Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/8bdfd3-d5a1-45b9-9296-6319bb079c44/1/qaBgEtkEILSyiSp2CfSL3PCeWxc.roa
File:                     qaBgEtkEILSyiSp2CfSL3PCeWxc.roa (raw, json)
Hash identifier:          L5JB71Hh5ikwYnHj0Xo/dUDSAkGNAQgs1COc9y6Ru68=
Subject key identifier:   A9:A0:60:12:D9:04:20:B4:B2:89:2A:76:09:F4:8B:DC:F0:9E:5B:17
Certificate issuer:       /CN=87f45e3a4069d4f5ebd5f6e6421d8d3cabe30921
Certificate serial:       018CC793FF3E2D6C6A80A7DE86A2E8248DFA
Authority key identifier: 87:F4:5E:3A:40:69:D4:F5:EB:D5:F6:E6:42:1D:8D:3C:AB:E3:09:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h_ReOkBp1PXr1fbmQh2NPKvjCSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/8bdfd3-d5a1-45b9-9296-6319bb079c44/1/qaBgEtkEILSyiSp2CfSL3PCeWxc.roa
Signing time:             Tue 02 Jan 2024 00:30:14 +0000
ROA not before:           Tue 02 Jan 2024 00:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        45.159.204.0/22 maxlen: 24
                          2a09:db40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/8bdfd3-d5a1-45b9-9296-6319bb079c44/1/h_ReOkBp1PXr1fbmQh2NPKvjCSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/8bdfd3-d5a1-45b9-9296-6319bb079c44/1/h_ReOkBp1PXr1fbmQh2NPKvjCSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h_ReOkBp1PXr1fbmQh2NPKvjCSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ff:3e:2d:6c:6a:80:a7:de:86:a2:e8:24:8d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87f45e3a4069d4f5ebd5f6e6421d8d3cabe30921
        Validity
            Not Before: Jan  2 00:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9a06012d90420b4b2892a7609f48bdcf09e5b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e5:0b:a2:f3:b1:9e:bc:83:22:82:9b:84:d7:
                    f7:6f:f1:6e:b7:dd:08:46:59:e3:85:f8:2c:5d:3f:
                    da:23:bd:a0:75:b0:59:a3:84:7e:ba:59:33:af:c6:
                    23:7e:c7:ef:ff:ba:32:09:f8:fd:78:70:8b:b2:8a:
                    fc:cd:52:a0:b2:55:9a:a3:9f:c3:8e:e9:d7:94:09:
                    14:d5:ed:2d:71:dd:cb:49:7f:34:e7:b1:2b:b7:4b:
                    59:d0:39:71:4d:b4:00:11:e6:1d:33:d7:41:22:cb:
                    bb:10:d0:be:a0:e4:de:14:91:e6:3f:cb:37:69:f7:
                    e9:c9:ec:04:9e:f0:7a:e1:ce:ed:16:13:3b:98:71:
                    b2:3e:b9:60:56:d5:f8:ca:6e:87:55:5c:03:20:5a:
                    28:01:a9:a6:5d:17:d1:a6:77:21:ee:5c:a4:7a:f3:
                    8a:dd:22:47:48:c1:0d:dc:e3:65:f9:a8:ba:62:99:
                    df:8b:cc:ac:a9:5f:32:16:9e:7a:12:71:5c:62:15:
                    76:53:00:b7:89:6f:16:fe:c4:ed:7a:dd:18:54:3e:
                    01:9a:ab:e7:f1:a2:4f:61:06:d6:8d:c0:7d:c5:80:
                    3c:f7:7a:58:eb:0b:c0:d8:a3:47:bd:39:dd:8b:f0:
                    e7:5f:18:c3:32:fa:5d:5b:f0:52:2c:b7:54:56:63:
                    1e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A0:60:12:D9:04:20:B4:B2:89:2A:76:09:F4:8B:DC:F0:9E:5B:17
            X509v3 Authority Key Identifier:
