Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/qXUQFXP5cGvRT51_YZ9bp0q7hX8.roa
File:                     qXUQFXP5cGvRT51_YZ9bp0q7hX8.roa (raw, json)
Hash identifier:          xZ5etO2YsF0s/vMCKt6+gKdzavBAh2LK8y9aJin/3I8=
Subject key identifier:   A9:75:10:15:73:F9:70:6B:D1:4F:9D:7F:61:9F:5B:A7:4A:BB:85:7F
Certificate issuer:       /CN=4cd71f5a0050f8ae6444c638769ba375fddbce19
Certificate serial:       018CC2DB3E9413C3AC0802788AB6AB1AD010
Authority key identifier: 4C:D7:1F:5A:00:50:F8:AE:64:44:C6:38:76:9B:A3:75:FD:DB:CE:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TNcfWgBQ-K5kRMY4dpujdf3bzhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/qXUQFXP5cGvRT51_YZ9bp0q7hX8.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        45.150.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/TNcfWgBQ-K5kRMY4dpujdf3bzhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/TNcfWgBQ-K5kRMY4dpujdf3bzhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TNcfWgBQ-K5kRMY4dpujdf3bzhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3e:94:13:c3:ac:08:02:78:8a:b6:ab:1a:d0:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cd71f5a0050f8ae6444c638769ba375fddbce19
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a975101573f9706bd14f9d7f619f5ba74abb857f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d6:ed:d1:ea:76:dd:ee:3c:bd:04:14:93:25:
                    de:1d:b2:51:ed:04:f5:91:45:c4:95:74:f7:05:33:
                    36:e6:6e:32:6a:b4:83:95:68:aa:2e:71:48:d2:31:
                    16:ec:ef:7c:a2:7d:08:73:ff:56:b3:97:24:f4:3c:
                    57:d4:ec:34:c5:a1:eb:79:b2:3a:86:0d:36:55:55:
                    09:ca:12:10:98:4a:09:93:65:91:1b:bb:35:41:d3:
                    2c:d4:41:e0:7f:a1:78:44:92:e4:03:70:71:fc:89:
                    62:eb:44:60:06:b1:05:59:84:fc:0f:11:fe:ee:69:
                    52:ad:a0:49:be:cd:3d:76:2a:68:ec:17:89:5c:29:
                    ec:fe:f0:fb:9b:3d:07:4e:c0:9e:3f:2f:8b:26:c5:
                    a8:d0:34:90:b4:86:53:4e:7d:78:2d:37:75:e0:f9:
                    28:77:09:e5:92:37:6b:3e:af:77:6b:1b:ba:45:1b:
                    a5:41:73:6f:14:16:b3:5d:00:a5:ec:92:0a:a4:bb:
                    9e:bd:3d:09:73:ea:38:f4:c6:6d:f6:59:5e:cc:ae:
                    25:b8:88:7c:28:03:7c:e0:c7:8c:e8:cb:6a:69:b5:
                    45:de:48:32:e9:6d:e8:f7:28:ae:8e:5f:2d:05:f3:
                    f0:5d:85:12:f3:83:a6:03:ae:f0:9f:a7:71:73:38:
                    59:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:75:10:15:73:F9:70:6B:D1:4F:9D:7F:61:9F:5B:A7:4A:BB:85:7F
            X509v3 Authority Key Identifier:
