Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/qaQWydk6FB7GEf8gIwZAiy68VWs.roa
File:                     qaQWydk6FB7GEf8gIwZAiy68VWs.roa (raw, json)
Hash identifier:          mytnFDuDw0yiy0H79vxRv/LVxQaED8L8Amgjxi3Soxc=
Subject key identifier:   A9:A4:16:C9:D9:3A:14:1E:C6:11:FF:20:23:06:40:8B:2E:BC:55:6B
Certificate issuer:       /CN=543c7018034725963a971c96a8caab598cae638a
Certificate serial:       0190A7C59B8950DF86B89D8CC750CD13439D
Authority key identifier: 54:3C:70:18:03:47:25:96:3A:97:1C:96:A8:CA:AB:59:8C:AE:63:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxwGANHJZY6lxyWqMqrWYyuY4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/qaQWydk6FB7GEf8gIwZAiy68VWs.roa
Signing time:             Fri 12 Jul 2024 16:27:43 +0000
ROA not before:           Fri 12 Jul 2024 16:27:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204300
IP address blocks:        185.155.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/VDxwGANHJZY6lxyWqMqrWYyuY4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/VDxwGANHJZY6lxyWqMqrWYyuY4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxwGANHJZY6lxyWqMqrWYyuY4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a7:c5:9b:89:50:df:86:b8:9d:8c:c7:50:cd:13:43:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c7018034725963a971c96a8caab598cae638a
        Validity
            Not Before: Jul 12 16:27:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9a416c9d93a141ec611ff202306408b2ebc556b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bf:3e:c9:e0:b4:cf:23:71:84:df:9f:13:f1:
                    8c:3d:fa:3e:a4:c6:a4:67:42:e7:38:2a:95:e2:c6:
                    27:a4:a3:30:74:98:b1:3d:23:46:13:07:49:a8:cd:
                    1f:27:32:b0:71:98:f3:ba:1a:15:e5:aa:96:76:cc:
                    e7:06:92:1c:d5:ac:b1:db:3e:9b:eb:36:7a:40:9c:
                    5d:a6:d2:7a:f3:d9:59:b0:96:82:b5:0c:9b:e4:bf:
                    db:f5:89:4e:d4:90:e9:5d:f5:0a:bc:29:10:71:12:
                    a3:23:38:ca:ee:d4:2b:23:77:0a:a9:49:a9:8e:50:
                    67:f7:40:99:35:f4:7b:f2:68:dc:bf:d8:6e:a0:48:
                    7e:a4:91:34:e1:70:a5:ec:d9:e7:19:21:5a:da:8b:
                    88:60:c3:c5:9c:43:7e:b0:02:b3:26:62:96:f9:74:
                    51:f4:32:9e:8d:fe:21:dd:45:7e:95:99:c7:05:46:
                    b4:b7:fb:d1:a4:21:5f:78:39:71:0b:8c:4c:ea:f3:
                    c2:3d:5e:9c:fe:ce:e9:ee:53:a1:db:43:ef:96:b1:
                    b5:75:d2:fd:4a:c9:f7:25:ca:2f:fa:1f:de:f0:a0:
                    aa:5c:ef:0a:9c:fe:75:f6:61:03:86:0b:c1:27:39:
                    34:ab:d7:85:20:dc:ce:f8:f6:08:58:82:f7:7e:ca:
                    f8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A4:16:C9:D9:3A:14:1E:C6:11:FF:20:23:06:40:8B:2E:BC:55:6B
            X509v3 Authority Key Identifier:
