Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/KQujLH4oLzYnB8VQuixon1yfSSo.roa
File:                     KQujLH4oLzYnB8VQuixon1yfSSo.roa (raw, json)
Hash identifier:          H0j+I5VY79hF5TbT10RNwhD6GJEhpjzPuk4hT09uLRs=
Subject key identifier:   29:0B:A3:2C:7E:28:2F:36:27:07:C5:50:BA:2C:68:9F:5C:9F:49:2A
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348AC819A4AD66212174D56D4C93DD4
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/KQujLH4oLzYnB8VQuixon1yfSSo.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56309
IP address blocks:        45.150.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ac:81:9a:4a:d6:62:12:17:4d:56:d4:c9:3d:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=290ba32c7e282f362707c550ba2c689f5c9f492a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:26:71:fc:9c:89:5b:dc:44:39:06:e8:31:cf:
                    22:be:1f:d0:ec:aa:d3:4c:7f:ab:8b:5c:a4:7b:10:
                    7e:a2:5b:b9:70:c5:d4:6f:1d:b8:30:15:be:85:fe:
                    60:08:19:15:e5:12:c8:97:55:fa:17:6f:1f:9e:4b:
                    c7:5f:a7:6d:a7:e2:95:b9:87:94:29:50:c2:bf:e1:
                    60:76:3e:1a:2f:da:bb:8e:9c:59:1f:02:e6:83:a4:
                    b7:45:b0:9e:fe:18:61:61:6c:79:78:60:03:c3:bb:
                    d6:31:36:25:de:d0:84:8f:82:1b:46:2c:a0:36:2a:
                    54:5b:a6:db:58:82:93:5b:18:c2:35:2a:43:14:ef:
                    be:02:eb:7b:3f:83:a0:f6:11:e8:cd:1d:fa:1f:e7:
                    06:a9:61:b3:00:57:6d:5c:fb:1c:73:a2:0c:13:3c:
                    76:a1:88:f1:8b:43:0a:89:c6:bb:62:d5:89:95:70:
                    8e:36:47:f0:48:58:20:cb:5c:ee:38:8c:9c:c7:0f:
                    1c:0b:c7:b6:21:d2:eb:6e:a2:a0:ba:b9:a4:90:f0:
                    10:6e:69:08:86:1b:49:3b:a8:d8:0e:05:1e:39:3d:
                    c6:91:d7:9f:84:51:43:f0:d6:8b:de:13:d8:43:3a:
                    78:30:fa:85:ca:35:63:cd:bd:40:86:1a:a5:ce:27:
                    46:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:0B:A3:2C:7E:28:2F:36:27:07:C5:50:BA:2C:68:9F:5C:9F:49:2A
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/KQujLH4oLzYnB8VQuixon1yfSSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:02:46:83:43:7b:af:ac:b9:b4:d1:d6:6f:c8:8b:eb:e5:e0:
         63:e2:5f:62:f3:2e:2b:d9:4a:90:4a:84:58:df:65:d7:8f:e9:
         11:59:71:90:72:51:68:34:a7:91:53:13:90:d8:92:15:a1:43:
         d8:68:85:aa:ac:ad:17:b4:03:74:b6:33:8f:53:d5:37:6f:6d:
         50:be:16:6f:92:58:90:3d:39:0c:56:a1:07:64:c4:0a:cd:95:
         a5:fb:c3:e2:60:2d:a1:bb:a2:22:a8:82:9d:e5:76:1e:42:b6:
         a0:09:d7:43:ef:de:5f:c1:1c:a6:64:73:96:66:6b:4f:5e:91:
         e8:96:4b:95:4b:d2:a5:eb:20:da:0a:a4:cd:19:d1:53:59:8b:
         28:04:a5:c1:06:d6:8f:46:85:37:c1:53:5a:5b:d9:6b:e8:49:
         00:5b:cf:9b:eb:43:bb:9b:c4:f8:ad:39:f7:f6:d8:fc:a0:87:
         ef:65:61:58:aa:d4:a8:f1:ad:66:14:4c:fe:99:17:8c:7c:e9:
         e0:7a:98:4e:05:70:84:9a:b7:f9:3d:ce:25:70:54:1b:0c:57:
         41:45:e3:10:08:5f:d2:f0:b4:5e:69:f6:f1:4a:95:7f:57:8a:
         b0:c4:63:a2:75:01:c8:b9:52:60:55:9a:c1:58:92:04:8f:cd:
         10:f6:9c:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKyBmkrWYhIXTVbUyT3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBiYTMyYzdlMjgyZjM2MjcwN2M1NTBiYTJjNjg5ZjVjOWY0OTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCZx/JyJW9xEOQboMc8ivh/Q7KrT
TH+ri1ykexB+olu5cMXUbx24MBW+hf5gCBkV5RLIl1X6F28fnkvHX6dtp+KVuYeU
KVDCv+Fgdj4aL9q7jpxZHwLmg6S3RbCe/hhhYWx5eGADw7vWMTYl3tCEj4IbRiyg
NipUW6bbWIKTWxjCNSpDFO++Aut7P4Og9hHozR36H+cGqWGzAFdtXPscc6IMEzx2
oYjxi0MKica7YtWJlXCONkfwSFggy1zuOIycxw8cC8e2IdLrbqKgurmkkPAQbmkI
hhtJO6jYDgUeOT3GkdefhFFD8NaL3hPYQzp4MPqFyjVjzb1AhhqlzidGowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkLoyx+KC82JwfFULosaJ9cn0kqMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvS1F1akxING9MelluQjhWUXVpeG9uMXlmU1NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBSAkaDQ3uvrLm00dZvyIvr5eBj4l9i8y4r2UqQSoRY
32XXj+kRWXGQclFoNKeRUxOQ2JIVoUPYaIWqrK0XtAN0tjOPU9U3b21QvhZvkliQ
PTkMVqEHZMQKzZWl+8PiYC2hu6IiqIKd5XYeQragCddD795fwRymZHOWZmtPXpHo
lkuVS9Kl6yDaCqTNGdFTWYsoBKXBBtaPRoU3wVNaW9lr6EkAW8+b60O7m8T4rTn3
9tj8oIfvZWFYqtSo8a1mFEz+mReMfOngephOBXCEmrf5Pc4lcFQbDFdBReMQCF/S
8LReafbxSpV/V4qwxGOidQHIuVJgVZrBWJIEj80Q9pzb
-----END CERTIFICATE-----