                keyid:4C:D7:1F:5A:00:50:F8:AE:64:44:C6:38:76:9B:A3:75:FD:DB:CE:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TNcfWgBQ-K5kRMY4dpujdf3bzhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/qXUQFXP5cGvRT51_YZ9bp0q7hX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/278398-7339-44b2-b0b0-73a01ae5de8f/1/TNcfWgBQ-K5kRMY4dpujdf3bzhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:61:f4:fd:f8:b7:e9:36:34:2c:6c:37:47:b2:b3:0d:e4:46:
         e0:38:89:2e:80:9d:b6:55:71:6a:5c:a3:ef:66:7e:f3:02:2f:
         2d:b9:db:42:e7:77:2a:d0:bb:c8:16:23:97:17:4e:21:df:38:
         a0:6d:74:a9:b2:af:60:6c:ad:a3:ff:f5:bd:5a:26:75:81:99:
         0b:df:69:2c:8e:25:2c:5d:77:ae:3e:f6:7d:2e:89:f8:08:0d:
         e5:54:79:00:29:e0:87:89:46:d7:05:23:a6:a4:42:fb:66:6f:
         29:da:d4:2c:7c:37:70:e4:cf:07:4d:c2:fc:9f:3c:01:dc:26:
         8a:42:d2:4f:6a:ec:31:d8:19:88:88:8d:e4:10:ab:0c:c1:82:
         54:87:15:23:7a:62:fc:67:5b:6f:fd:fd:34:fd:c5:ff:24:3d:
         1c:88:f8:69:6c:44:70:cf:9f:9f:b2:c6:70:80:a7:60:66:19:
         42:e9:14:f1:54:57:2e:74:64:c2:f1:0f:db:1c:ee:1b:e3:06:
         7e:26:31:22:d6:c5:35:23:7f:43:6c:09:84:40:c0:8c:91:74:
         73:e0:04:39:40:36:5c:9d:54:4e:e5:99:1b:79:73:ce:7b:79:
         f6:c7:d4:0b:95:a5:6c:9e:e9:38:4c:b9:8d:8c:07:17:69:2a:
         d8:71:82:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z6UE8OsCAJ4irarGtAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZDcxZjVhMDA1MGY4YWU2NDQ0YzYzODc2OWJhMzc1ZmRk
YmNlMTkwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc1MTAxNTczZjk3MDZiZDE0ZjlkN2Y2MTlmNWJhNzRhYmI4NTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdbt0ep23e48vQQUkyXeHbJR7QT1
kUXElXT3BTM25m4yarSDlWiqLnFI0jEW7O98on0Ic/9Ws5ck9DxX1Ow0xaHrebI6
hg02VVUJyhIQmEoJk2WRG7s1QdMs1EHgf6F4RJLkA3Bx/Ili60RgBrEFWYT8DxH+
7mlSraBJvs09dipo7BeJXCns/vD7mz0HTsCePy+LJsWo0DSQtIZTTn14LTd14Pko
dwnlkjdrPq93axu6RRulQXNvFBazXQCl7JIKpLuevT0Jc+o49MZt9llezK4luIh8
KAN84MeM6MtqabVF3kgy6W3o9yiujl8tBfPwXYUS84OmA67wn6dxczhZbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKl1EBVz+XBr0U+df2GfW6dKu4V/MB8GA1UdIwQY
MBaAFEzXH1oAUPiuZETGOHabo3X9284ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE5jZldnQlEtSzVrUk1ZNGRwdWpkZjNiemhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8yNzgzOTgtNzMzOS00NGIyLWIwYjAt
NzNhMDFhZTVkZThmLzEvcVhVUUZYUDVjR3ZSVDUxX1laOWJwMHE3aFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8yNzgzOTgtNzMzOS00NGIyLWIwYjAtNzNhMDFhZTVkZThm
LzEvVE5jZldnQlEtSzVrUk1ZNGRwdWpkZjNiemhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZZoMA0G
CSqGSIb3DQEBCwUAA4IBAQB5YfT9+LfpNjQsbDdHsrMN5EbgOIkugJ22VXFqXKPv
Zn7zAi8tudtC53cq0LvIFiOXF04h3zigbXSpsq9gbK2j//W9WiZ1gZkL32ksjiUs
XXeuPvZ9Lon4CA3lVHkAKeCHiUbXBSOmpEL7Zm8p2tQsfDdw5M8HTcL8nzwB3CaK
QtJPauwx2BmIiI3kEKsMwYJUhxUjemL8Z1tv/f00/cX/JD0ciPhpbERwz5+fssZw
gKdgZhlC6RTxVFcudGTC8Q/bHO4b4wZ+JjEi1sU1I39DbAmEQMCMkXRz4AQ5QDZc
nVRO5ZkbeXPOe3n2x9QLlaVsnuk4TLmNjAcXaSrYcYJX
-----END CERTIFICATE-----