                keyid:87:F4:5E:3A:40:69:D4:F5:EB:D5:F6:E6:42:1D:8D:3C:AB:E3:09:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_ReOkBp1PXr1fbmQh2NPKvjCSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/8bdfd3-d5a1-45b9-9296-6319bb079c44/1/qaBgEtkEILSyiSp2CfSL3PCeWxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/8bdfd3-d5a1-45b9-9296-6319bb079c44/1/h_ReOkBp1PXr1fbmQh2NPKvjCSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.204.0/22
                IPv6:
                  2a09:db40::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:0a:73:0d:3e:67:e5:da:bc:c7:a1:07:6a:6c:04:6f:4f:4a:
         8f:ea:1b:15:fd:1e:94:94:fd:f8:59:34:11:5b:13:ac:d3:80:
         e6:88:d3:55:c1:e1:98:b1:04:2d:4f:1f:e7:a3:36:95:27:86:
         08:6f:f5:04:9d:51:d5:a2:48:7c:47:17:e3:34:c6:d7:64:df:
         3e:59:f1:ce:f5:41:bc:b3:58:66:f5:c4:7d:a6:18:16:03:b6:
         a9:b7:81:1c:2c:e2:8e:eb:ac:53:b9:fc:17:9b:80:e5:7c:d3:
         e0:47:7a:27:d5:d0:38:10:74:a9:b1:f2:b6:93:cb:76:36:b9:
         bf:5a:bf:23:f9:36:af:5f:0e:56:79:d4:c9:c7:72:07:94:fa:
         7b:0f:a3:ad:72:b1:94:e4:78:6a:58:27:f2:f3:7f:38:15:4a:
         bd:fc:ec:d9:c6:6f:ee:85:3c:5f:31:32:f3:92:0d:81:ec:03:
         ff:fa:b2:a2:19:00:d6:40:5a:29:51:66:89:ad:36:8c:05:41:
         0f:36:45:97:12:60:20:27:7c:83:45:1a:6c:5e:b3:91:71:10:
         7e:fc:b2:dc:13:5f:17:cc:b1:0f:eb:b8:3a:b8:50:20:55:b3:
         f4:d0:27:96:e1:40:bb:d8:7b:ed:9c:98:56:de:34:8e:24:65:
         0d:3c:7b:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk/8+LWxqgKfehqLoJI36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjQ1ZTNhNDA2OWQ0ZjVlYmQ1ZjZlNjQyMWQ4ZDNjYWJl
MzA5MjEwHhcNMjQwMTAyMDAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWEwNjAxMmQ5MDQyMGI0YjI4OTJhNzYwOWY0OGJkY2YwOWU1YjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+ULovOxnryDIoKbhNf3b/Fut90I
RlnjhfgsXT/aI72gdbBZo4R+ulkzr8Yjfsfv/7oyCfj9eHCLsor8zVKgslWao5/D
junXlAkU1e0tcd3LSX8057Ert0tZ0DlxTbQAEeYdM9dBIsu7ENC+oOTeFJHmP8s3
affpyewEnvB64c7tFhM7mHGyPrlgVtX4ym6HVVwDIFooAammXRfRpnch7lykevOK
3SJHSMEN3ONl+ai6Ypnfi8ysqV8yFp56EnFcYhV2UwC3iW8W/sTtet0YVD4Bmqvn
8aJPYQbWjcB9xYA893pY6wvA2KNHvTndi/DnXxjDMvpdW/BSLLdUVmMedwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKmgYBLZBCC0sokqdgn0i9zwnlsXMB8GA1UdIwQY
MBaAFIf0XjpAadT169X25kIdjTyr4wkhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9SZU9rQnAxUFhyMWZibVFoMk5QS3ZqQ1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84YmRmZDMtZDVhMS00NWI5LTkyOTYt
NjMxOWJiMDc5YzQ0LzEvcWFCZ0V0a0VJTFN5aVNwMkNmU0wzUENlV3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84YmRmZDMtZDVhMS00NWI5LTkyOTYtNjMxOWJiMDc5YzQ0
LzEvaF9SZU9rQnAxUFhyMWZibVFoMk5QS3ZqQ1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ/MMA0E
AgACMAcDBQMqCdtAMA0GCSqGSIb3DQEBCwUAA4IBAQASCnMNPmfl2rzHoQdqbARv
T0qP6hsV/R6UlP34WTQRWxOs04DmiNNVweGYsQQtTx/nozaVJ4YIb/UEnVHVokh8
RxfjNMbXZN8+WfHO9UG8s1hm9cR9phgWA7apt4EcLOKO66xTufwXm4DlfNPgR3on
1dA4EHSpsfK2k8t2Nrm/Wr8j+TavXw5WedTJx3IHlPp7D6OtcrGU5HhqWCfy8384
FUq9/OzZxm/uhTxfMTLzkg2B7AP/+rKiGQDWQFopUWaJrTaMBUEPNkWXEmAgJ3yD
RRpsXrORcRB+/LLcE18XzLEP67g6uFAgVbP00CeW4UC72HvtnJhW3jSOJGUNPHuM
-----END CERTIFICATE-----