                keyid:54:3C:70:18:03:47:25:96:3A:97:1C:96:A8:CA:AB:59:8C:AE:63:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxwGANHJZY6lxyWqMqrWYyuY4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/qaQWydk6FB7GEf8gIwZAiy68VWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/VDxwGANHJZY6lxyWqMqrWYyuY4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:25:5a:40:fe:2b:da:84:eb:4a:90:09:fa:88:52:c9:f1:c0:
         10:1c:ab:a2:e4:9e:70:6f:36:8e:e6:12:29:37:21:42:cd:df:
         ae:dc:0d:02:e5:ef:92:78:be:3a:73:56:8f:02:0f:0a:e0:b9:
         3e:4e:89:b2:31:86:d1:1e:04:e5:e9:66:03:ca:eb:5d:2a:a7:
         b9:5c:dd:10:b1:b7:d6:f4:36:7f:14:c2:c9:90:de:f3:d1:42:
         e1:55:00:9e:67:05:4e:5a:65:cb:8a:14:97:60:2c:d4:d8:42:
         e3:6a:dd:ea:aa:c5:15:cf:cf:fc:85:58:6c:32:b9:36:80:74:
         c1:3c:f5:6c:13:a2:23:0d:b9:28:c5:e3:e0:3b:55:34:13:98:
         f2:9a:6d:61:63:da:a3:45:52:17:6d:cb:1a:b0:ed:11:97:e6:
         e1:87:4a:47:63:13:c7:88:b2:9d:20:43:55:c0:60:82:77:b2:
         d8:d9:6a:df:6e:c6:b8:97:50:2c:14:f6:4f:58:11:16:7a:03:
         dd:ac:20:92:6d:8a:f1:97:6d:33:b0:ba:57:b3:0e:df:a9:64:
         73:1b:43:5b:8e:9f:04:1e:f1:24:12:15:04:08:bb:e0:05:52:
         b1:75:fb:0e:c1:6d:9d:b9:9f:27:aa:55:28:cb:8f:a6:11:dd:
         c8:ba:5f:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCnxZuJUN+GuJ2Mx1DNE0OdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M3MDE4MDM0NzI1OTYzYTk3MWM5NmE4Y2FhYjU5OGNh
ZTYzOGEwHhcNMjQwNzEyMTYyNzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWE0MTZjOWQ5M2ExNDFlYzYxMWZmMjAyMzA2NDA4YjJlYmM1NTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsb8+yeC0zyNxhN+fE/GMPfo+pMak
Z0LnOCqV4sYnpKMwdJixPSNGEwdJqM0fJzKwcZjzuhoV5aqWdsznBpIc1ayx2z6b
6zZ6QJxdptJ689lZsJaCtQyb5L/b9YlO1JDpXfUKvCkQcRKjIzjK7tQrI3cKqUmp
jlBn90CZNfR78mjcv9huoEh+pJE04XCl7NnnGSFa2ouIYMPFnEN+sAKzJmKW+XRR
9DKejf4h3UV+lZnHBUa0t/vRpCFfeDlxC4xM6vPCPV6c/s7p7lOh20PvlrG1ddL9
Ssn3Jcov+h/e8KCqXO8KnP519mEDhgvBJzk0q9eFINzO+PYIWIL3fsr4pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmkFsnZOhQexhH/ICMGQIsuvFVrMB8GA1UdIwQY
MBaAFFQ8cBgDRyWWOpcclqjKq1mMrmOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4d0dBTkhKWlk2bHh5V3FNcXJXWXl1WTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81MDlkMGItYWNkMS00OTU4LWEzY2Qt
Mzc1ZjI0NDlhOGMxLzEvcWFRV3lkazZGQjdHRWY4Z0l3WkFpeTY4VldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81MDlkMGItYWNkMS00OTU4LWEzY2QtMzc1ZjI0NDlhOGMx
LzEvVkR4d0dBTkhKWlk2bHh5V3FNcXJXWXl1WTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZtKMA0G
CSqGSIb3DQEBCwUAA4IBAQBwJVpA/ivahOtKkAn6iFLJ8cAQHKui5J5wbzaO5hIp
NyFCzd+u3A0C5e+SeL46c1aPAg8K4Lk+TomyMYbRHgTl6WYDyutdKqe5XN0QsbfW
9DZ/FMLJkN7z0ULhVQCeZwVOWmXLihSXYCzU2ELjat3qqsUVz8/8hVhsMrk2gHTB
PPVsE6IjDbkoxePgO1U0E5jymm1hY9qjRVIXbcsasO0Rl+bhh0pHYxPHiLKdIENV
wGCCd7LY2Wrfbsa4l1AsFPZPWBEWegPdrCCSbYrxl20zsLpXsw7fqWRzG0Nbjp8E
HvEkEhUECLvgBVKxdfsOwW2duZ8nqlUoy4+mEd3Iul8M
-----END CERTIFICATE-----