Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qBnsgzOSGquzRSTUWFViz2meKn8.roa
File:                     qBnsgzOSGquzRSTUWFViz2meKn8.roa (raw, json)
Hash identifier:          NgrEXXZIR19bNKyvB0qheC8Ai9licTkGbUerzD3y2gc=
Subject key identifier:   A8:19:EC:83:33:92:1A:AB:B3:45:24:D4:58:55:62:CF:69:9E:2A:7F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCF22CCDD457F62AAC21CA65933C48
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qBnsgzOSGquzRSTUWFViz2meKn8.roa
Signing time:             Tue 02 Jan 2024 06:29:32 +0000
ROA not before:           Tue 02 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60404
IP address blocks:        45.81.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f2:2c:cd:d4:57:f6:2a:ac:21:ca:65:93:3c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a819ec8333921aabb34524d4585562cf699e2a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:66:9a:99:12:ec:9a:6a:c1:5f:c0:5e:40:32:
                    ee:1a:d2:92:16:b7:a7:73:1f:57:f0:c9:95:6a:de:
                    5b:0d:11:94:7f:b4:e6:89:52:96:74:b8:3e:c4:9b:
                    69:47:0b:e6:42:10:e5:a7:bf:0d:e2:3f:83:d3:a4:
                    28:a4:68:91:51:e0:9f:00:b1:d1:44:53:03:49:1f:
                    c2:2b:29:35:12:bb:c5:89:71:f2:86:0f:06:04:4d:
                    44:e8:ea:8f:4c:ad:e4:53:43:f0:e1:b5:35:bb:85:
                    15:51:ed:74:18:49:de:da:55:99:53:d9:5c:0a:4d:
                    60:36:15:5c:be:10:ec:4e:9c:0d:c4:64:17:45:d1:
                    bc:2d:75:73:74:f5:7c:72:d4:08:a7:e4:25:33:12:
                    70:9b:57:c3:9e:6b:ac:58:05:4f:a0:8b:b5:6d:72:
                    a1:ca:9b:03:58:b8:48:c2:49:83:8e:d2:f7:20:63:
                    16:3f:68:f3:ad:13:5d:c7:bd:d8:da:7b:e4:db:c3:
                    e7:47:b9:60:6e:b3:67:0b:03:1a:49:5c:dd:33:fe:
                    d0:fd:eb:43:73:a6:ad:e7:b6:f6:60:04:c4:0a:8d:
                    45:9e:ec:69:78:d6:15:76:e1:cb:1a:d4:2a:72:78:
                    a2:e7:98:47:0b:ab:2e:21:6b:2d:03:6a:cc:f7:a4:
                    28:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:19:EC:83:33:92:1A:AB:B3:45:24:D4:58:55:62:CF:69:9E:2A:7F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qBnsgzOSGquzRSTUWFViz2meKn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:b3:9a:b5:d0:84:1e:89:6b:8a:7b:60:db:f1:bd:9c:24:e2:
         37:64:ba:fe:3a:77:f7:b7:3d:20:a9:7d:07:d2:cb:d3:3a:8a:
         bb:f0:ec:4f:08:c7:8a:4a:0b:42:08:9f:37:ba:93:b1:8a:30:
         c5:9b:b8:94:2f:d3:db:ae:74:ac:d1:f0:81:8c:18:02:1e:6f:
         7f:e9:f0:20:e4:ce:7c:99:a4:f9:e4:5d:de:9e:d6:fb:d4:13:
         f1:d3:a2:c9:45:b9:14:66:c2:b0:10:38:2c:c8:4d:aa:49:71:
         5c:f9:2d:8b:a5:8d:3f:d2:25:ce:76:ba:5e:67:12:4c:30:92:
         2f:8e:f0:7c:be:ec:17:9b:95:c0:d7:f4:b2:ac:c2:9a:0e:d5:
         e4:61:f2:c8:ed:ab:28:fd:13:de:42:48:3d:98:27:75:ab:73:
         32:0d:ba:f1:f3:45:6a:d7:68:4c:7b:35:0b:6b:4e:8f:79:da:
         cb:cb:a9:f6:d0:85:38:91:fe:2a:89:33:95:d7:f2:28:dc:31:
         08:c3:62:30:f3:39:f9:79:62:85:40:c5:95:48:04:ca:96:c4:
         a7:20:e6:b0:73:df:b6:d1:d2:c7:11:c0:ab:2d:bd:f5:4e:e3:
         84:03:82:02:ee:a2:52:14:0a:e9:88:21:2a:a6:70:d0:6c:25:
         05:d1:03:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PIszdRX9iqsIcplkzxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE5ZWM4MzMzOTIxYWFiYjM0NTI0ZDQ1ODU1NjJjZjY5OWUyYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2aamRLsmmrBX8BeQDLuGtKSFren
cx9X8MmVat5bDRGUf7TmiVKWdLg+xJtpRwvmQhDlp78N4j+D06QopGiRUeCfALHR
RFMDSR/CKyk1ErvFiXHyhg8GBE1E6OqPTK3kU0Pw4bU1u4UVUe10GEne2lWZU9lc
Ck1gNhVcvhDsTpwNxGQXRdG8LXVzdPV8ctQIp+QlMxJwm1fDnmusWAVPoIu1bXKh
ypsDWLhIwkmDjtL3IGMWP2jzrRNdx73Y2nvk28PnR7lgbrNnCwMaSVzdM/7Q/etD
c6at57b2YATECo1FnuxpeNYVduHLGtQqcnii55hHC6suIWstA2rM96QovwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgZ7IMzkhqrs0Uk1FhVYs9pnip/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcUJuc2d6T1NHcXV6UlNUVVdGVml6Mm1lS244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVEnMA0G
CSqGSIb3DQEBCwUAA4IBAQAOs5q10IQeiWuKe2Db8b2cJOI3ZLr+Onf3tz0gqX0H
0svTOoq78OxPCMeKSgtCCJ83upOxijDFm7iUL9PbrnSs0fCBjBgCHm9/6fAg5M58
maT55F3entb71BPx06LJRbkUZsKwEDgsyE2qSXFc+S2LpY0/0iXOdrpeZxJMMJIv
jvB8vuwXm5XA1/SyrMKaDtXkYfLI7aso/RPeQkg9mCd1q3MyDbrx80Vq12hMezUL
a06PedrLy6n20IU4kf4qiTOV1/Io3DEIw2Iw8zn5eWKFQMWVSATKlsSnIOawc9+2
0dLHEcCrLb31TuOEA4IC7qJSFArpiCEqpnDQbCUF0QMl
-----END CERTIFICATE-----