Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/052f4c-be3c-4d19-aa04-0ab8dd9ebab1/1/QBkLdfLsnaDtJqiyjI5r5yaRleQ.roa
File:                     QBkLdfLsnaDtJqiyjI5r5yaRleQ.roa (raw, json)
Hash identifier:          zIe2+DX9wxRUgAMY+H2/NGTJruISHbKLGYs2lOTA5YY=
Subject key identifier:   40:19:0B:75:F2:EC:9D:A0:ED:26:A8:B2:8C:8E:6B:E7:26:91:95:E4
Certificate issuer:       /CN=a4aa9bcd06ea6c565dd907ca04e5077d68c0664f
Certificate serial:       018CC8030DFB248931CB2EE06594ED70DD09
Authority key identifier: A4:AA:9B:CD:06:EA:6C:56:5D:D9:07:CA:04:E5:07:7D:68:C0:66:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKqbzQbqbFZd2QfKBOUHfWjAZk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/052f4c-be3c-4d19-aa04-0ab8dd9ebab1/1/QBkLdfLsnaDtJqiyjI5r5yaRleQ.roa
Signing time:             Tue 02 Jan 2024 02:31:32 +0000
ROA not before:           Tue 02 Jan 2024 02:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208246
IP address blocks:        45.150.88.0/22 maxlen: 22
                          45.150.88.0/23 maxlen: 23
                          45.150.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/052f4c-be3c-4d19-aa04-0ab8dd9ebab1/1/pKqbzQbqbFZd2QfKBOUHfWjAZk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/052f4c-be3c-4d19-aa04-0ab8dd9ebab1/1/pKqbzQbqbFZd2QfKBOUHfWjAZk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKqbzQbqbFZd2QfKBOUHfWjAZk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:0d:fb:24:89:31:cb:2e:e0:65:94:ed:70:dd:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4aa9bcd06ea6c565dd907ca04e5077d68c0664f
        Validity
            Not Before: Jan  2 02:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40190b75f2ec9da0ed26a8b28c8e6be7269195e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b3:5a:b7:8e:c5:c4:6a:03:34:44:f4:f6:7b:
                    89:4d:50:2f:79:e9:db:00:a6:77:94:db:aa:c7:65:
                    8e:fd:97:d4:aa:68:31:0a:bc:c0:7a:9f:6d:1f:ae:
                    ea:cd:2e:68:e5:e0:3a:28:bd:9f:ec:ff:df:b4:09:
                    0a:2a:f2:11:2f:d4:f2:de:0d:c6:cd:5d:4d:2f:4b:
                    aa:dc:e4:03:c2:c7:c7:d7:46:5c:d7:fe:95:be:fa:
                    f1:d4:c5:9f:84:39:50:3f:8b:af:c5:4e:6d:7d:95:
                    3f:b7:dc:22:13:2e:3e:91:a7:79:ff:3f:6d:e5:04:
                    40:46:21:76:b2:33:86:4d:68:f2:e2:dc:df:4b:86:
                    05:77:18:4c:8d:d3:1a:23:ca:7f:b9:69:3e:f6:59:
                    c6:f8:44:ec:70:88:bc:ea:76:0d:00:ea:9e:ae:14:
                    aa:d0:b4:e1:b7:55:3d:c2:e3:27:48:b5:24:44:af:
                    f7:2c:c6:91:a6:ff:5c:ff:49:ba:f7:e4:86:78:39:
                    ab:20:db:6a:d9:8b:41:af:38:41:61:ff:89:c7:54:
                    d4:71:15:56:64:99:3b:a1:af:4d:03:b1:64:10:80:
                    2f:96:e1:1d:ef:df:ea:8e:31:50:c0:94:62:5f:bd:
                    61:86:87:ad:98:fd:b3:26:f9:2b:60:8c:fe:4e:56:
                    7d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:19:0B:75:F2:EC:9D:A0:ED:26:A8:B2:8C:8E:6B:E7:26:91:95:E4
