Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/fqWZce32UTOUOZwAqoSCBoe8ly4.roa
File:                     fqWZce32UTOUOZwAqoSCBoe8ly4.roa (raw, json)
Hash identifier:          OvyzlrD1Hn7A5oZekm7fWHZhSYlMvMZhO0NhWaIAzgA=
Subject key identifier:   7E:A5:99:71:ED:F6:51:33:94:39:9C:00:AA:84:82:06:87:BC:97:2E
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018D5611BDD2FCE4639C5657B8A4092A646C
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/fqWZce32UTOUOZwAqoSCBoe8ly4.roa
Signing time:             Mon 29 Jan 2024 16:33:39 +0000
ROA not before:           Mon 29 Jan 2024 16:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51500
IP address blocks:        45.89.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:56:11:bd:d2:fc:e4:63:9c:56:57:b8:a4:09:2a:64:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan 29 16:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ea59971edf6513394399c00aa84820687bc972e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:79:1a:20:1a:63:61:5f:06:f4:64:c9:66:67:
                    ef:cc:70:70:8e:3a:ac:7f:e8:c4:07:60:77:97:c8:
                    3d:02:47:93:f3:ea:e6:d2:4d:11:a2:9d:d0:cf:9b:
                    9a:6b:ef:48:c9:81:ee:b7:26:bc:37:32:56:69:59:
                    6a:d8:5b:e2:2d:55:80:78:77:3c:2d:1c:e2:be:71:
                    30:ea:86:6b:76:e9:af:72:94:3f:96:6a:bd:ed:00:
                    90:7e:9e:5b:2a:db:8e:17:87:b1:c5:01:b6:95:5c:
                    d1:99:06:ac:72:2e:6f:99:e8:94:d5:a9:24:ad:9a:
                    6d:86:11:32:57:ff:fc:4a:f4:2d:70:af:49:e0:30:
                    bc:cb:63:d4:18:43:9b:f7:58:07:96:f5:4f:f5:e4:
                    e6:ef:ec:2b:e0:6a:80:8d:83:a2:a7:14:40:45:10:
                    de:db:4e:73:f2:13:e5:1b:a7:1a:d3:bf:38:a5:b5:
                    a8:1d:2c:7a:bd:10:c7:a0:a2:57:34:42:70:bf:b1:
                    68:b8:27:0e:27:4e:78:13:b8:be:1b:d3:ba:ee:cb:
                    1a:4f:e5:29:8e:8a:be:da:75:06:f2:90:ae:00:b4:
                    d4:c6:aa:6a:50:33:ba:6f:b7:aa:a9:f7:07:2b:a3:
                    31:78:44:8f:de:4d:5a:06:0a:7f:a1:dd:65:88:96:
                    b1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A5:99:71:ED:F6:51:33:94:39:9C:00:AA:84:82:06:87:BC:97:2E
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/fqWZce32UTOUOZwAqoSCBoe8ly4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:7b:63:49:6a:6c:24:7a:17:b2:da:33:e9:ca:d9:b2:2a:f9:
         1f:12:fc:58:a9:10:c9:87:4a:3e:21:99:c8:1d:e2:21:a5:a6:
         34:d3:64:3a:5f:d3:3a:c2:35:47:36:e2:d4:ad:f4:f2:2c:08:
         37:1f:42:bb:fd:45:4a:39:07:87:da:70:e2:3a:10:27:36:d3:
         c6:1e:95:3d:c4:4a:00:43:c8:ef:a3:f8:11:98:e1:06:8d:bc:
         ef:f9:61:f7:a1:6c:8c:68:92:07:1e:84:22:bc:ce:41:d2:b7:
         7a:ef:fd:77:06:81:3f:9f:cc:4b:8a:f1:dd:63:30:61:a8:e6:
         0c:96:a8:95:64:9f:65:9e:72:ab:03:82:79:50:72:ec:97:93:
         00:29:36:a8:92:2a:f5:8e:fb:0e:19:e3:28:4f:1d:0b:63:01:
         a3:f4:a7:92:03:b3:81:e6:ca:98:5f:af:64:87:ab:13:b9:d3:
         ba:e9:a6:e3:d1:a2:72:9f:7d:76:fc:84:4a:27:7b:3b:f7:1c:
         f6:1b:29:85:7b:d6:d5:5a:f5:c2:4e:03:3a:96:86:b6:c1:8f:
         40:12:27:0f:54:57:81:cb:c6:6a:a7:d1:b2:89:b1:43:4b:b7:
         75:00:bc:30:6b:2c:f3:30:ba:5b:44:7a:82:03:08:03:45:8c:
         02:af:a0:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1WEb3S/ORjnFZXuKQJKmRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTI5MTYzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWE1OTk3MWVkZjY1MTMzOTQzOTljMDBhYTg0ODIwNjg3YmM5NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03kaIBpjYV8G9GTJZmfvzHBwjjqs
f+jEB2B3l8g9AkeT8+rm0k0Rop3Qz5uaa+9IyYHutya8NzJWaVlq2FviLVWAeHc8
LRzivnEw6oZrdumvcpQ/lmq97QCQfp5bKtuOF4exxQG2lVzRmQasci5vmeiU1akk
rZpthhEyV//8SvQtcK9J4DC8y2PUGEOb91gHlvVP9eTm7+wr4GqAjYOipxRARRDe
205z8hPlG6ca0784pbWoHSx6vRDHoKJXNEJwv7FouCcOJ054E7i+G9O67ssaT+Up
joq+2nUG8pCuALTUxqpqUDO6b7eqqfcHK6MxeESP3k1aBgp/od1liJax1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6lmXHt9lEzlDmcAKqEggaHvJcuMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvZnFXWmNlMzJVVE9VT1p3QXFvU0NCb2U4bHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVlYMA0G
CSqGSIb3DQEBCwUAA4IBAQBie2NJamwkehey2jPpytmyKvkfEvxYqRDJh0o+IZnI
HeIhpaY002Q6X9M6wjVHNuLUrfTyLAg3H0K7/UVKOQeH2nDiOhAnNtPGHpU9xEoA
Q8jvo/gRmOEGjbzv+WH3oWyMaJIHHoQivM5B0rd67/13BoE/n8xLivHdYzBhqOYM
lqiVZJ9lnnKrA4J5UHLsl5MAKTaokir1jvsOGeMoTx0LYwGj9KeSA7OB5sqYX69k
h6sTudO66abj0aJyn312/IRKJ3s79xz2GymFe9bVWvXCTgM6loa2wY9AEicPVFeB
y8Zqp9GyibFDS7d1ALwwayzzMLpbRHqCAwgDRYwCr6Bm
-----END CERTIFICATE-----