Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/q9T06HR6r97SU-awwQlQkmbgz5o.roa
File:                     q9T06HR6r97SU-awwQlQkmbgz5o.roa (raw, json)
Hash identifier:          ETbjB9b9hcvuMEeWyF6+hF4G9dhj7syzfHpk/6yrsfU=
Subject key identifier:   AB:D4:F4:E8:74:7A:AF:DE:D2:53:E6:B0:C1:09:50:92:66:E0:CF:9A
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454DD58BFD3312AE1BB629244C645C
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/q9T06HR6r97SU-awwQlQkmbgz5o.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45671
IP address blocks:        45.155.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4d:d5:8b:fd:33:12:ae:1b:b6:29:24:4c:64:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd4f4e8747aafded253e6b0c109509266e0cf9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:5c:ed:ba:22:2a:9d:4c:e2:21:92:03:e7:0e:
                    3c:79:f0:4d:0c:b8:db:20:57:24:26:97:41:5b:23:
                    b5:cc:61:89:d9:a0:38:a5:a8:54:d1:fa:bc:c9:ab:
                    d7:58:f1:6e:e3:5e:91:fc:38:df:c5:63:92:1d:eb:
                    e1:0a:84:17:61:0b:85:0a:a4:9a:aa:b0:a0:cf:34:
                    a0:e1:82:8d:19:4e:80:93:54:45:32:a0:99:11:ac:
                    ea:3f:11:e8:56:d7:0f:05:97:88:61:ba:75:84:a5:
                    59:b5:fc:27:d6:83:9a:7d:31:42:ea:38:6b:47:6c:
                    15:4b:c7:64:a6:36:39:17:f6:8b:94:8f:08:c1:1c:
                    92:1d:03:8b:ba:10:06:0f:40:3c:b1:01:64:b3:1c:
                    fc:bc:4c:05:17:f2:be:a8:81:90:ec:d3:b3:06:c0:
                    df:ae:85:84:fd:b3:26:d1:b9:c8:8b:ab:4c:50:15:
                    36:10:08:a7:56:de:37:2a:15:08:d4:a0:be:73:b7:
                    b3:e4:f2:66:01:36:a5:30:3f:73:1e:9e:fd:d5:82:
                    22:27:19:61:b1:f9:17:a1:d1:88:da:a2:8d:04:cb:
                    22:37:08:de:85:86:c0:30:92:dc:ee:e3:5c:af:31:
                    8a:0d:a6:3f:bb:96:11:3e:1b:09:00:95:5a:7f:d8:
                    da:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D4:F4:E8:74:7A:AF:DE:D2:53:E6:B0:C1:09:50:92:66:E0:CF:9A
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/q9T06HR6r97SU-awwQlQkmbgz5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:4d:09:fa:52:55:1c:43:db:7e:dc:01:fb:3a:be:1f:ec:dc:
         3b:d6:f7:e7:b4:66:6e:68:0b:63:ca:da:23:2c:68:9f:66:10:
         4f:94:f5:81:5d:ef:16:69:af:42:84:94:66:39:e0:55:85:f4:
         10:48:25:85:b6:f7:c0:a2:81:3e:de:f1:b2:6b:92:ec:b3:a8:
         5a:e9:65:a0:87:b3:27:c7:80:03:b5:ce:55:aa:2a:f4:a1:43:
         93:f2:35:5b:88:2e:cd:5a:8c:da:b7:b0:70:1c:51:ff:19:cd:
         ac:d3:bf:e8:e6:49:98:14:99:a5:9e:79:0e:75:42:be:bf:c4:
         07:28:d1:0f:e8:5c:c3:87:38:17:9f:ae:dd:80:ce:9e:06:db:
         fa:f3:e8:70:67:aa:53:d2:bc:f3:04:6a:5d:06:b2:e1:19:73:
         54:c9:cf:09:67:f9:59:b8:3c:59:02:d1:5d:75:78:d5:1b:c9:
         db:a7:cb:cb:ae:62:9b:6a:0e:93:3e:98:33:d4:35:62:d3:48:
         6d:a5:ba:0f:88:4a:c8:e7:09:ed:6d:38:c2:07:ff:af:a9:e1:
         17:db:70:dd:6f:0c:76:76:05:a8:27:e0:7e:f1:f9:22:9d:e4:
         a9:28:19:b5:04:4c:70:a9:3e:48:56:2d:4c:c0:fc:6f:f5:74:
         14:a7:f0:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRU3Vi/0zEq4btikkTGRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQ0ZjRlODc0N2FhZmRlZDI1M2U2YjBjMTA5NTA5MjY2ZTBjZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lztuiIqnUziIZID5w48efBNDLjb
IFckJpdBWyO1zGGJ2aA4pahU0fq8yavXWPFu416R/DjfxWOSHevhCoQXYQuFCqSa
qrCgzzSg4YKNGU6Ak1RFMqCZEazqPxHoVtcPBZeIYbp1hKVZtfwn1oOafTFC6jhr
R2wVS8dkpjY5F/aLlI8IwRySHQOLuhAGD0A8sQFksxz8vEwFF/K+qIGQ7NOzBsDf
roWE/bMm0bnIi6tMUBU2EAinVt43KhUI1KC+c7ez5PJmATalMD9zHp791YIiJxlh
sfkXodGI2qKNBMsiNwjehYbAMJLc7uNcrzGKDaY/u5YRPhsJAJVaf9jacwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvU9Oh0eq/e0lPmsMEJUJJm4M+aMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvcTlUMDZIUjZyOTdTVS1hd3dRbFFrbWJnejVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCRTQn6UlUcQ9t+3AH7Or4f7Nw71vfntGZuaAtjytoj
LGifZhBPlPWBXe8Waa9ChJRmOeBVhfQQSCWFtvfAooE+3vGya5Lss6ha6WWgh7Mn
x4ADtc5Vqir0oUOT8jVbiC7NWozat7BwHFH/Gc2s07/o5kmYFJmlnnkOdUK+v8QH
KNEP6FzDhzgXn67dgM6eBtv68+hwZ6pT0rzzBGpdBrLhGXNUyc8JZ/lZuDxZAtFd
dXjVG8nbp8vLrmKbag6TPpgz1DVi00htpboPiErI5wntbTjCB/+vqeEX23Ddbwx2
dgWoJ+B+8fkineSpKBm1BExwqT5IVi1MwPxv9XQUp/DK
-----END CERTIFICATE-----