Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/qENt31C6sYEBe37Kcj9ZTDXVT2g.roa
File:                     qENt31C6sYEBe37Kcj9ZTDXVT2g.roa (raw, json)
Hash identifier:          oBob7biI5f9KIj4TqcLhqhRGUotrMnriO87CVDu3pjY=
Subject key identifier:   A8:43:6D:DF:50:BA:B1:81:01:7B:7E:CA:72:3F:59:4C:35:D5:4F:68
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018CC727347A364408E61F35D472BC9ECB86
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/qENt31C6sYEBe37Kcj9ZTDXVT2g.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        45.85.130.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:34:7a:36:44:08:e6:1f:35:d4:72:bc:9e:cb:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8436ddf50bab181017b7eca723f594c35d54f68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:17:4e:d6:32:ca:53:69:53:3b:a3:38:60:26:
                    0c:9a:94:9e:5e:03:41:81:0a:2c:41:c9:52:bb:53:
                    59:45:31:26:65:d8:9f:09:af:f0:50:5d:48:a9:a3:
                    ab:90:ba:3b:d8:4a:e7:3f:ca:bb:f5:37:8c:7e:53:
                    6f:60:a8:b8:a3:6a:1c:16:10:d7:24:5c:d8:7c:7c:
                    20:6b:14:6e:bc:cd:69:04:93:99:eb:dc:0a:e1:9c:
                    0b:9f:8e:55:16:c5:44:40:27:fd:c2:d7:4d:91:f0:
                    58:3d:37:cc:47:b4:9b:f6:e2:93:6a:cb:89:75:96:
                    0c:87:bf:3c:f2:fd:2f:ef:a2:7c:d7:95:cc:c0:68:
                    29:18:91:fa:12:be:bc:7e:a8:c8:06:9a:73:98:e5:
                    d3:ce:d1:77:57:c2:e0:21:31:dd:31:d1:ab:e2:9a:
                    bc:b5:0a:7f:ec:38:8d:65:2a:7d:e8:1f:30:dc:ac:
                    c1:97:3d:22:fc:fa:6c:e0:95:29:74:05:97:fb:00:
                    2d:c8:81:af:7e:32:52:97:e8:7b:f2:c3:64:0c:d2:
                    bf:bd:16:89:65:ac:27:0e:90:11:05:46:be:17:d8:
                    96:91:d7:c1:34:36:d2:df:a5:61:68:55:38:89:15:
                    4a:9e:fa:0d:57:46:b2:6c:f0:f0:2a:66:34:ec:c0:
                    20:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:43:6D:DF:50:BA:B1:81:01:7B:7E:CA:72:3F:59:4C:35:D5:4F:68
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/qENt31C6sYEBe37Kcj9ZTDXVT2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:24:d0:40:18:49:7e:30:5a:67:59:2b:f8:bf:a9:2b:ab:15:
         37:c7:ab:ef:a0:b1:72:00:93:c6:59:5b:7d:14:e4:ee:4b:3d:
         5a:d1:a1:54:45:3c:67:36:dc:09:ed:bd:ec:13:4c:9f:72:97:
         a6:56:cb:30:66:93:31:e5:78:88:98:cb:cd:22:99:66:38:89:
         8d:89:02:f2:25:1d:95:3b:26:5b:b2:ce:cd:89:8b:b9:db:4e:
         9e:3c:40:a1:3c:a7:a8:2c:40:a1:cd:83:db:ee:ff:ee:24:64:
         39:65:7b:43:50:ab:1e:9b:f9:1a:ec:78:f0:93:ba:cb:ac:62:
         dc:fc:4a:85:0d:c7:72:32:b7:10:8f:25:3c:55:0d:27:1f:65:
         03:10:be:9b:41:09:82:68:ba:65:55:1c:4a:ae:de:28:d7:fc:
         d4:8d:45:97:6d:00:7d:58:09:0d:fe:35:63:9b:80:6f:f3:a7:
         67:a3:4a:99:0f:e6:5d:17:09:70:44:c8:bc:b7:e7:61:9c:2c:
         15:88:b2:05:c5:84:8e:31:a2:22:87:78:19:df:2e:67:21:8c:
         97:7f:eb:64:30:b1:fd:70:4b:08:9a:5f:4f:2f:20:b6:51:6a:
         8a:1e:86:c9:84:98:36:42:4e:a7:13:4a:a1:a5:a4:2f:f9:c2:
         07:1f:db:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzR6NkQI5h811HK8nsuGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQzNmRkZjUwYmFiMTgxMDE3YjdlY2E3MjNmNTk0YzM1ZDU0ZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxdO1jLKU2lTO6M4YCYMmpSeXgNB
gQosQclSu1NZRTEmZdifCa/wUF1IqaOrkLo72ErnP8q79TeMflNvYKi4o2ocFhDX
JFzYfHwgaxRuvM1pBJOZ69wK4ZwLn45VFsVEQCf9wtdNkfBYPTfMR7Sb9uKTasuJ
dZYMh7888v0v76J815XMwGgpGJH6Er68fqjIBppzmOXTztF3V8LgITHdMdGr4pq8
tQp/7DiNZSp96B8w3KzBlz0i/Pps4JUpdAWX+wAtyIGvfjJSl+h78sNkDNK/vRaJ
ZawnDpARBUa+F9iWkdfBNDbS36VhaFU4iRVKnvoNV0aybPDwKmY07MAgwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhDbd9QurGBAXt+ynI/WUw11U9oMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvcUVOdDMxQzZzWUVCZTM3S2NqOVpURFhWVDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVWCMA0G
CSqGSIb3DQEBCwUAA4IBAQBdJNBAGEl+MFpnWSv4v6krqxU3x6vvoLFyAJPGWVt9
FOTuSz1a0aFURTxnNtwJ7b3sE0yfcpemVsswZpMx5XiImMvNIplmOImNiQLyJR2V
OyZbss7NiYu5206ePEChPKeoLEChzYPb7v/uJGQ5ZXtDUKsem/ka7Hjwk7rLrGLc
/EqFDcdyMrcQjyU8VQ0nH2UDEL6bQQmCaLplVRxKrt4o1/zUjUWXbQB9WAkN/jVj
m4Bv86dno0qZD+ZdFwlwRMi8t+dhnCwViLIFxYSOMaIih3gZ3y5nIYyXf+tkMLH9
cEsIml9PLyC2UWqKHobJhJg2Qk6nE0qhpaQv+cIHH9t1
-----END CERTIFICATE-----