Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/qLBH6WgGMrBsftajbUnoXCUuS-A.roa
File:                     qLBH6WgGMrBsftajbUnoXCUuS-A.roa (raw, json)
Hash identifier:          RBKtS1XyG/Y/58cSK8Yk1Om4IoAecP8XkPXp8LqjKyg=
Subject key identifier:   A8:B0:47:E9:68:06:32:B0:6C:7E:D6:A3:6D:49:E8:5C:25:2E:4B:E0
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       018D3CF565E9716487DF92A008BD0C1C2ACB
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/qLBH6WgGMrBsftajbUnoXCUuS-A.roa
Signing time:             Wed 24 Jan 2024 19:32:11 +0000
ROA not before:           Wed 24 Jan 2024 19:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        45.134.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:f5:65:e9:71:64:87:df:92:a0:08:bd:0c:1c:2a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Jan 24 19:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8b047e9680632b06c7ed6a36d49e85c252e4be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:56:25:ae:07:f8:3e:3e:b2:62:7b:4e:a0:fa:
                    21:5a:ba:f9:29:ee:46:e1:b1:e9:d3:25:e2:11:ac:
                    a7:ed:c9:0e:2f:93:ff:bc:f0:83:66:7d:f2:2a:a1:
                    bf:25:9b:6a:4d:f2:4d:7f:c3:be:26:84:59:aa:7d:
                    b9:85:64:65:3b:0c:64:99:e4:57:4d:67:32:b2:1f:
                    33:bb:36:c8:74:5c:ff:aa:b9:d7:ef:f2:16:a6:49:
                    f0:68:7d:84:ab:e3:4d:65:a7:60:51:d5:46:ce:9a:
                    8c:07:50:66:30:76:c2:31:1a:4c:64:59:e2:1e:03:
                    ea:e0:9e:8e:23:7b:fa:8f:ab:2d:14:20:c7:ca:3c:
                    c1:ee:22:23:a9:32:2f:75:f9:0c:d2:6f:19:39:f4:
                    3c:94:d3:3e:5f:93:05:d4:28:3e:22:b1:5c:9e:5a:
                    01:d2:73:b0:a6:2f:f2:ae:0c:88:c8:e6:f6:cb:1b:
                    15:72:48:6a:b2:a5:86:0b:a4:e9:ae:0b:e8:e3:e7:
                    c3:99:41:0a:f6:37:fd:21:90:c4:4b:b2:1b:d0:07:
                    68:e0:d6:5a:c9:36:44:9c:68:6a:13:23:2b:04:01:
                    cd:5a:8d:ab:48:10:82:1a:7d:94:e3:15:bc:8c:9c:
                    4a:ce:6f:b7:4f:55:93:9a:b9:23:77:4c:30:14:d8:
                    0b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B0:47:E9:68:06:32:B0:6C:7E:D6:A3:6D:49:E8:5C:25:2E:4B:E0
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/qLBH6WgGMrBsftajbUnoXCUuS-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:8d:6b:f3:78:70:c0:00:bb:d8:13:7f:65:f0:cb:1d:28:7e:
         ca:ba:08:d8:8c:07:65:f9:a9:26:69:cf:d5:81:07:b8:40:af:
         9b:f7:44:bf:d3:c7:46:1b:50:64:d8:90:5b:0b:43:d4:8b:f2:
         de:d3:f9:00:e3:ce:2c:6a:8d:20:6f:f8:b4:35:47:64:91:5d:
         3c:ef:70:76:b6:8a:db:ba:ea:d4:30:41:ae:40:51:a4:e9:f5:
         cf:06:14:b8:59:be:cd:ba:90:3c:e6:0b:d2:ef:b2:e6:43:f7:
         a2:ba:25:90:45:54:be:1a:28:c1:43:fd:6f:b4:f4:52:11:8a:
         1b:93:12:a9:4d:fb:5e:a8:7b:b5:3f:4b:09:65:3d:a5:f5:1d:
         36:81:cd:90:d3:8c:9b:e6:7c:c1:a6:f8:4f:9c:ae:0f:65:01:
         64:f9:19:ea:03:43:f5:e3:ba:f6:cc:2f:a7:f0:76:e8:6a:6c:
         12:16:03:28:ca:e0:4d:52:42:0d:ba:67:0a:fa:38:e9:4f:fb:
         be:d4:dc:38:04:58:c3:7a:e7:c9:4d:de:60:15:b5:08:27:6f:
         3c:99:87:58:80:4e:f4:aa:25:6b:00:e8:a1:fc:a5:a6:f2:f5:
         63:f1:2d:30:0c:fc:7f:82:52:49:5a:49:4d:69:00:bc:21:72:
         a7:ae:c9:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY089WXpcWSH35KgCL0MHCrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjQwMTI0MTkzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGIwNDdlOTY4MDYzMmIwNmM3ZWQ2YTM2ZDQ5ZTg1YzI1MmU0YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21Ylrgf4Pj6yYntOoPohWrr5Ke5G
4bHp0yXiEayn7ckOL5P/vPCDZn3yKqG/JZtqTfJNf8O+JoRZqn25hWRlOwxkmeRX
TWcysh8zuzbIdFz/qrnX7/IWpknwaH2Eq+NNZadgUdVGzpqMB1BmMHbCMRpMZFni
HgPq4J6OI3v6j6stFCDHyjzB7iIjqTIvdfkM0m8ZOfQ8lNM+X5MF1Cg+IrFcnloB
0nOwpi/yrgyIyOb2yxsVckhqsqWGC6Tprgvo4+fDmUEK9jf9IZDES7Ib0Ado4NZa
yTZEnGhqEyMrBAHNWo2rSBCCGn2U4xW8jJxKzm+3T1WTmrkjd0wwFNgLuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiwR+loBjKwbH7Wo21J6FwlLkvgMB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvcUxCSDZXZ0dNckJzZnRhamJVbm9YQ1V1Uy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYZcMA0G
CSqGSIb3DQEBCwUAA4IBAQBXjWvzeHDAALvYE39l8MsdKH7KugjYjAdl+akmac/V
gQe4QK+b90S/08dGG1Bk2JBbC0PUi/Le0/kA484sao0gb/i0NUdkkV0873B2torb
uurUMEGuQFGk6fXPBhS4Wb7NupA85gvS77LmQ/eiuiWQRVS+GijBQ/1vtPRSEYob
kxKpTfteqHu1P0sJZT2l9R02gc2Q04yb5nzBpvhPnK4PZQFk+RnqA0P147r2zC+n
8HboamwSFgMoyuBNUkINumcK+jjpT/u+1Nw4BFjDeufJTd5gFbUIJ288mYdYgE70
qiVrAOih/KWm8vVj8S0wDPx/glJJWklNaQC8IXKnrskY
-----END CERTIFICATE-----