Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/QLsHhFYk8kF3n-X7pKOUrEJI7Os.roa
File:                     QLsHhFYk8kF3n-X7pKOUrEJI7Os.roa (raw, json)
Hash identifier:          eV0fCZINZgCrEYEOCj5DQYouDEORxezTRAnR+ZLyBd8=
Subject key identifier:   40:BB:07:84:56:24:F2:41:77:9F:E5:FB:A4:A3:94:AC:42:48:EC:EB
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018EC7CB1B68D9CDB3C38337E6B94E764270
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/QLsHhFYk8kF3n-X7pKOUrEJI7Os.roa
Signing time:             Wed 10 Apr 2024 11:36:00 +0000
ROA not before:           Wed 10 Apr 2024 11:36:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209396
IP address blocks:        45.151.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:cb:1b:68:d9:cd:b3:c3:83:37:e6:b9:4e:76:42:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr 10 11:36:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40bb07845624f241779fe5fba4a394ac4248eceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:18:ff:7d:a6:9a:9e:8d:3e:08:4f:cd:e1:aa:
                    c2:ec:63:42:1a:57:93:fe:0b:ae:5c:6f:b4:ee:44:
                    61:70:3c:77:7a:78:0b:b0:9b:3b:e8:30:80:84:26:
                    a1:42:1f:c9:dc:87:5c:8a:60:d5:a1:a4:3b:d0:08:
                    42:9c:92:fc:64:02:e5:94:0e:ce:9e:7a:40:99:43:
                    f4:89:cc:22:db:88:1a:c2:7e:fb:51:59:10:eb:80:
                    5b:a2:3d:fe:e8:80:ae:fe:05:ac:cb:62:b5:87:6b:
                    f8:76:36:a4:72:92:1f:f1:14:38:60:bd:d6:99:88:
                    d5:c9:8f:d4:bc:96:6d:4a:59:a7:0d:64:ff:49:65:
                    f5:8c:68:24:6b:58:9e:79:85:21:e2:2f:0b:4e:5f:
                    e3:7e:85:17:8b:81:06:15:88:d5:fd:fd:48:1f:3c:
                    f5:4e:76:91:2f:12:40:80:12:84:19:51:fc:39:cf:
                    fc:08:0f:ad:40:0b:9b:cf:bf:be:1c:56:c4:4e:fb:
                    90:e8:42:34:99:62:46:5a:77:39:fe:c7:82:79:d4:
                    32:ab:03:f6:62:eb:17:cf:15:0a:bd:b2:ee:8f:6f:
                    c1:1f:1d:a7:e9:2d:54:33:33:16:ab:66:c8:ba:e9:
                    5f:61:d0:d9:f4:a8:56:46:cc:a6:2b:aa:36:8a:dc:
                    0a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:BB:07:84:56:24:F2:41:77:9F:E5:FB:A4:A3:94:AC:42:48:EC:EB
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/QLsHhFYk8kF3n-X7pKOUrEJI7Os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:02:99:52:6f:51:93:7a:cb:d5:f0:87:9f:b0:e1:1f:ee:6e:
         50:e6:93:9a:89:ce:e1:13:f7:6e:50:97:be:c6:a2:09:97:6c:
         8e:5c:1b:74:18:be:24:f6:ad:d2:61:93:8d:9a:7b:6b:8e:6f:
         18:66:ec:a2:37:4d:a6:58:87:cf:7d:bd:dd:f2:0e:ca:8b:d4:
         17:79:b6:42:06:00:1b:79:77:a9:71:2e:b5:54:94:8d:d5:27:
         0f:58:b9:17:d6:8a:ba:07:e0:c5:14:d0:76:f7:fa:48:f4:c6:
         0a:9a:4d:91:45:14:59:fd:99:f3:b3:58:c5:26:3d:70:0c:fe:
         10:a8:25:91:0b:2e:dc:13:61:c1:35:1b:25:fc:7b:3a:c2:1e:
         e3:b3:be:2d:31:bf:ba:9c:5c:75:57:ed:78:08:c5:79:a3:f7:
         f8:8c:aa:76:12:58:2f:81:24:d3:8b:35:c3:ab:3d:1a:cd:a6:
         81:17:11:a4:d1:9a:7e:ed:41:b3:d1:4f:c8:89:9e:8d:10:b4:
         42:b5:79:da:d1:03:43:d8:ec:6b:e2:17:97:4d:43:7e:b4:d6:
         d7:d4:39:e8:c4:f4:ff:d9:97:2b:ff:97:35:85:12:1a:ac:42:
         7c:d2:3e:13:fc:8f:df:42:08:45:45:02:e4:35:28:e4:4b:11:
         5f:f1:b9:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Hyxto2c2zw4M35rlOdkJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNDEwMTEzNjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGJiMDc4NDU2MjRmMjQxNzc5ZmU1ZmJhNGEzOTRhYzQyNDhlY2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBj/faaano0+CE/N4arC7GNCGleT
/guuXG+07kRhcDx3engLsJs76DCAhCahQh/J3IdcimDVoaQ70AhCnJL8ZALllA7O
nnpAmUP0icwi24gawn77UVkQ64Bboj3+6ICu/gWsy2K1h2v4djakcpIf8RQ4YL3W
mYjVyY/UvJZtSlmnDWT/SWX1jGgka1ieeYUh4i8LTl/jfoUXi4EGFYjV/f1IHzz1
TnaRLxJAgBKEGVH8Oc/8CA+tQAubz7++HFbETvuQ6EI0mWJGWnc5/seCedQyqwP2
YusXzxUKvbLuj2/BHx2n6S1UMzMWq2bIuulfYdDZ9KhWRsymK6o2itwKsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEC7B4RWJPJBd5/l+6SjlKxCSOzrMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUUxzSGhGWWs4a0Yzbi1YN3BLT1VyRUpJN09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZfEMA0G
CSqGSIb3DQEBCwUAA4IBAQAtAplSb1GTesvV8IefsOEf7m5Q5pOaic7hE/duUJe+
xqIJl2yOXBt0GL4k9q3SYZONmntrjm8YZuyiN02mWIfPfb3d8g7Ki9QXebZCBgAb
eXepcS61VJSN1ScPWLkX1oq6B+DFFNB29/pI9MYKmk2RRRRZ/Znzs1jFJj1wDP4Q
qCWRCy7cE2HBNRsl/Hs6wh7js74tMb+6nFx1V+14CMV5o/f4jKp2ElgvgSTTizXD
qz0azaaBFxGk0Zp+7UGz0U/IiZ6NELRCtXna0QND2Oxr4heXTUN+tNbX1DnoxPT/
2Zcr/5c1hRIarEJ80j4T/I/fQghFRQLkNSjkSxFf8blK
-----END CERTIFICATE-----