21:61:98:13:01:a1:cc:ba:70:74:
         fb:bb:96:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCZF8LF6Ll1R+cQpPegjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA2MmI5MWExZjI5MzJkNTFjODAwZGE5ZjkwMmM4YzA3MDA3ZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsdruB1Y6gXuch+/4ZIsLo4zqpJ2
rrhd2mwG8U3PPMV9cJhTqCW0Lagzt1OfhuJj8NovdAHOpUtjEMnoON9JgbpVTP/g
mF/FNIseAe7jSUBsYHp+lkp4cmm1by1uWHuVlyyhN0nVTYkP37iLY/83ZqWVIR3+
GART9DbD1axzhet9RZWFpLuSGNObKB2bZdt4vh4ULuvZrNS3zNkR9n11KwBeV5Y6
UI+LdZQ34grpzK19bcn3QEaKXjJTTl0U/MNwdWJeTHnx1l4r+/7QMabpLBBATo6I
X107v7nIJBjYlC0d149HPLJy8Z7lH6uduEg7XBl+53KtnlBoBV9rSSA4CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUGK5Gh8pMtUcgA2p+QLIwHAH0LMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZFFZcmthSHlreTFSeUFEYW41QXNqQWNBZlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY2xMA0G
CSqGSIb3DQEBCwUAA4IBAQAgA5hT878lj+e2Gp9PylzLSstv3ZT5Y2DMuPmtFOEb
1MGL/HPONSDg4nXlSMbqOZD0jNWUwgnymo2XQhk1TSG3LgPJ/HPbmFYoY7hTc60e
0ORNBVrfxhBkjoSxx0gH0wp+YmGvdSavX5xvgs83MzQm3NnxE7LhLTc18lbdjZcc
fmlt1CmUwUxSbYt8LI6xi6x+G1CRjpEmLGpb9cqPk0zmnmi7yyUQkWPUzqaU7D5J
JaU4NKrfSg9NLB+uVtn9T9L1oPogxt1Gx+nkx8lKY5kJ941h2PwXOnlNISyleNCP
byuVmmgKt9bJSQyPeJAgs9HUByFhmBMBocy6cHT7u5Yq
-----END CERTIFICATE-----