Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/tqvvqYgWx4bDx8Fm9GoH_Nhyi5U.roa
File:                     tqvvqYgWx4bDx8Fm9GoH_Nhyi5U.roa (raw, json)
Hash identifier:          2R25vVqyfiXtfYnvsvgD4IuNT6ZCXGgcnlXq/QIUHYE=
Subject key identifier:   B6:AB:EF:A9:88:16:C7:86:C3:C7:C1:66:F4:6A:07:FC:D8:72:8B:95
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       01935BCC360AF067CBD40E8BDB9A7E528CE7
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/tqvvqYgWx4bDx8Fm9GoH_Nhyi5U.roa
Signing time:             Sun 24 Nov 2024 01:32:09 +0000
ROA not before:           Sun 24 Nov 2024 01:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.150.173.0/24 maxlen: 24
                          45.150.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 02:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5b:cc:36:0a:f0:67:cb:d4:0e:8b:db:9a:7e:52:8c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Nov 24 01:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6abefa98816c786c3c7c166f46a07fcd8728b95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5c:76:2e:7f:e9:be:d5:8a:a3:09:45:f8:4b:
                    32:d1:31:95:b7:10:df:3f:e3:75:24:bb:7a:38:e8:
                    1e:17:d9:e7:15:92:65:ce:d8:bf:ec:e4:f9:1a:4e:
                    36:df:24:8d:b0:04:da:9a:de:91:16:3e:92:81:82:
                    5c:4f:19:cf:d4:1e:59:bd:07:ef:54:f2:b7:7b:78:
                    1a:d9:9f:f9:f1:d0:ef:c3:e5:7b:49:e3:51:ec:71:
                    36:8c:4f:af:44:1d:a1:7e:6e:0a:85:f7:3c:fb:2b:
                    b5:73:5e:74:0c:a5:c1:96:26:27:18:5f:38:b4:22:
                    b2:a0:a3:14:ff:0a:16:56:1e:4a:8c:28:fd:9c:87:
                    98:36:fe:04:1b:0c:49:65:e3:42:6c:00:72:fd:1b:
                    5a:96:1a:bb:f0:aa:51:a1:a3:02:5f:be:19:19:3d:
                    77:ef:72:4f:91:14:a8:91:eb:99:48:54:e7:5d:a7:
                    62:60:88:af:59:6b:ca:ee:07:ee:2c:7f:1c:f2:27:
                    5b:d5:89:e9:e2:18:e3:dc:b5:58:fb:b5:c8:f8:bd:
                    46:f8:73:33:69:d2:0e:da:d7:e3:d7:7c:b4:9d:01:
                    14:12:a3:49:27:d0:f4:73:b9:cc:4f:d9:bd:3b:f2:
                    c6:54:6f:9a:98:31:87:f0:ce:52:cd:92:9d:3d:5d:
                    6a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:AB:EF:A9:88:16:C7:86:C3:C7:C1:66:F4:6A:07:FC:D8:72:8B:95
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/tqvvqYgWx4bDx8Fm9GoH_Nhyi5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.173.0/24
                  45.150.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:89:4d:9b:7b:d7:57:b4:ad:ea:0c:17:61:a5:1a:5d:d0:b0:
         df:39:26:66:9d:b7:d8:3e:50:65:72:6e:56:eb:1a:03:b5:97:
         56:dc:c1:ef:c7:52:4d:42:4f:9c:51:82:c0:b7:d0:ab:e8:e5:
         32:ae:48:ff:56:b2:ea:45:a8:12:5c:df:df:e0:52:45:a0:e6:
         ef:04:c6:c4:6a:3f:5a:1e:06:dc:fc:4d:e2:80:e5:8d:f5:37:
         a1:bd:52:86:5e:40:c6:2e:2a:2f:e3:ae:57:58:9e:ea:83:25:
         16:89:9b:d7:cb:28:d5:35:e3:d5:fe:77:a0:f0:56:ec:50:25:
         b9:81:15:b5:30:bb:60:e0:16:fa:42:02:45:37:91:1f:a3:fa:
         ec:34:e2:c4:cf:c6:e7:1c:58:f6:03:9a:86:a2:fe:32:f6:7d:
         a2:f1:40:d6:ee:89:35:dd:f5:29:08:f7:ed:b4:fa:0a:cb:c8:
         3f:4a:6b:33:c7:a4:dd:2b:30:01:75:62:ab:3c:d5:27:86:9d:
         e5:cf:54:bc:21:47:6d:c5:a2:49:13:33:08:53:57:bb:86:89:
         a1:60:dc:52:03:d1:89:2a:03:5b:91:72:4c:1d:25:53:87:e0:
         fa:11:43:36:ef:0d:af:d8:fc:b3:8d:a8:e8:7a:cb:16:10:94:
         ae:57:0a:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNbzDYK8GfL1A6L25p+UoznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQxMTI0MDEzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmFiZWZhOTg4MTZjNzg2YzNjN2MxNjZmNDZhMDdmY2Q4NzI4Yjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFx2Ln/pvtWKowlF+Esy0TGVtxDf
P+N1JLt6OOgeF9nnFZJlzti/7OT5Gk423ySNsATamt6RFj6SgYJcTxnP1B5ZvQfv
VPK3e3ga2Z/58dDvw+V7SeNR7HE2jE+vRB2hfm4Khfc8+yu1c150DKXBliYnGF84
tCKyoKMU/woWVh5KjCj9nIeYNv4EGwxJZeNCbABy/Rtalhq78KpRoaMCX74ZGT13
73JPkRSokeuZSFTnXadiYIivWWvK7gfuLH8c8idb1Ynp4hjj3LVY+7XI+L1G+HMz
adIO2tfj13y0nQEUEqNJJ9D0c7nMT9m9O/LGVG+amDGH8M5SzZKdPV1qIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLar76mIFseGw8fBZvRqB/zYcouVMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvdHF2dnFZZ1d4NGJEeDhGbTlHb0hfTmh5aTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZatAwQA
LZavMA0GCSqGSIb3DQEBCwUAA4IBAQANiU2be9dXtK3qDBdhpRpd0LDfOSZmnbfY
PlBlcm5W6xoDtZdW3MHvx1JNQk+cUYLAt9Cr6OUyrkj/VrLqRagSXN/f4FJFoObv
BMbEaj9aHgbc/E3igOWN9TehvVKGXkDGLiov465XWJ7qgyUWiZvXyyjVNePV/neg
8FbsUCW5gRW1MLtg4Bb6QgJFN5Efo/rsNOLEz8bnHFj2A5qGov4y9n2i8UDW7ok1
3fUpCPfttPoKy8g/Smszx6TdKzABdWKrPNUnhp3lz1S8IUdtxaJJEzMIU1e7homh
YNxSA9GJKgNbkXJMHSVTh+D6EUM27w2v2PyzjajoessWEJSuVwoh
-----END CERTIFICATE-----