Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rHqU9XPVmzCo6uOAh8HHqwFeMUs.roa
File:                     rHqU9XPVmzCo6uOAh8HHqwFeMUs.roa (raw, json)
Hash identifier:          UqhbOuR7A5rBhHqeR/C4CuN7aTTcfDdUi8Ov+aGwpHE=
Subject key identifier:   AC:7A:94:F5:73:D5:9B:30:A8:EA:E3:80:87:C1:C7:AB:01:5E:31:4B
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DD1E8C2EA76503011482F9234C3E7FECA
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rHqU9XPVmzCo6uOAh8HHqwFeMUs.roa
Signing time:             Thu 22 Feb 2024 17:41:48 +0000
ROA not before:           Thu 22 Feb 2024 17:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35682
IP address blocks:        45.138.158.0/24 maxlen: 24
                          185.217.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:e8:c2:ea:76:50:30:11:48:2f:92:34:c3:e7:fe:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 22 17:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac7a94f573d59b30a8eae38087c1c7ab015e314b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:46:34:cc:6e:5d:36:87:f3:0d:30:20:2f:be:
                    d6:0b:74:ae:fb:d9:16:31:d2:82:ac:77:57:0c:79:
                    3c:94:23:7e:1d:89:2e:c9:8c:6b:f4:2a:2e:9d:9b:
                    dc:f2:4a:37:96:92:d6:6a:d4:87:8d:a9:36:cd:23:
                    7b:8e:d5:83:b3:5a:d4:9e:91:99:e7:3d:cc:e7:36:
                    a7:3b:7a:7a:ba:65:ed:a4:9c:55:c4:6d:d5:77:62:
                    67:c2:cc:0a:55:eb:74:ce:ca:97:1e:3a:9b:8e:2c:
                    29:e1:ed:51:39:b2:27:84:45:45:7c:5e:3a:ba:0d:
                    7d:14:45:15:cc:04:14:2d:90:61:b0:c8:16:2f:4c:
                    b4:d4:86:15:8d:20:14:ec:35:1e:19:20:3b:ce:e3:
                    7d:ce:14:43:46:55:d7:d0:4e:74:b4:73:5d:fa:77:
                    04:f5:10:ed:bb:b4:b7:cd:44:71:43:fb:44:5e:26:
                    15:be:99:26:26:21:41:59:ec:75:10:db:aa:b7:ef:
                    f6:c4:60:85:fe:45:d4:5f:8c:f1:81:ba:df:c1:31:
                    ab:5c:b2:fd:dd:cd:a1:e3:61:9f:87:4f:00:cd:cb:
                    69:7e:19:1f:8f:3f:c1:1a:96:85:b3:8b:cf:2c:04:
                    5f:d8:fc:20:66:5e:f5:cc:a8:0f:11:5b:4f:e7:01:
                    fa:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7A:94:F5:73:D5:9B:30:A8:EA:E3:80:87:C1:C7:AB:01:5E:31:4B
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rHqU9XPVmzCo6uOAh8HHqwFeMUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.158.0/24
                  185.217.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:78:06:c7:29:14:25:3f:bf:76:fd:e0:2d:79:c3:11:e2:ba:
         2e:62:d9:1d:e0:79:a7:0a:39:df:75:8b:cb:20:72:19:7a:0a:
         5e:68:3c:4d:1a:24:ae:bb:8b:6e:47:40:7d:6c:2c:10:37:90:
         8d:d8:6f:2b:77:2b:59:fe:46:5f:ac:11:00:a5:84:18:35:8b:
         d8:27:a8:f0:43:d6:a4:a2:77:63:6e:7a:fc:bc:c6:f9:ed:77:
         be:be:ed:8b:4f:90:44:7b:67:1f:e3:29:84:6d:81:89:01:b8:
         44:e0:10:88:17:88:9c:9b:22:18:6f:db:d9:ec:f5:e1:6e:e6:
         84:09:8b:6b:52:f4:6b:e4:9b:2c:a6:7f:46:a9:da:7d:5b:69:
         2f:c6:64:b0:e6:31:b3:33:7c:a3:58:82:35:8b:24:4b:29:39:
         8d:99:28:12:c5:a8:3a:8d:2c:44:30:6d:6d:29:7d:87:49:0f:
         79:ed:69:64:d3:fc:a4:79:22:be:ec:cc:d4:5b:4d:e4:e4:83:
         27:6c:8b:69:c3:e4:2a:3b:45:8e:dd:56:0e:da:f9:61:5d:82:
         d9:8d:be:b3:2f:6f:0b:d9:11:b2:47:8a:ae:9e:5d:b2:a4:82:
         95:72:fe:0b:27:b1:98:cf:21:de:35:72:28:9c:1e:08:dc:2b:
         23:1d:0f:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3R6MLqdlAwEUgvkjTD5/7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjIyMTc0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzdhOTRmNTczZDU5YjMwYThlYWUzODA4N2MxYzdhYjAxNWUzMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkY0zG5dNofzDTAgL77WC3Su+9kW
MdKCrHdXDHk8lCN+HYkuyYxr9CounZvc8ko3lpLWatSHjak2zSN7jtWDs1rUnpGZ
5z3M5zanO3p6umXtpJxVxG3Vd2JnwswKVet0zsqXHjqbjiwp4e1RObInhEVFfF46
ug19FEUVzAQULZBhsMgWL0y01IYVjSAU7DUeGSA7zuN9zhRDRlXX0E50tHNd+ncE
9RDtu7S3zURxQ/tEXiYVvpkmJiFBWex1ENuqt+/2xGCF/kXUX4zxgbrfwTGrXLL9
3c2h42Gfh08Azctpfhkfjz/BGpaFs4vPLARf2PwgZl71zKgPEVtP5wH6VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKx6lPVz1ZswqOrjgIfBx6sBXjFLMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvckhxVTlYUFZtekNvNnVPQWg4SEhxd0ZlTVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYqeAwQA
udmDMA0GCSqGSIb3DQEBCwUAA4IBAQA8eAbHKRQlP792/eAtecMR4rouYtkd4Hmn
CjnfdYvLIHIZegpeaDxNGiSuu4tuR0B9bCwQN5CN2G8rdytZ/kZfrBEApYQYNYvY
J6jwQ9akondjbnr8vMb57Xe+vu2LT5BEe2cf4ymEbYGJAbhE4BCIF4icmyIYb9vZ
7PXhbuaECYtrUvRr5Jsspn9Gqdp9W2kvxmSw5jGzM3yjWII1iyRLKTmNmSgSxag6
jSxEMG1tKX2HSQ957Wlk0/ykeSK+7MzUW03k5IMnbItpw+QqO0WO3VYO2vlhXYLZ
jb6zL28L2RGyR4qunl2ypIKVcv4LJ7GYzyHeNXIonB4I3CsjHQ+i
-----END CERTIFICATE-----