Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/Qa_1ytAHIcs14yVI44Lcp6VI9kk.roa
File:                     Qa_1ytAHIcs14yVI44Lcp6VI9kk.roa (raw, json)
Hash identifier:          RCsZ0xXH9Nik/u/L3U273WXNOKjKOvIEq7fcJ10+kn0=
Subject key identifier:   41:AF:F5:CA:D0:07:21:CB:35:E3:25:48:E3:82:DC:A7:A5:48:F6:49
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       018CC8DEC99B466B778F1CB279229E17CCE1
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/Qa_1ytAHIcs14yVI44Lcp6VI9kk.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198462
IP address blocks:        45.82.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c9:9b:46:6b:77:8f:1c:b2:79:22:9e:17:cc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41aff5cad00721cb35e32548e382dca7a548f649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e6:49:94:5f:fd:79:6d:6a:83:de:98:3d:2e:
                    c3:2a:07:2f:2d:2c:18:7b:ec:2e:19:3a:5a:03:e5:
                    dc:53:2c:c9:ce:3e:bc:8b:b1:a2:75:6f:69:85:0a:
                    43:99:e3:5b:3f:59:22:85:6b:12:6c:97:44:4d:d0:
                    b9:22:19:bc:9f:9b:dd:16:68:f3:12:de:a4:e8:9c:
                    ce:2f:2c:8e:ec:2a:fc:ea:cd:19:9f:fd:ac:56:df:
                    58:98:4c:1e:0a:62:55:47:51:40:9b:77:3e:33:86:
                    c2:08:5d:79:32:e8:e4:b5:38:d0:81:4a:f6:6d:fa:
                    1f:67:1b:7c:3e:4f:b8:f3:82:ac:d7:92:89:ff:84:
                    4d:ba:ab:0b:01:91:f9:89:47:2f:05:dc:62:c0:c8:
                    30:13:85:24:5f:29:0e:66:4e:9c:c5:ee:ad:83:a9:
                    7a:f6:30:80:40:05:b0:d9:c0:91:be:74:62:aa:7a:
                    36:25:92:68:60:2d:9f:03:75:01:69:22:7a:4a:51:
                    1a:25:e2:1f:79:29:4f:ff:3b:40:67:70:5f:42:f6:
                    97:52:27:db:4d:c7:45:5e:65:ad:e7:5f:51:5c:7c:
                    b0:49:70:26:a1:28:0b:12:17:85:69:04:ce:2e:52:
                    9f:af:fd:32:7d:41:14:60:a8:23:1a:1a:e3:59:4a:
                    00:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AF:F5:CA:D0:07:21:CB:35:E3:25:48:E3:82:DC:A7:A5:48:F6:49
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/Qa_1ytAHIcs14yVI44Lcp6VI9kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:28:57:df:ab:e6:df:dd:94:a1:01:f1:e4:23:db:a3:41:77:
         25:6e:d6:fc:8e:31:87:9b:3f:b9:c2:7c:ca:52:08:ab:c1:db:
         39:fc:d8:19:e4:9b:b8:d2:1b:52:e4:fe:bd:3b:c9:f4:e1:4a:
         7c:23:22:ae:cc:d2:51:d0:dc:b9:e8:cb:55:30:86:ac:1c:d2:
         ee:bb:9e:e2:b1:5d:74:27:6a:d2:4c:dd:07:0f:26:1d:75:93:
         cc:ce:00:a5:be:e4:89:82:06:47:fb:e5:46:58:64:ea:ec:76:
         f4:4c:d7:0a:d9:12:3f:ea:c2:1b:4e:c7:9f:b6:58:e5:e3:9f:
         7a:cb:e9:0c:30:92:32:f7:51:c9:32:e7:26:0f:a1:5c:a1:7d:
         bb:74:52:c9:f1:df:a7:03:01:61:bb:a3:10:63:a3:f2:1e:14:
         83:13:23:4b:ea:e2:3d:b5:7e:72:c3:14:0b:1f:3c:fc:44:80:
         40:e4:50:8e:ac:0e:4f:06:8b:cf:80:54:2c:6f:62:40:7f:3b:
         db:63:46:42:7e:ff:32:f0:c0:a7:f2:91:ae:12:fc:ac:34:b6:
         a0:ea:bf:9f:fc:17:41:df:dd:3c:40:3f:b9:14:de:fd:43:60:
         c3:59:91:4f:6f:49:73:e2:b0:78:19:d0:79:c4:ed:0c:8d:b4:
         b2:b0:60:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3smbRmt3jxyyeSKeF8zhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWFmZjVjYWQwMDcyMWNiMzVlMzI1NDhlMzgyZGNhN2E1NDhmNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOZJlF/9eW1qg96YPS7DKgcvLSwY
e+wuGTpaA+XcUyzJzj68i7GidW9phQpDmeNbP1kihWsSbJdETdC5Ihm8n5vdFmjz
Et6k6JzOLyyO7Cr86s0Zn/2sVt9YmEweCmJVR1FAm3c+M4bCCF15MujktTjQgUr2
bfofZxt8Pk+484Ks15KJ/4RNuqsLAZH5iUcvBdxiwMgwE4UkXykOZk6cxe6tg6l6
9jCAQAWw2cCRvnRiqno2JZJoYC2fA3UBaSJ6SlEaJeIfeSlP/ztAZ3BfQvaXUifb
TcdFXmWt519RXHywSXAmoSgLEheFaQTOLlKfr/0yfUEUYKgjGhrjWUoALwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGv9crQByHLNeMlSOOC3KelSPZJMB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvUWFfMXl0QUhJY3MxNHlWSTQ0TGNwNlZJOWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVLIMA0G
CSqGSIb3DQEBCwUAA4IBAQCFKFffq+bf3ZShAfHkI9ujQXclbtb8jjGHmz+5wnzK
Ugirwds5/NgZ5Ju40htS5P69O8n04Up8IyKuzNJR0Ny56MtVMIasHNLuu57isV10
J2rSTN0HDyYddZPMzgClvuSJggZH++VGWGTq7Hb0TNcK2RI/6sIbTseftljl4596
y+kMMJIy91HJMucmD6FcoX27dFLJ8d+nAwFhu6MQY6PyHhSDEyNL6uI9tX5ywxQL
Hzz8RIBA5FCOrA5PBovPgFQsb2JAfzvbY0ZCfv8y8MCn8pGuEvysNLag6r+f/BdB
3908QD+5FN79Q2DDWZFPb0lz4rB4GdB5xO0MjbSysGDV
-----END CERTIFICATE-----