Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/0qkNCBt15SeN8yl75O93KHFjE1A.roa
File:                     0qkNCBt15SeN8yl75O93KHFjE1A.roa (raw, json)
Hash identifier:          ZPHddDrEu8t9OHPeubrV5UeQ/u7KBOmVx2bZPEdeviw=
Subject key identifier:   D2:A9:0D:08:1B:75:E5:27:8D:F3:29:7B:E4:EF:77:28:71:63:13:50
Certificate issuer:       /CN=a566d8337776c98746bd231e69e185db2a9a5be2
Certificate serial:       018CC3492226705856E07DEBF1B632261D80
Authority key identifier: A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/0qkNCBt15SeN8yl75O93KHFjE1A.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208575
IP address blocks:        45.128.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:22:26:70:58:56:e0:7d:eb:f1:b6:32:26:1d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a566d8337776c98746bd231e69e185db2a9a5be2
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2a90d081b75e5278df3297be4ef772871631350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:38:16:e6:78:cf:02:e4:f8:33:3c:b0:2f:16:
                    b3:12:75:a1:87:24:55:a0:52:4c:26:d1:d8:1c:d4:
                    75:d3:b1:02:bf:62:83:12:45:8c:a1:74:59:7f:ff:
                    00:20:b0:ea:76:16:05:9f:a4:2a:15:a8:42:21:11:
                    90:e3:fb:a0:cc:27:3c:c6:40:67:47:ec:b7:87:dc:
                    0f:a0:ba:f1:f9:2c:4b:9e:20:47:c7:6c:73:9a:ab:
                    91:91:0b:76:e3:f4:34:c4:79:4c:28:97:bf:75:16:
                    28:f0:08:bb:de:a5:c1:3d:da:f7:45:db:85:e7:03:
                    7c:e9:86:a4:e5:57:37:ed:17:88:32:89:87:c8:f9:
                    1d:1d:36:c3:16:7a:1a:e7:18:ca:58:63:dc:6d:91:
                    ff:2b:66:b2:21:9a:d0:6a:65:74:0d:61:b3:df:8b:
                    60:53:46:68:41:c0:ae:e0:fd:12:b4:2c:9f:91:e1:
                    66:f6:e8:ea:2f:36:f8:31:4f:df:d5:4a:9b:41:84:
                    4f:6c:61:ed:70:a4:59:64:37:8b:0e:9c:54:97:66:
                    4a:33:5d:f6:1b:89:19:cd:c0:3b:20:8d:94:00:43:
                    3e:9f:74:2e:33:3d:52:f1:f3:07:1e:bb:aa:0c:e2:
                    d9:47:8f:3c:a4:84:92:d8:3b:19:10:1b:e0:7e:b5:
                    b5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:A9:0D:08:1B:75:E5:27:8D:F3:29:7B:E4:EF:77:28:71:63:13:50
            X509v3 Authority Key Identifier:
                keyid:A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/0qkNCBt15SeN8yl75O93KHFjE1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:45:2e:e8:98:b4:8a:ed:9d:2d:01:a3:67:fe:61:50:96:68:
         ef:29:17:56:7c:4f:e8:02:78:a8:f6:41:58:8c:d3:3f:e9:23:
         f0:c7:65:30:47:28:51:c1:90:a8:71:8f:c5:c9:42:d1:e0:cf:
         4d:87:13:5a:32:78:99:8c:1a:6d:04:47:f3:6b:c2:95:34:2a:
         2d:21:2e:36:d6:35:b4:49:4e:27:ab:b9:3f:a6:65:98:bd:82:
         0b:7e:f1:86:1a:1f:87:35:43:54:f0:57:db:c3:e6:a6:8c:55:
         37:21:05:2d:59:94:18:54:29:ed:15:e2:bc:bc:34:e1:58:f7:
         30:8e:15:fd:1e:40:26:04:ed:51:29:78:58:fb:e1:8f:39:5f:
         4d:e2:82:f4:3f:05:87:ba:77:c1:6b:f2:8f:64:f6:68:f0:21:
         d0:43:06:30:42:94:de:89:2b:aa:59:c5:6a:fe:6d:93:47:73:
         6c:fa:f1:f9:89:1a:37:f8:74:4a:2e:86:ee:a7:0e:1e:b4:dc:
         20:30:dd:0b:47:93:24:2a:b7:45:5f:f0:52:55:3a:0d:1b:81:
         ac:1a:8b:ba:95:8b:23:2a:03:41:29:67:7a:41:46:57:a7:1c:
         b9:4b:28:30:4c:78:88:53:74:0b:71:42:e9:d3:15:ae:9a:14:
         b5:11:e6:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSImcFhW4H3r8bYyJh2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjZkODMzNzc3NmM5ODc0NmJkMjMxZTY5ZTE4NWRiMmE5
YTViZTIwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmE5MGQwODFiNzVlNTI3OGRmMzI5N2JlNGVmNzcyODcxNjMxMzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjgW5njPAuT4MzywLxazEnWhhyRV
oFJMJtHYHNR107ECv2KDEkWMoXRZf/8AILDqdhYFn6QqFahCIRGQ4/ugzCc8xkBn
R+y3h9wPoLrx+SxLniBHx2xzmquRkQt24/Q0xHlMKJe/dRYo8Ai73qXBPdr3RduF
5wN86Yak5Vc37ReIMomHyPkdHTbDFnoa5xjKWGPcbZH/K2ayIZrQamV0DWGz34tg
U0ZoQcCu4P0StCyfkeFm9ujqLzb4MU/f1UqbQYRPbGHtcKRZZDeLDpxUl2ZKM132
G4kZzcA7II2UAEM+n3QuMz1S8fMHHruqDOLZR488pISS2DsZEBvgfrW1XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKpDQgbdeUnjfMpe+TvdyhxYxNQMB8GA1UdIwQY
MBaAFKVm2DN3dsmHRr0jHmnhhdsqmlviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgt
MWI3NTg2N2U4ZGZmLzEvMHFrTkNCdDE1U2VOOHlsNzVPOTNLSEZqRTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgtMWI3NTg2N2U4ZGZm
LzEvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYARMA0G
CSqGSIb3DQEBCwUAA4IBAQBqRS7omLSK7Z0tAaNn/mFQlmjvKRdWfE/oAnio9kFY
jNM/6SPwx2UwRyhRwZCocY/FyULR4M9NhxNaMniZjBptBEfza8KVNCotIS421jW0
SU4nq7k/pmWYvYILfvGGGh+HNUNU8Ffbw+amjFU3IQUtWZQYVCntFeK8vDThWPcw
jhX9HkAmBO1RKXhY++GPOV9N4oL0PwWHunfBa/KPZPZo8CHQQwYwQpTeiSuqWcVq
/m2TR3Ns+vH5iRo3+HRKLobupw4etNwgMN0LR5MkKrdFX/BSVToNG4GsGou6lYsj
KgNBKWd6QUZXpxy5SygwTHiIU3QLcULp0xWumhS1Eeaa
-----END CERTIFICATE-----