Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/qk4QhlD_bW8z_Uf9-VBiOlOZUZg.roa
File:                     qk4QhlD_bW8z_Uf9-VBiOlOZUZg.roa (raw, json)
Hash identifier:          dC959qM055E81mj06Za+9PUQ+174TuDq4nHg/X63X90=
Subject key identifier:   AA:4E:10:86:50:FF:6D:6F:33:FD:47:FD:F9:50:62:3A:53:99:51:98
Certificate issuer:       /CN=da980a45fe487366e386b6064c2c652519f9fc93
Certificate serial:       018CC5012E9A815B54F3E7E7751FC199305B
Authority key identifier: DA:98:0A:45:FE:48:73:66:E3:86:B6:06:4C:2C:65:25:19:F9:FC:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/qk4QhlD_bW8z_Uf9-VBiOlOZUZg.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205591
IP address blocks:        45.154.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2e:9a:81:5b:54:f3:e7:e7:75:1f:c1:99:30:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da980a45fe487366e386b6064c2c652519f9fc93
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa4e108650ff6d6f33fd47fdf950623a53995198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c0:f4:95:2a:67:bb:94:25:b5:84:9a:44:f3:
                    40:32:d0:bc:89:77:c7:4d:cb:27:64:21:20:46:52:
                    56:ef:45:f8:70:7d:fd:c9:72:dd:f4:38:c7:42:72:
                    1f:31:8f:90:22:39:bb:38:40:c4:50:1e:1b:6d:13:
                    7e:f7:e8:92:bb:ab:e9:d7:26:16:a9:d4:50:f7:0e:
                    99:82:60:ac:0e:05:2f:33:28:14:df:b1:40:b1:bf:
                    19:02:2c:ba:4a:d1:54:f8:d8:9e:6a:82:68:81:c1:
                    8f:5b:a0:37:01:5b:ee:fd:a4:56:1c:e8:76:fa:81:
                    b6:d3:3b:0b:10:22:53:0e:af:5a:fc:f4:b9:b5:5e:
                    43:ce:fe:81:df:ca:bd:de:01:41:03:d5:9a:6d:41:
                    dc:b0:46:01:e7:fe:f7:15:63:34:2e:fe:29:20:36:
                    91:67:4b:9e:9c:3f:13:c6:6b:e0:1a:1e:9e:f5:91:
                    3e:d3:54:79:ba:37:f2:53:21:7a:6f:5f:0b:a2:4a:
                    fb:72:3e:df:f0:87:6a:56:77:5e:04:aa:94:5c:ae:
                    73:d1:d4:62:68:e7:85:82:89:13:17:29:3a:f5:0d:
                    dc:36:72:26:0f:fd:2e:80:98:bf:bf:ae:a5:e5:f2:
                    51:93:1e:82:50:f5:45:f0:33:74:73:84:87:fe:18:
                    fa:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4E:10:86:50:FF:6D:6F:33:FD:47:FD:F9:50:62:3A:53:99:51:98
            X509v3 Authority Key Identifier:
                keyid:DA:98:0A:45:FE:48:73:66:E3:86:B6:06:4C:2C:65:25:19:F9:FC:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/qk4QhlD_bW8z_Uf9-VBiOlOZUZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:77:4d:e9:c8:93:d0:7e:93:be:d1:9f:d6:7a:02:49:57:14:
         7b:60:9e:e2:e3:28:9d:83:0d:dd:b9:f3:91:29:06:f0:26:dd:
         5a:09:ec:98:db:6b:14:bf:b2:8b:ff:8a:d5:7e:fa:74:59:47:
         58:79:1e:9b:71:19:f9:6f:51:61:cc:17:de:ec:35:98:a3:e2:
         76:63:1b:44:77:3a:9a:f3:c4:e4:e4:e8:a5:71:71:ae:8e:c3:
         f5:c2:85:fa:71:34:57:d2:4e:92:6c:84:40:ba:46:ec:b5:b0:
         05:33:a7:7b:1d:f6:73:de:b3:5e:c4:10:45:37:ad:c8:f5:15:
         bc:8b:08:78:93:f0:55:9c:d6:35:5c:5e:26:5f:3e:41:8b:eb:
         ea:ec:e1:c1:39:fa:a3:e1:71:8c:1f:dd:db:c6:54:7c:ba:13:
         af:89:59:79:96:3f:63:ad:9f:ee:0b:8e:f9:7f:e6:05:ab:18:
         fc:61:25:69:48:ea:fc:73:38:e4:0b:51:4b:00:da:39:3c:5d:
         e2:b4:74:83:45:5c:e6:e6:9c:f0:82:ba:f1:c2:d2:01:52:03:
         c3:d4:9b:03:3b:a3:72:aa:c2:d9:5f:94:e8:ad:52:71:9d:1c:
         72:87:15:8c:64:27:f2:49:73:35:7b:d6:ed:9b:45:1b:58:a7:
         0e:12:86:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAS6agVtU8+fndR/BmTBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOTgwYTQ1ZmU0ODczNjZlMzg2YjYwNjRjMmM2NTI1MTlm
OWZjOTMwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTRlMTA4NjUwZmY2ZDZmMzNmZDQ3ZmRmOTUwNjIzYTUzOTk1MTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MD0lSpnu5QltYSaRPNAMtC8iXfH
TcsnZCEgRlJW70X4cH39yXLd9DjHQnIfMY+QIjm7OEDEUB4bbRN+9+iSu6vp1yYW
qdRQ9w6ZgmCsDgUvMygU37FAsb8ZAiy6StFU+NieaoJogcGPW6A3AVvu/aRWHOh2
+oG20zsLECJTDq9a/PS5tV5Dzv6B38q93gFBA9WabUHcsEYB5/73FWM0Lv4pIDaR
Z0uenD8TxmvgGh6e9ZE+01R5ujfyUyF6b18Lokr7cj7f8IdqVndeBKqUXK5z0dRi
aOeFgokTFyk69Q3cNnImD/0ugJi/v66l5fJRkx6CUPVF8DN0c4SH/hj65QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpOEIZQ/21vM/1H/flQYjpTmVGYMB8GA1UdIwQY
MBaAFNqYCkX+SHNm44a2BkwsZSUZ+fyTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnBnS1JmNUljMmJqaHJZR1RDeGxKUm41X0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80MTBlMzktYjhhNi00NmNhLWFjZGMt
M2YxMmFmZjI3NGRhLzEvcWs0UWhsRF9iVzh6X1VmOS1WQmlPbE9aVVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80MTBlMzktYjhhNi00NmNhLWFjZGMtM2YxMmFmZjI3NGRh
LzEvMnBnS1JmNUljMmJqaHJZR1RDeGxKUm41X0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpuMA0G
CSqGSIb3DQEBCwUAA4IBAQB3d03pyJPQfpO+0Z/WegJJVxR7YJ7i4yidgw3dufOR
KQbwJt1aCeyY22sUv7KL/4rVfvp0WUdYeR6bcRn5b1FhzBfe7DWYo+J2YxtEdzqa
88Tk5OilcXGujsP1woX6cTRX0k6SbIRAukbstbAFM6d7HfZz3rNexBBFN63I9RW8
iwh4k/BVnNY1XF4mXz5Bi+vq7OHBOfqj4XGMH93bxlR8uhOviVl5lj9jrZ/uC475
f+YFqxj8YSVpSOr8czjkC1FLANo5PF3itHSDRVzm5pzwgrrxwtIBUgPD1JsDO6Ny
qsLZX5TorVJxnRxyhxWMZCfySXM1e9btm0UbWKcOEoZq
-----END CERTIFICATE-----