Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/qcV2mh7TvziGWLBjnpfDaATkDCg.roa
File:                     qcV2mh7TvziGWLBjnpfDaATkDCg.roa (raw, json)
Hash identifier:          JB9rc5x8C3S1s59ov2kChK1pH93SkRZr/x98vSO1XfU=
Subject key identifier:   A9:C5:76:9A:1E:D3:BF:38:86:58:B0:63:9E:97:C3:68:04:E4:0C:28
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       01917078ADC6A690A3AF6CE9D8085811E34D
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/qcV2mh7TvziGWLBjnpfDaATkDCg.roa
Signing time:             Tue 20 Aug 2024 15:47:22 +0000
ROA not before:           Tue 20 Aug 2024 15:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215802
IP address blocks:        45.66.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:78:ad:c6:a6:90:a3:af:6c:e9:d8:08:58:11:e3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Aug 20 15:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9c5769a1ed3bf388658b0639e97c36804e40c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:98:e9:49:8c:7a:21:ed:92:6a:d8:6c:55:4e:
                    85:2b:c8:a9:2f:33:71:a7:30:e0:8e:f2:5d:7d:69:
                    e8:f6:24:d9:d6:14:f4:8d:d3:39:58:4b:61:33:16:
                    17:ac:ec:d1:43:7e:92:15:5e:1c:8e:43:02:07:e0:
                    2f:dc:e7:2c:5d:f0:d5:47:81:93:ab:e7:98:5b:ac:
                    6e:31:41:a3:ad:f6:2d:0c:36:dc:b9:42:f9:b4:fe:
                    86:85:f5:7a:c3:ab:f2:bd:6d:74:13:39:fb:0b:73:
                    5e:bc:1d:ec:03:26:62:ea:21:11:5b:23:03:78:21:
                    94:10:fb:82:02:14:97:bd:d7:b6:5e:c1:ad:39:3f:
                    7e:fc:50:33:c0:8c:2d:44:0e:ad:78:09:f8:00:2b:
                    4c:73:73:9b:e3:67:c6:3f:dc:14:cd:55:e4:81:80:
                    87:04:5b:34:b0:9a:c8:c9:79:31:3e:d7:56:90:01:
                    8c:2d:ab:00:44:54:1a:12:ba:02:af:6f:c9:d6:88:
                    1b:2a:27:a8:f5:43:da:1f:83:c8:0d:7a:19:1f:20:
                    43:ef:75:bc:53:b1:8e:99:3b:85:93:8a:a1:1a:13:
                    72:1c:2a:d6:c3:a3:c8:64:c6:30:a3:06:f4:18:4d:
                    92:46:d6:0a:f1:ec:c5:be:c3:d0:db:2a:b6:74:84:
                    91:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C5:76:9A:1E:D3:BF:38:86:58:B0:63:9E:97:C3:68:04:E4:0C:28
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/qcV2mh7TvziGWLBjnpfDaATkDCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:51:23:1b:0e:e7:2f:45:32:90:ae:9f:82:9d:21:f1:3a:bd:
         3b:7f:28:82:11:eb:85:f2:9f:42:89:03:0a:cc:e9:7a:fa:72:
         24:6d:50:c6:c5:65:14:63:98:1b:a4:3b:3c:c0:6b:30:9d:b9:
         33:17:d9:be:4e:ce:bc:4f:7b:8a:0d:57:2c:5c:97:a9:97:ba:
         2d:e3:04:39:12:2e:71:c3:75:42:53:3f:37:87:b5:b3:7c:74:
         a1:df:ae:99:23:7d:2c:85:75:71:b3:c6:5e:61:c3:35:86:9d:
         c9:8b:3c:bd:af:d4:0f:99:92:20:ee:fd:92:66:33:f2:08:6f:
         17:a4:78:35:2e:ce:8d:eb:ab:3a:fe:13:19:43:4a:cf:94:0b:
         9a:ca:4d:5f:a3:70:67:46:73:bf:4f:78:71:db:ae:43:e8:c1:
         c9:85:a6:f7:5c:5c:b4:96:69:f7:25:7a:69:4d:5e:6f:2b:4a:
         51:26:11:eb:07:f0:c4:94:94:96:3a:e8:28:f7:b2:4e:e1:d1:
         a8:a8:4d:3e:1b:37:d0:4d:1a:64:3a:c6:47:ab:91:2f:75:5e:
         c0:13:92:7f:b1:32:19:47:db:44:28:6d:3a:39:14:45:3a:0d:
         f7:db:59:f9:25:16:b5:8f:44:4d:33:34:c7:68:41:fb:0e:00:
         ac:90:d3:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFweK3GppCjr2zp2AhYEeNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwODIwMTU0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM1NzY5YTFlZDNiZjM4ODY1OGIwNjM5ZTk3YzM2ODA0ZTQwYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZjpSYx6Ie2SathsVU6FK8ipLzNx
pzDgjvJdfWno9iTZ1hT0jdM5WEthMxYXrOzRQ36SFV4cjkMCB+Av3OcsXfDVR4GT
q+eYW6xuMUGjrfYtDDbcuUL5tP6GhfV6w6vyvW10Ezn7C3NevB3sAyZi6iERWyMD
eCGUEPuCAhSXvde2XsGtOT9+/FAzwIwtRA6teAn4ACtMc3Ob42fGP9wUzVXkgYCH
BFs0sJrIyXkxPtdWkAGMLasARFQaEroCr2/J1ogbKieo9UPaH4PIDXoZHyBD73W8
U7GOmTuFk4qhGhNyHCrWw6PIZMYwowb0GE2SRtYK8ezFvsPQ2yq2dISR4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnFdpoe0784hliwY56Xw2gE5AwoMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvcWNWMm1oN1R2emlHV0xCam5wZkRhQVRrRENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUI1MA0G
CSqGSIb3DQEBCwUAA4IBAQCnUSMbDucvRTKQrp+CnSHxOr07fyiCEeuF8p9CiQMK
zOl6+nIkbVDGxWUUY5gbpDs8wGswnbkzF9m+Ts68T3uKDVcsXJepl7ot4wQ5Ei5x
w3VCUz83h7WzfHSh366ZI30shXVxs8ZeYcM1hp3Jizy9r9QPmZIg7v2SZjPyCG8X
pHg1Ls6N66s6/hMZQ0rPlAuayk1fo3BnRnO/T3hx265D6MHJhab3XFy0lmn3JXpp
TV5vK0pRJhHrB/DElJSWOugo97JO4dGoqE0+GzfQTRpkOsZHq5EvdV7AE5J/sTIZ
R9tEKG06ORRFOg3321n5JRa1j0RNMzTHaEH7DgCskNNW
-----END CERTIFICATE-----