Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QNYD7_1xZe0SiWpRwdDypd-N2RM.roa
File:                     QNYD7_1xZe0SiWpRwdDypd-N2RM.roa (raw, json)
Hash identifier:          J1b2Uo9zrFsi6z9ikJAPuTQHm1eeL9w0FIdRZbIveng=
Subject key identifier:   40:D6:03:EF:FD:71:65:ED:12:89:6A:51:C1:D0:F2:A5:DF:8D:D9:13
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79520F0B4862557C12F06EA20D68835
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QNYD7_1xZe0SiWpRwdDypd-N2RM.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50809
IP address blocks:        45.158.46.0/24 maxlen: 24
                          77.83.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:20:f0:b4:86:25:57:c1:2f:06:ea:20:d6:88:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40d603effd7165ed12896a51c1d0f2a5df8dd913
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5b:f8:9d:4d:bb:ac:3b:01:0b:77:50:b2:09:
                    36:71:4f:dc:c4:ec:a9:09:a8:f4:17:c2:6e:5a:0c:
                    d1:82:00:b0:c7:63:63:3e:58:03:8b:8b:ec:a2:5c:
                    0e:32:ba:06:e2:bd:8f:b0:73:11:05:75:c0:8b:2b:
                    eb:0c:78:39:bf:7d:e7:c8:dd:4c:d5:ac:28:2d:bc:
                    58:5d:83:5d:66:1c:a9:d9:5d:8d:a6:64:17:5e:34:
                    45:4e:b9:0f:49:7d:e1:e4:16:16:5a:bb:87:5b:69:
                    04:88:04:44:ea:e5:c2:e4:18:dd:74:36:95:97:e5:
                    bb:0b:b9:85:7c:83:04:42:47:7f:a2:6b:e2:9f:5c:
                    83:10:cd:d8:32:2e:48:e6:f3:27:de:99:61:a9:dc:
                    a2:70:fe:d5:b3:2e:54:b0:ce:9f:31:5e:0a:9c:c8:
                    06:23:04:ba:2b:d9:e5:10:95:d5:0c:2a:82:a5:17:
                    fa:fb:19:16:e0:17:b1:f0:7c:e1:7e:91:fe:18:6f:
                    ef:b5:03:a1:9d:8d:5e:1e:87:45:37:7f:dc:84:11:
                    77:1e:57:ad:e9:cb:e0:a8:36:e0:32:42:46:8a:5d:
                    ce:82:d6:93:8f:b7:a2:43:75:50:19:df:18:c6:20:
                    ed:99:4c:10:e2:48:60:a0:7d:90:e2:30:03:c1:d2:
                    29:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D6:03:EF:FD:71:65:ED:12:89:6A:51:C1:D0:F2:A5:DF:8D:D9:13
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QNYD7_1xZe0SiWpRwdDypd-N2RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.46.0/24
                  77.83.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:82:57:9d:11:37:64:dd:68:8e:a8:d3:39:2a:f3:5f:d7:77:
         a9:1e:31:b5:83:27:78:49:dc:98:f4:cf:c6:0e:7f:70:1a:21:
         21:38:4f:f1:62:83:e8:92:c1:42:20:c3:a0:2a:31:7b:56:a5:
         bf:14:74:59:1c:7c:f2:6d:b9:f1:d5:69:7f:0d:ed:06:7c:36:
         d5:35:8b:4c:a3:ed:06:be:5e:1e:aa:97:9d:57:39:63:fa:01:
         61:17:5e:7d:e0:f2:e5:1b:8f:fd:c7:6d:f6:01:84:1d:a1:0d:
         ae:8f:71:bc:be:1f:38:2d:de:5c:88:51:0a:1d:52:2d:0a:10:
         ef:b9:a3:8c:9d:72:e2:9d:c6:c4:34:ba:ab:d6:d7:71:f3:d5:
         97:cb:b5:93:e9:74:bd:d2:9c:55:a5:7d:81:66:1e:55:d2:22:
         6c:16:c0:0b:e4:62:fe:60:03:ed:a8:e0:8f:99:d1:7e:49:44:
         c6:33:fb:8b:d2:a5:74:ea:22:c8:55:e2:01:c0:53:7f:a1:40:
         19:37:55:11:18:f3:71:f5:1f:27:be:bf:5a:ae:7d:96:34:d1:
         fd:4c:8f:46:44:2d:75:da:fd:7f:e8:ac:92:64:ca:64:79:c4:
         14:c1:88:46:88:c0:91:af:29:7b:16:20:0e:c7:46:b3:54:df:
         d1:e5:e0:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlSDwtIYlV8EvBuog1og1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQ2MDNlZmZkNzE2NWVkMTI4OTZhNTFjMWQwZjJhNWRmOGRkOTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1v4nU27rDsBC3dQsgk2cU/cxOyp
Caj0F8JuWgzRggCwx2NjPlgDi4vsolwOMroG4r2PsHMRBXXAiyvrDHg5v33nyN1M
1awoLbxYXYNdZhyp2V2NpmQXXjRFTrkPSX3h5BYWWruHW2kEiARE6uXC5BjddDaV
l+W7C7mFfIMEQkd/omvin1yDEM3YMi5I5vMn3plhqdyicP7Vsy5UsM6fMV4KnMgG
IwS6K9nlEJXVDCqCpRf6+xkW4Bex8HzhfpH+GG/vtQOhnY1eHodFN3/chBF3Hlet
6cvgqDbgMkJGil3OgtaTj7eiQ3VQGd8YxiDtmUwQ4khgoH2Q4jADwdIpEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEDWA+/9cWXtEolqUcHQ8qXfjdkTMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvUU5ZRDdfMXhaZTBTaVdwUndkRHlwZC1OMlJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ4uAwQA
TVNJMA0GCSqGSIb3DQEBCwUAA4IBAQCCgledETdk3WiOqNM5KvNf13epHjG1gyd4
SdyY9M/GDn9wGiEhOE/xYoPoksFCIMOgKjF7VqW/FHRZHHzybbnx1Wl/De0GfDbV
NYtMo+0Gvl4eqpedVzlj+gFhF1594PLlG4/9x232AYQdoQ2uj3G8vh84Ld5ciFEK
HVItChDvuaOMnXLincbENLqr1tdx89WXy7WT6XS90pxVpX2BZh5V0iJsFsAL5GL+
YAPtqOCPmdF+SUTGM/uL0qV06iLIVeIBwFN/oUAZN1URGPNx9R8nvr9arn2WNNH9
TI9GRC112v1/6KySZMpkecQUwYhGiMCRryl7FiAOx0azVN/R5eBh
-----END CERTIFICATE-----