Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/mqkPohFPr_TgUkIzo00NeXYrlI0.roa
File:                     mqkPohFPr_TgUkIzo00NeXYrlI0.roa (raw, json)
Hash identifier:          ANM60eGPT3c3TWn8BeAWLj+z7eENOst9pB4Ekm1CQVU=
Subject key identifier:   9A:A9:0F:A2:11:4F:AF:F4:E0:52:42:33:A3:4D:0D:79:76:2B:94:8D
Certificate issuer:       /CN=baaa7b4c01e929c38923981ab51c9727a1f9f07e
Certificate serial:       018CC3B72F77BF27E164FDAD15ABDCFED5A7
Authority key identifier: BA:AA:7B:4C:01:E9:29:C3:89:23:98:1A:B5:1C:97:27:A1:F9:F0:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqp7TAHpKcOJI5gatRyXJ6H58H4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/mqkPohFPr_TgUkIzo00NeXYrlI0.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        45.132.226.0/24 maxlen: 24
                          45.132.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/uqp7TAHpKcOJI5gatRyXJ6H58H4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/uqp7TAHpKcOJI5gatRyXJ6H58H4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqp7TAHpKcOJI5gatRyXJ6H58H4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2f:77:bf:27:e1:64:fd:ad:15:ab:dc:fe:d5:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baaa7b4c01e929c38923981ab51c9727a1f9f07e
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aa90fa2114faff4e0524233a34d0d79762b948d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:43:20:a4:d5:1c:4b:80:b5:ce:5d:a1:b5:b9:
                    96:17:ae:91:2f:90:c3:95:f6:9a:f3:45:f8:3b:bd:
                    22:e0:05:eb:58:6c:68:8f:82:71:e0:2e:51:cc:ae:
                    58:0f:87:c7:1d:ae:fe:ab:39:71:e1:56:91:7a:04:
                    72:70:04:43:57:36:01:be:6f:b4:f7:c4:7e:ea:a4:
                    16:b3:54:4d:42:54:e0:fa:63:5d:fb:17:03:cc:7f:
                    45:13:5c:4d:d5:7a:64:69:69:ee:b8:aa:0c:ec:59:
                    e2:6b:0c:d7:ff:58:0b:d0:0c:cd:5b:ca:de:ba:b4:
                    48:7a:77:3a:f2:10:d1:e5:5a:25:41:b6:2f:0c:0b:
                    07:ae:6f:62:6e:e3:dd:0e:ab:b7:b1:f8:11:bb:55:
                    1a:9b:a8:97:d3:3e:a5:30:ba:32:90:91:a1:cd:9e:
                    5f:b1:83:d5:6c:b6:9a:be:d9:b2:66:25:ec:1f:ab:
                    3a:d2:db:b3:9b:76:57:72:f9:17:1b:ec:85:95:48:
                    3f:59:26:1b:41:ba:fe:96:09:f1:33:d9:c5:03:99:
                    3a:6f:0c:e8:9e:2c:02:4c:4b:0a:6f:85:e6:b3:7b:
                    5d:76:67:8b:76:7e:f6:2f:3c:95:be:09:0e:cb:75:
                    a5:7e:fc:7e:df:a5:9c:80:fa:10:8f:81:cc:a7:88:
                    8a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A9:0F:A2:11:4F:AF:F4:E0:52:42:33:A3:4D:0D:79:76:2B:94:8D
            X509v3 Authority Key Identifier:
