Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/45QtETyzYhZ8E9qFqv_hGEopjRY.roa
File:                     45QtETyzYhZ8E9qFqv_hGEopjRY.roa (raw, json)
Hash identifier:          ya63KnyZpC+p3HHzuRH9OVNlREO39hx4dh+N/8xMePc=
Subject key identifier:   E3:94:2D:11:3C:B3:62:16:7C:13:DA:85:AA:FF:E1:18:4A:29:8D:16
Certificate issuer:       /CN=bc075a22749762ecaaff9cbc217b82f17269e362
Certificate serial:       018CC501446390BC5AD84B0CE491D08ED12D
Authority key identifier: BC:07:5A:22:74:97:62:EC:AA:FF:9C:BC:21:7B:82:F1:72:69:E3:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vAdaInSXYuyq_5y8IXuC8XJp42I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/45QtETyzYhZ8E9qFqv_hGEopjRY.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25151
IP address blocks:        213.173.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/vAdaInSXYuyq_5y8IXuC8XJp42I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/vAdaInSXYuyq_5y8IXuC8XJp42I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vAdaInSXYuyq_5y8IXuC8XJp42I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:44:63:90:bc:5a:d8:4b:0c:e4:91:d0:8e:d1:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc075a22749762ecaaff9cbc217b82f17269e362
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3942d113cb362167c13da85aaffe1184a298d16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ce:10:d4:45:c2:0d:09:51:5c:68:69:94:ff:
                    d1:97:13:e0:38:f5:c4:09:3e:ff:20:12:10:c3:fd:
                    21:ac:51:d3:c0:1c:c3:ba:a7:bf:cb:f3:5a:8d:76:
                    c5:3a:13:f6:6f:e7:49:dd:0b:8f:32:db:ad:d6:9b:
                    73:07:93:96:2a:cf:fa:9e:21:e4:77:56:d1:64:ba:
                    03:dd:ae:bf:14:6f:3d:cb:aa:af:93:bc:19:64:9e:
                    ea:f3:e0:42:48:28:b5:7d:7f:99:42:e9:8e:4a:ab:
                    84:31:7f:08:2f:e5:04:ec:3d:c4:6a:8c:f5:a0:36:
                    c1:44:9c:5b:a9:45:0b:fe:49:d6:dd:45:3b:66:71:
                    5d:53:5c:e0:f6:da:16:2b:87:e4:e2:3a:6f:48:dc:
                    5b:f1:89:1a:78:60:ce:02:16:43:d0:4f:1c:69:7e:
                    ef:fb:da:99:84:73:dc:42:66:db:f5:bc:ab:15:f3:
                    f5:4c:83:5d:28:a7:bf:97:4b:3a:07:67:2a:f9:c7:
                    e9:f6:0f:c7:43:ef:6b:38:e2:94:1b:ad:2e:1e:95:
                    14:ed:19:f1:9e:f9:7f:f7:cf:63:8a:21:f8:9f:8e:
                    e5:f9:0f:de:46:4b:40:55:92:c6:e8:44:2a:0c:5a:
                    56:70:ba:34:f3:f2:a9:b5:bd:30:e0:06:be:6f:44:
                    ca:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:94:2D:11:3C:B3:62:16:7C:13:DA:85:AA:FF:E1:18:4A:29:8D:16
            X509v3 Authority Key Identifier:
