Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/3QZNHvMTWe5W929r_YoaMdFN3kU.roa
File:                     3QZNHvMTWe5W929r_YoaMdFN3kU.roa (raw, json)
Hash identifier:          YudJ2Bh1roT9BQDAVY3fxpudBZKroywIyAya8FMiF/o=
Subject key identifier:   DD:06:4D:1E:F3:13:59:EE:56:F7:6F:6B:FD:8A:1A:31:D1:4D:DE:45
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D7A931680FA0FFFCD91A175011454BAFE
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/3QZNHvMTWe5W929r_YoaMdFN3kU.roa
Signing time:             Mon 05 Feb 2024 18:41:16 +0000
ROA not before:           Mon 05 Feb 2024 18:41:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51317
IP address blocks:        45.84.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:93:16:80:fa:0f:ff:cd:91:a1:75:01:14:54:ba:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  5 18:41:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd064d1ef31359ee56f76f6bfd8a1a31d14dde45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:dd:f3:f6:7c:de:fa:8a:e8:70:2a:9d:2b:77:
                    ba:d0:41:ca:00:0b:49:a8:1f:7c:ff:18:de:37:b9:
                    ec:43:74:50:7e:76:87:7e:87:37:43:da:ee:d7:b4:
                    ac:00:f9:8f:af:b8:5f:52:ff:49:c0:19:39:97:f9:
                    0a:2e:59:44:33:47:08:cf:13:76:d4:b7:19:ab:66:
                    e8:d2:e9:d1:c1:fd:e9:ef:eb:e2:9a:2d:23:40:08:
                    44:8f:24:ef:55:68:89:38:96:4f:79:ce:c7:09:6b:
                    bb:64:76:96:95:ad:ee:73:4f:18:f3:f3:eb:9c:dc:
                    5d:b3:4a:70:35:e4:eb:71:73:5a:ee:71:1d:06:d2:
                    41:d4:62:8d:2e:6f:99:03:1a:b9:fd:b6:66:ca:c3:
                    f4:fa:25:95:b5:27:96:a7:2d:76:d5:91:09:53:0f:
                    68:e9:49:3f:b1:78:80:73:32:f0:fc:d9:10:cc:5d:
                    48:0b:4b:a3:7b:3c:dc:b8:a4:fa:28:da:6b:40:33:
                    b3:f4:fd:77:81:2e:e9:aa:a4:22:20:45:f4:85:9e:
                    e2:51:8e:2a:de:42:db:ab:83:f5:79:2e:9f:ff:ff:
                    10:c3:e3:cb:c4:0b:8b:62:c2:4e:8c:cc:f4:9b:a5:
                    5a:98:01:18:57:18:d3:33:51:db:00:56:e9:51:d1:
                    87:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:06:4D:1E:F3:13:59:EE:56:F7:6F:6B:FD:8A:1A:31:D1:4D:DE:45
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/3QZNHvMTWe5W929r_YoaMdFN3kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b3:f4:c3:b9:f5:5b:2e:5d:d0:99:72:97:ef:ca:39:e0:f8:
         7d:c8:ed:64:04:e1:84:21:64:a4:62:58:65:a9:ff:a4:44:a5:
         25:33:3f:47:f9:76:c5:8f:74:24:35:8a:38:aa:96:70:5f:69:
         88:fc:4b:85:53:70:63:69:37:bb:18:80:d3:6a:f4:89:b0:2c:
         60:bd:bf:16:e1:cf:af:55:80:ae:3f:bd:f5:0b:95:18:f3:85:
         41:4b:75:83:9a:2a:bf:1c:ab:3e:3f:a0:13:ee:f3:32:c7:c5:
         0d:6a:a2:47:c8:cc:cf:08:19:ce:de:d1:cd:90:95:86:a6:a9:
         c7:7d:35:8d:1c:11:b9:30:81:6e:12:24:1c:7d:dd:1c:b7:ad:
         37:50:71:0b:1b:f2:6b:31:87:0b:3d:78:8e:a4:2d:49:03:f1:
         51:7b:b0:0f:18:01:bd:d3:dc:71:08:d1:26:bd:cc:ca:82:28:
         5a:d1:0b:da:29:c1:d3:26:87:d8:c1:dd:6a:64:4f:5b:bc:76:
         d1:5a:11:74:4a:29:19:d4:46:f0:d0:98:7b:dd:91:87:8e:6d:
         bb:55:ee:ef:24:57:0e:3e:24:03:9f:74:4e:2b:66:06:cd:6f:
         66:0f:9c:60:48:52:38:44:d0:14:6d:29:f9:65:1f:0d:8a:eb:
         2c:fe:34:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16kxaA+g//zZGhdQEUVLr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA1MTg0MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDA2NGQxZWYzMTM1OWVlNTZmNzZmNmJmZDhhMWEzMWQxNGRkZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgd3z9nze+orocCqdK3e60EHKAAtJ
qB98/xjeN7nsQ3RQfnaHfoc3Q9ru17SsAPmPr7hfUv9JwBk5l/kKLllEM0cIzxN2
1LcZq2bo0unRwf3p7+vimi0jQAhEjyTvVWiJOJZPec7HCWu7ZHaWla3uc08Y8/Pr
nNxds0pwNeTrcXNa7nEdBtJB1GKNLm+ZAxq5/bZmysP0+iWVtSeWpy121ZEJUw9o
6Uk/sXiAczLw/NkQzF1IC0ujezzcuKT6KNprQDOz9P13gS7pqqQiIEX0hZ7iUY4q
3kLbq4P1eS6f//8Qw+PLxAuLYsJOjMz0m6VamAEYVxjTM1HbAFbpUdGHYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0GTR7zE1nuVvdva/2KGjHRTd5FMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvM1FaTkh2TVRXZTVXOTI5cl9Zb2FNZEZOM2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVSzMA0G
CSqGSIb3DQEBCwUAA4IBAQB1s/TDufVbLl3QmXKX78o54Ph9yO1kBOGEIWSkYlhl
qf+kRKUlMz9H+XbFj3QkNYo4qpZwX2mI/EuFU3BjaTe7GIDTavSJsCxgvb8W4c+v
VYCuP731C5UY84VBS3WDmiq/HKs+P6AT7vMyx8UNaqJHyMzPCBnO3tHNkJWGpqnH
fTWNHBG5MIFuEiQcfd0ct603UHELG/JrMYcLPXiOpC1JA/FRe7APGAG909xxCNEm
vczKgiha0QvaKcHTJofYwd1qZE9bvHbRWhF0SikZ1Ebw0Jh73ZGHjm27Ve7vJFcO
PiQDn3ROK2YGzW9mD5xgSFI4RNAUbSn5ZR8Niuss/jRp
-----END CERTIFICATE-----