                keyid:BA:AA:7B:4C:01:E9:29:C3:89:23:98:1A:B5:1C:97:27:A1:F9:F0:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqp7TAHpKcOJI5gatRyXJ6H58H4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/mqkPohFPr_TgUkIzo00NeXYrlI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/uqp7TAHpKcOJI5gatRyXJ6H58H4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:48:dc:ec:2a:68:67:4d:64:e7:51:39:57:69:be:92:56:a5:
         d9:51:04:67:ee:18:82:8c:16:7e:34:17:cc:32:a5:ca:20:15:
         13:3e:04:77:ef:1e:78:3b:63:b0:70:79:3f:e0:c0:a2:7d:83:
         fc:1f:74:d3:a0:9a:4b:00:c3:3f:16:cb:c5:44:e8:c6:72:93:
         de:be:08:65:b5:39:eb:52:07:26:36:66:85:53:d2:f8:ab:37:
         5f:9b:a0:56:ee:09:cf:ed:75:04:27:fb:98:8d:37:8b:c7:04:
         f5:c2:dc:97:1e:d4:18:0b:81:1d:4a:43:5a:ad:65:62:77:20:
         94:3c:ac:fb:37:5e:c0:f7:8d:74:14:4c:65:99:4a:94:f3:ae:
         7a:2a:f8:b5:4a:43:90:1e:84:e5:c7:8d:f0:08:9c:2b:81:cf:
         5e:36:a4:ee:ea:21:45:1c:02:18:8d:e7:8a:de:7b:8f:26:19:
         80:db:7b:37:9f:e4:2f:70:13:cc:42:76:fe:18:03:a8:fa:e5:
         59:9e:a7:b9:8e:24:de:3f:6c:0f:9b:2b:0f:be:84:87:30:14:
         ce:00:4e:07:97:5f:e3:a8:95:f7:ee:13:5b:c0:35:c6:f6:cf:
         f0:5f:e1:7c:0c:d4:b8:6d:fd:90:03:9d:4f:03:e3:e7:c8:82:
         c0:bd:21:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDty93vyfhZP2tFavc/tWnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE3YjRjMDFlOTI5YzM4OTIzOTgxYWI1MWM5NzI3YTFm
OWYwN2UwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWE5MGZhMjExNGZhZmY0ZTA1MjQyMzNhMzRkMGQ3OTc2MmI5NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkMgpNUcS4C1zl2htbmWF66RL5DD
lfaa80X4O70i4AXrWGxoj4Jx4C5RzK5YD4fHHa7+qzlx4VaRegRycARDVzYBvm+0
98R+6qQWs1RNQlTg+mNd+xcDzH9FE1xN1XpkaWnuuKoM7FniawzX/1gL0AzNW8re
urRIenc68hDR5VolQbYvDAsHrm9ibuPdDqu3sfgRu1Uam6iX0z6lMLoykJGhzZ5f
sYPVbLaavtmyZiXsH6s60tuzm3ZXcvkXG+yFlUg/WSYbQbr+lgnxM9nFA5k6bwzo
niwCTEsKb4Xms3tddmeLdn72LzyVvgkOy3Wlfvx+36WcgPoQj4HMp4iK+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqpD6IRT6/04FJCM6NNDXl2K5SNMB8GA1UdIwQY
MBaAFLqqe0wB6SnDiSOYGrUclyeh+fB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwN1RBSHBLY09KSTVnYXRSeVhKNkg1OEg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYjllNzAtNDg5YS00MDg4LWIyOGUt
ZTY4ZjZjZjJjMGQyLzEvbXFrUG9oRlByX1RnVWtJem8wME5lWFlybEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYjllNzAtNDg5YS00MDg4LWIyOGUtZTY4ZjZjZjJjMGQy
LzEvdXFwN1RBSHBLY09KSTVnYXRSeVhKNkg1OEg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYTiMA0G
CSqGSIb3DQEBCwUAA4IBAQCNSNzsKmhnTWTnUTlXab6SVqXZUQRn7hiCjBZ+NBfM
MqXKIBUTPgR37x54O2OwcHk/4MCifYP8H3TToJpLAMM/FsvFROjGcpPevghltTnr
UgcmNmaFU9L4qzdfm6BW7gnP7XUEJ/uYjTeLxwT1wtyXHtQYC4EdSkNarWVidyCU
PKz7N17A9410FExlmUqU8656Kvi1SkOQHoTlx43wCJwrgc9eNqTu6iFFHAIYjeeK
3nuPJhmA23s3n+QvcBPMQnb+GAOo+uVZnqe5jiTeP2wPmysPvoSHMBTOAE4Hl1/j
qJX37hNbwDXG9s/wX+F8DNS4bf2QA51PA+PnyILAvSFe
-----END CERTIFICATE-----