Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/hSQgqP5rGtzQigVjIuaFmFfx3J8.roa
File:                     hSQgqP5rGtzQigVjIuaFmFfx3J8.roa (raw, json)
Hash identifier:          lgg1jI2dfFkX0L5msYck/GX49bMnKioN/k8kvi4QuYc=
Subject key identifier:   85:24:20:A8:FE:6B:1A:DC:D0:8A:05:63:22:E6:85:98:57:F1:DC:9F
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       0193124B3F9681A7422305D30D816C3B1EC6
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/hSQgqP5rGtzQigVjIuaFmFfx3J8.roa
Signing time:             Sat 09 Nov 2024 18:59:01 +0000
ROA not before:           Sat 09 Nov 2024 18:59:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.152.68.0/24 maxlen: 24
                          2a0f:4900::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:12:4b:3f:96:81:a7:42:23:05:d3:0d:81:6c:3b:1e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Nov  9 18:59:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=852420a8fe6b1adcd08a056322e6859857f1dc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d1:90:8e:3e:74:6f:1a:b1:64:ad:89:5e:7b:
                    18:bc:95:a7:dd:f7:0c:15:a2:4a:3f:73:1c:5b:99:
                    3a:76:9a:dd:45:19:46:47:50:96:b5:b5:a1:93:ad:
                    f7:14:5b:75:2e:8a:ed:50:24:0b:3e:85:3a:cc:bf:
                    d0:ff:ab:c8:5a:8e:d8:0c:6b:fc:9f:e7:3d:14:cb:
                    fb:b0:3f:15:2e:37:55:c3:fb:5f:64:44:89:18:17:
                    1f:f0:10:80:5d:6c:01:ac:47:f2:4e:1a:bd:73:34:
                    9e:2f:26:77:5b:50:60:1b:38:51:a5:45:b0:28:60:
                    db:4e:d2:0b:7b:5e:5d:70:61:ba:a4:fc:14:b8:f6:
                    a3:62:7a:84:10:12:ef:a6:7e:09:f9:64:98:4a:e4:
                    12:33:a1:5b:c3:95:85:b3:7a:9d:b6:29:ea:0c:ca:
                    02:c9:6d:26:da:96:c5:7a:19:e6:f7:76:57:7d:48:
                    9d:ba:23:9c:61:5c:a3:33:5f:37:79:2f:77:c8:13:
                    c6:4f:e1:5b:95:6c:e6:41:98:e3:a0:18:cc:16:2a:
                    f1:e7:53:d7:c8:08:30:c9:69:f4:73:34:f1:bc:b2:
                    08:3a:7e:c3:aa:3e:f9:fb:b4:c1:ac:0f:de:f7:15:
                    ec:9c:88:a4:20:ee:e2:15:c5:77:bc:5d:df:fb:2d:
                    bf:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:24:20:A8:FE:6B:1A:DC:D0:8A:05:63:22:E6:85:98:57:F1:DC:9F
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/hSQgqP5rGtzQigVjIuaFmFfx3J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.68.0/24
                IPv6:
                  2a0f:4900::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:0c:a0:f2:79:cb:5b:bb:60:c2:86:00:cc:ee:50:05:8e:e7:
         64:41:60:2b:31:e2:42:dd:27:a8:b0:96:ca:ce:d8:bd:bc:f5:
         4f:40:8a:49:15:00:d0:75:2f:5b:45:61:c1:21:ba:87:f7:d7:
         7b:cc:82:87:97:3c:0d:05:f6:cd:e2:ae:ed:d1:7b:a4:90:cd:
         fd:35:c7:33:0f:f6:bc:76:c4:b5:71:bc:c5:93:96:d8:4a:d7:
         40:34:21:97:d1:32:b5:6a:65:77:ce:e5:e8:15:b5:e1:7b:d6:
         a3:29:7d:d2:f9:05:b4:7e:eb:0c:eb:ea:7d:21:7e:e0:ba:8d:
         0a:d9:e5:97:97:86:f8:6c:30:09:e1:29:5c:20:b9:32:33:48:
         2b:f3:7c:1d:6a:22:53:03:0f:65:78:1e:de:88:a9:9b:36:38:
         13:9a:ca:d9:21:b6:5b:00:11:17:37:e6:2e:e8:ff:b0:61:98:
         18:f6:a0:83:41:22:30:79:aa:3c:d5:0b:a0:c5:91:fc:ce:95:
         42:b3:58:f3:9e:2b:7a:84:2a:45:d9:0f:97:53:f4:0f:02:f5:
         d1:a4:fe:2e:67:32:26:a0:eb:cf:f9:d3:66:53:8d:6d:28:59:
         1a:bd:3d:a0:29:c3:83:61:ed:dc:c7:32:48:c2:9d:57:53:6d:
         d6:f8:f0:4f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZMSSz+WgadCIwXTDYFsOx7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjQxMTA5MTg1OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI0MjBhOGZlNmIxYWRjZDA4YTA1NjMyMmU2ODU5ODU3ZjFkYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29GQjj50bxqxZK2JXnsYvJWn3fcM
FaJKP3McW5k6dprdRRlGR1CWtbWhk633FFt1LortUCQLPoU6zL/Q/6vIWo7YDGv8
n+c9FMv7sD8VLjdVw/tfZESJGBcf8BCAXWwBrEfyThq9czSeLyZ3W1BgGzhRpUWw
KGDbTtILe15dcGG6pPwUuPajYnqEEBLvpn4J+WSYSuQSM6Fbw5WFs3qdtinqDMoC
yW0m2pbFehnm93ZXfUiduiOcYVyjM183eS93yBPGT+FblWzmQZjjoBjMFirx51PX
yAgwyWn0czTxvLIIOn7Dqj75+7TBrA/e9xXsnIikIO7iFcV3vF3f+y2/BQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIUkIKj+axrc0IoFYyLmhZhX8dyfMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvaFNRZ3FQNXJHdHpRaWdWakl1YUZtRmZ4M0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZhEMA8E
AgACMAkDBwAqD0kAAAAwDQYJKoZIhvcNAQELBQADggEBAF4MoPJ5y1u7YMKGAMzu
UAWO52RBYCsx4kLdJ6iwlsrO2L289U9AikkVANB1L1tFYcEhuof313vMgoeXPA0F
9s3iru3Re6SQzf01xzMP9rx2xLVxvMWTlthK10A0IZfRMrVqZXfO5egVteF71qMp
fdL5BbR+6wzr6n0hfuC6jQrZ5ZeXhvhsMAnhKVwguTIzSCvzfB1qIlMDD2V4Ht6I
qZs2OBOaytkhtlsAERc35i7o/7BhmBj2oINBIjB5qjzVC6DFkfzOlUKzWPOeK3qE
KkXZD5dT9A8C9dGk/i5nMiag68/502ZTjW0oWRq9PaApw4Nh7dzHMkjCnVdTbdb4
8E8=
-----END CERTIFICATE-----