                keyid:BC:07:5A:22:74:97:62:EC:AA:FF:9C:BC:21:7B:82:F1:72:69:E3:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vAdaInSXYuyq_5y8IXuC8XJp42I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/45QtETyzYhZ8E9qFqv_hGEopjRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/vAdaInSXYuyq_5y8IXuC8XJp42I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.173.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:f1:94:8b:d5:47:d8:28:81:42:7d:74:14:2f:2a:f4:40:c0:
         b7:76:c5:08:e6:d4:6b:c2:4c:3e:78:01:b8:ec:0e:50:57:03:
         d8:19:26:80:fb:40:e5:49:bd:ea:d7:bb:ab:ae:17:48:60:33:
         30:88:5d:b4:40:1e:df:54:de:d5:b5:73:91:a6:b0:0e:27:4d:
         8f:92:c9:c6:ce:f2:96:31:0f:31:65:33:59:0c:fe:4a:36:0b:
         ff:5c:48:98:ef:e0:0e:fc:91:13:91:67:f2:0b:34:41:30:8d:
         6f:0e:89:e7:d8:b6:55:7e:b1:47:ac:5e:54:ee:7a:fc:be:93:
         29:b5:90:66:a0:cb:5a:7a:ea:50:b0:4b:3b:9a:ea:fa:43:ad:
         47:36:e2:04:68:50:75:58:12:b9:91:60:59:e5:13:f1:2b:32:
         3f:a9:ea:9e:35:00:c4:a8:ff:f1:6e:27:92:35:0a:23:e6:49:
         c1:04:82:0d:5e:fd:51:3a:4f:6b:73:07:f0:2d:7b:bc:b2:a5:
         19:99:06:09:54:05:c0:54:76:48:d3:63:fb:06:e2:83:47:e9:
         64:27:9c:ae:d7:a7:e7:06:01:74:85:54:18:e1:24:c1:d8:da:
         08:70:b9:4d:2e:dc:be:e8:fb:45:5b:76:c1:6c:52:9a:e2:c0:
         c3:af:f3:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAURjkLxa2EsM5JHQjtEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMDc1YTIyNzQ5NzYyZWNhYWZmOWNiYzIxN2I4MmYxNzI2
OWUzNjIwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzk0MmQxMTNjYjM2MjE2N2MxM2RhODVhYWZmZTExODRhMjk4ZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc4Q1EXCDQlRXGhplP/RlxPgOPXE
CT7/IBIQw/0hrFHTwBzDuqe/y/NajXbFOhP2b+dJ3QuPMtut1ptzB5OWKs/6niHk
d1bRZLoD3a6/FG89y6qvk7wZZJ7q8+BCSCi1fX+ZQumOSquEMX8IL+UE7D3Eaoz1
oDbBRJxbqUUL/knW3UU7ZnFdU1zg9toWK4fk4jpvSNxb8YkaeGDOAhZD0E8caX7v
+9qZhHPcQmbb9byrFfP1TINdKKe/l0s6B2cq+cfp9g/HQ+9rOOKUG60uHpUU7Rnx
nvl/989jiiH4n47l+Q/eRktAVZLG6EQqDFpWcLo08/Kptb0w4Aa+b0TKYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOULRE8s2IWfBPahar/4RhKKY0WMB8GA1UdIwQY
MBaAFLwHWiJ0l2Lsqv+cvCF7gvFyaeNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkFkYUluU1hZdXlxXzV5OElYdUM4WEpwNDJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi80OTJjOGQtNjFhOS00ODA0LTliMDUt
YzM5YzJjZGM4MzYyLzEvNDVRdEVUeXpZaFo4RTlxRnF2X2hHRW9walJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi80OTJjOGQtNjFhOS00ODA0LTliMDUtYzM5YzJjZGM4MzYy
LzEvdkFkYUluU1hZdXlxXzV5OElYdUM4WEpwNDJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a0nMA0G
CSqGSIb3DQEBCwUAA4IBAQAb8ZSL1UfYKIFCfXQULyr0QMC3dsUI5tRrwkw+eAG4
7A5QVwPYGSaA+0DlSb3q17urrhdIYDMwiF20QB7fVN7VtXORprAOJ02PksnGzvKW
MQ8xZTNZDP5KNgv/XEiY7+AO/JETkWfyCzRBMI1vDonn2LZVfrFHrF5U7nr8vpMp
tZBmoMtaeupQsEs7mur6Q61HNuIEaFB1WBK5kWBZ5RPxKzI/qeqeNQDEqP/xbieS
NQoj5knBBIINXv1ROk9rcwfwLXu8sqUZmQYJVAXAVHZI02P7BuKDR+lkJ5yu16fn
BgF0hVQY4STB2NoIcLlNLty+6PtFW3bBbFKa4sDDr/Ng
-----END CERTIFICATE-----