Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Qjeioj7scdzDBms-eBsleCSBPKw.roa
File:                     Qjeioj7scdzDBms-eBsleCSBPKw.roa (raw, json)
Hash identifier:          XSrWOYnvFdnGDzUDEMXAeG6BZLgXoNDJmGq8Tk7UH6Y=
Subject key identifier:   42:37:A2:A2:3E:EC:71:DC:C3:06:6B:3E:78:1B:25:78:24:81:3C:AC
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019330A3A1526DD0922D8C758B2D259460E8
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Qjeioj7scdzDBms-eBsleCSBPKw.roa
Signing time:             Fri 15 Nov 2024 16:24:10 +0000
ROA not before:           Fri 15 Nov 2024 16:24:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213850
IP address blocks:        45.142.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:a3:a1:52:6d:d0:92:2d:8c:75:8b:2d:25:94:60:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Nov 15 16:24:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4237a2a23eec71dcc3066b3e781b257824813cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:60:31:b4:c8:6d:6e:71:67:a8:20:19:7f:5d:
                    6b:58:50:fd:b8:07:c2:e4:37:fe:28:7f:75:8a:64:
                    ed:cb:af:21:4f:80:e5:ff:42:9d:b5:04:45:17:dd:
                    56:6b:45:5e:7f:4c:4b:a8:4a:45:ea:61:83:09:3b:
                    af:87:10:77:48:50:a9:a7:ba:dd:6f:4b:f9:20:b4:
                    22:27:20:81:08:51:21:d2:04:62:36:da:a2:72:89:
                    ef:df:9a:76:c0:46:c9:19:42:55:ff:25:9a:71:1b:
                    f6:9f:8e:73:cd:eb:98:9c:ec:cf:17:45:ff:38:38:
                    78:8f:28:3f:41:cd:62:ff:32:60:2a:46:24:9d:58:
                    d9:b7:9e:84:89:54:f7:82:5c:b6:55:d5:41:d2:bf:
                    45:e0:df:b7:11:12:bb:20:7b:8a:ec:c8:fa:ec:69:
                    a1:41:9c:ce:b2:56:b1:a1:65:a3:76:2a:b6:d1:83:
                    8a:d9:5f:32:70:ed:2e:03:70:ff:b4:20:31:8f:02:
                    e0:a0:3d:52:02:0f:d6:c6:2f:e4:66:45:79:35:50:
                    14:27:23:98:9b:92:be:f0:c9:c0:90:da:41:3b:f5:
                    ed:fc:11:27:c6:7f:d0:8f:3d:78:7e:1a:8a:be:4c:
                    dd:85:d0:f0:e7:d0:85:f2:13:60:b6:06:0c:de:73:
                    8f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:37:A2:A2:3E:EC:71:DC:C3:06:6B:3E:78:1B:25:78:24:81:3C:AC
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Qjeioj7scdzDBms-eBsleCSBPKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f6:bc:03:1b:d4:22:d2:1e:48:23:4f:3a:e7:6c:c9:98:d9:
         06:18:eb:00:90:34:2d:9a:ca:99:54:77:a8:84:8f:04:08:38:
         f5:53:c0:72:a1:68:c8:f7:6e:0d:98:ff:57:79:2d:ce:5f:56:
         99:d7:12:8d:eb:b9:b2:91:14:70:43:93:dc:c9:20:e2:81:52:
         d1:7c:73:4c:af:41:49:02:9f:4a:a7:5c:bb:3f:1b:0b:60:ba:
         db:f6:a7:67:47:2c:f2:94:1f:55:fd:47:ba:bb:49:d7:bf:b0:
         ad:0d:53:ab:e8:05:ac:fc:b2:68:aa:db:60:de:c0:e8:a8:2a:
         a9:1e:5e:81:dd:60:b3:77:9c:b3:42:2f:dd:2e:75:17:43:8c:
         c9:dc:a8:c5:50:79:39:72:74:39:13:15:21:71:12:1e:3a:14:
         3b:b0:07:fc:da:69:da:b8:39:aa:ef:71:db:cd:a8:30:e2:e5:
         1a:ea:f5:d1:a8:eb:7f:29:43:af:1d:8d:4a:0e:33:f0:7b:32:
         a8:ca:71:1a:fa:69:61:18:d5:7a:6d:60:11:39:d3:ed:91:d4:
         35:98:bc:3a:41:54:a8:7b:a6:75:d0:0a:42:5b:2b:80:23:9c:
         b4:9f:f0:92:c2:9e:70:bd:d1:8e:40:d9:32:42:98:17:45:56:
         14:3b:c2:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMwo6FSbdCSLYx1iy0llGDoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQxMTE1MTYyNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM3YTJhMjNlZWM3MWRjYzMwNjZiM2U3ODFiMjU3ODI0ODEzY2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmAxtMhtbnFnqCAZf11rWFD9uAfC
5Df+KH91imTty68hT4Dl/0KdtQRFF91Wa0Vef0xLqEpF6mGDCTuvhxB3SFCpp7rd
b0v5ILQiJyCBCFEh0gRiNtqiconv35p2wEbJGUJV/yWacRv2n45zzeuYnOzPF0X/
ODh4jyg/Qc1i/zJgKkYknVjZt56EiVT3gly2VdVB0r9F4N+3ERK7IHuK7Mj67Gmh
QZzOslaxoWWjdiq20YOK2V8ycO0uA3D/tCAxjwLgoD1SAg/Wxi/kZkV5NVAUJyOY
m5K+8MnAkNpBO/Xt/BEnxn/Qjz14fhqKvkzdhdDw59CF8hNgtgYM3nOPXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI3oqI+7HHcwwZrPngbJXgkgTysMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvUWplaW9qN3NjZHpEQm1zLWVCc2xlQ1NCUEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5oMA0G
CSqGSIb3DQEBCwUAA4IBAQAF9rwDG9Qi0h5II08652zJmNkGGOsAkDQtmsqZVHeo
hI8ECDj1U8ByoWjI924NmP9XeS3OX1aZ1xKN67mykRRwQ5PcySDigVLRfHNMr0FJ
Ap9Kp1y7PxsLYLrb9qdnRyzylB9V/Ue6u0nXv7CtDVOr6AWs/LJoqttg3sDoqCqp
Hl6B3WCzd5yzQi/dLnUXQ4zJ3KjFUHk5cnQ5ExUhcRIeOhQ7sAf82mnauDmq73Hb
zagw4uUa6vXRqOt/KUOvHY1KDjPwezKoynEa+mlhGNV6bWAROdPtkdQ1mLw6QVSo
e6Z10ApCWyuAI5y0n/CSwp5wvdGOQNkyQpgXRVYUO8KC
-----END CERTIFICATE-----