            X509v3 Authority Key Identifier:
                keyid:A4:AA:9B:CD:06:EA:6C:56:5D:D9:07:CA:04:E5:07:7D:68:C0:66:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKqbzQbqbFZd2QfKBOUHfWjAZk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/052f4c-be3c-4d19-aa04-0ab8dd9ebab1/1/QBkLdfLsnaDtJqiyjI5r5yaRleQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/052f4c-be3c-4d19-aa04-0ab8dd9ebab1/1/pKqbzQbqbFZd2QfKBOUHfWjAZk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:e6:46:0f:4f:ae:65:2c:65:74:41:94:b5:49:9a:af:ee:b8:
         70:f1:67:b2:0f:41:9a:a7:a2:4b:90:d7:a3:82:aa:9f:59:df:
         24:c0:c3:d5:a4:1e:25:98:24:7d:e9:7d:8b:b3:14:95:64:fb:
         1a:26:da:c4:e3:9f:da:06:c1:63:1b:5d:3b:69:96:b2:2a:69:
         a4:cb:fd:89:88:d6:dd:f1:f6:4b:63:54:c5:36:a0:8b:1e:27:
         0e:d6:be:ab:cf:fa:e2:e2:2a:ed:c0:97:14:7c:bd:60:3a:eb:
         a7:3b:ff:75:ac:00:55:9f:6d:21:c3:27:5f:fd:72:0a:0d:bd:
         bf:34:a9:40:df:83:b4:b4:73:aa:f7:5d:88:ae:06:b7:96:e2:
         cc:f6:7a:7f:b9:e9:56:3e:cc:25:e9:08:fb:86:bf:23:59:bc:
         d9:04:27:4d:c6:d4:90:9d:88:a6:e8:ae:a5:f8:69:f3:bc:0c:
         41:da:d3:50:15:bb:cb:02:ce:a1:a3:bc:eb:cb:25:2d:1c:d7:
         68:ce:e0:4f:62:fc:06:77:32:a7:c5:cc:1b:92:8d:ea:e0:1d:
         f3:66:84:92:43:dc:e4:6e:00:bc:78:8c:9b:cd:f0:6c:6a:7e:
         71:1a:14:81:df:66:eb:20:9f:6e:2c:a8:30:56:40:c4:a0:d6:
         c4:4f:f4:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAw37JIkxyy7gZZTtcN0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YWE5YmNkMDZlYTZjNTY1ZGQ5MDdjYTA0ZTUwNzdkNjhj
MDY2NGYwHhcNMjQwMTAyMDIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE5MGI3NWYyZWM5ZGEwZWQyNmE4YjI4YzhlNmJlNzI2OTE5NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrNat47FxGoDNET09nuJTVAveenb
AKZ3lNuqx2WO/ZfUqmgxCrzAep9tH67qzS5o5eA6KL2f7P/ftAkKKvIRL9Ty3g3G
zV1NL0uq3OQDwsfH10Zc1/6Vvvrx1MWfhDlQP4uvxU5tfZU/t9wiEy4+kad5/z9t
5QRARiF2sjOGTWjy4tzfS4YFdxhMjdMaI8p/uWk+9lnG+ETscIi86nYNAOqerhSq
0LTht1U9wuMnSLUkRK/3LMaRpv9c/0m69+SGeDmrINtq2YtBrzhBYf+Jx1TUcRVW
ZJk7oa9NA7FkEIAvluEd79/qjjFQwJRiX71hhoetmP2zJvkrYIz+TlZ9CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAZC3Xy7J2g7SaosoyOa+cmkZXkMB8GA1UdIwQY
MBaAFKSqm80G6mxWXdkHygTlB31owGZPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEtxYnpRYnFiRlpkMlFmS0JPVUhmV2pBWms4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wNTJmNGMtYmUzYy00ZDE5LWFhMDQt
MGFiOGRkOWViYWIxLzEvUUJrTGRmTHNuYUR0SnFpeWpJNXI1eWFSbGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wNTJmNGMtYmUzYy00ZDE5LWFhMDQtMGFiOGRkOWViYWIx
LzEvcEtxYnpRYnFiRlpkMlFmS0JPVUhmV2pBWms4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZZYMA0G
CSqGSIb3DQEBCwUAA4IBAQAG5kYPT65lLGV0QZS1SZqv7rhw8WeyD0Gap6JLkNej
gqqfWd8kwMPVpB4lmCR96X2LsxSVZPsaJtrE45/aBsFjG107aZayKmmky/2JiNbd
8fZLY1TFNqCLHicO1r6rz/ri4irtwJcUfL1gOuunO/91rABVn20hwydf/XIKDb2/
NKlA34O0tHOq912Irga3luLM9np/uelWPswl6Qj7hr8jWbzZBCdNxtSQnYim6K6l
+GnzvAxB2tNQFbvLAs6ho7zryyUtHNdozuBPYvwGdzKnxcwbko3q4B3zZoSSQ9zk
bgC8eIybzfBsan5xGhSB32brIJ9uLKgwVkDEoNbET/TV
-----END CERTIFICATE-----