Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/QhGtzG-L7j2wK88rMz6pqT94rJI.roa
File:                     QhGtzG-L7j2wK88rMz6pqT94rJI.roa (raw, json)
Hash identifier:          2PiUe6p+HOprKhkb7qkGKjEKDAE5QjxHFkwixTwK+7Y=
Subject key identifier:   42:11:AD:CC:6F:8B:EE:3D:B0:2B:CF:2B:33:3E:A9:A9:3F:78:AC:92
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018EA4381EDA560F8CCEE8AABF03A46EF556
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/QhGtzG-L7j2wK88rMz6pqT94rJI.roa
Signing time:             Wed 03 Apr 2024 13:48:45 +0000
ROA not before:           Wed 03 Apr 2024 13:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        45.89.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:38:1e:da:56:0f:8c:ce:e8:aa:bf:03:a4:6e:f5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Apr  3 13:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4211adcc6f8bee3db02bcf2b333ea9a93f78ac92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fd:f3:6f:46:c0:0c:07:45:41:c8:9a:d9:96:
                    a5:69:08:55:53:d8:5e:1a:48:d9:76:00:99:8b:92:
                    73:ea:83:c9:9e:f1:81:40:04:0e:a3:c8:9c:c7:2b:
                    11:cd:51:f7:45:f4:65:4e:86:e5:8c:b0:ec:e4:b4:
                    ef:53:58:62:7a:5b:9b:0c:be:d5:69:5b:86:82:8a:
                    2e:90:a9:38:c9:2c:c2:c0:a5:61:2d:7f:e5:25:a2:
                    8d:9e:66:15:8c:e3:cd:74:21:bf:04:aa:30:35:bc:
                    99:54:6e:8c:ec:9e:39:51:df:d4:2c:43:2c:12:7b:
                    5f:07:47:f8:d8:e6:f2:46:17:f9:50:60:30:4a:eb:
                    a3:31:23:d6:2d:23:b5:11:df:8a:2c:e5:b0:5e:2c:
                    e7:59:b7:e8:66:b8:70:30:f1:25:ea:82:68:47:b5:
                    ec:fa:54:cf:b8:30:c2:0b:f8:0b:56:e2:69:92:b7:
                    ab:96:69:bd:c5:fc:63:26:3d:00:de:ef:a6:25:54:
                    d6:b2:12:77:e1:4e:8d:3f:4a:e6:b2:de:ca:3f:e5:
                    5f:00:47:7a:4e:00:87:05:a4:07:0b:d8:28:d5:29:
                    80:b0:e7:35:db:19:d4:34:f2:20:d3:c7:6b:d9:f1:
                    f7:6e:2f:14:71:ab:ba:40:35:eb:7b:66:7f:26:36:
                    6e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:11:AD:CC:6F:8B:EE:3D:B0:2B:CF:2B:33:3E:A9:A9:3F:78:AC:92
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/QhGtzG-L7j2wK88rMz6pqT94rJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:fe:c1:0f:c6:01:f6:61:eb:94:63:7e:bf:df:14:c1:61:bc:
         c9:b2:84:33:2b:c4:07:0e:74:4e:05:1a:4e:b5:86:cf:ed:b3:
         50:c5:7f:27:22:33:00:37:11:e4:77:51:50:dd:e2:76:2c:ae:
         88:41:47:e8:85:79:4d:d6:13:c3:78:f5:fb:9d:45:30:27:00:
         17:93:3d:94:29:4c:b0:30:a9:18:a6:77:ab:dc:82:60:d4:c4:
         0a:bf:89:36:11:e2:cf:6a:42:ff:73:53:a8:33:2a:6a:70:da:
         79:19:78:a4:0c:15:77:ad:a9:78:18:79:94:53:4f:f7:ae:c0:
         1b:8d:f4:b5:ca:e6:cc:87:cd:2e:1b:ca:01:ad:b7:b1:f8:7e:
         b8:e2:d3:8c:e2:97:dc:42:c0:50:37:9f:01:22:c5:73:99:6f:
         20:b1:0c:01:87:73:6a:fb:04:3e:be:3d:62:16:ff:94:83:a3:
         71:a0:43:cf:8f:6b:20:70:4f:39:2d:79:7f:c1:89:ae:de:4c:
         ac:fb:7b:02:cd:b1:87:26:34:81:2b:a7:e6:db:fa:47:2d:e9:
         5d:70:57:b8:c3:6f:e9:36:d8:65:de:2a:e1:1d:48:3b:62:a6:
         2d:73:98:89:21:ea:8c:e8:d7:4f:c7:2c:a3:a1:7e:3f:59:b6:
         b9:46:10:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6kOB7aVg+MzuiqvwOkbvVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwNDAzMTM0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjExYWRjYzZmOGJlZTNkYjAyYmNmMmIzMzNlYTlhOTNmNzhhYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0f3zb0bADAdFQcia2ZalaQhVU9he
GkjZdgCZi5Jz6oPJnvGBQAQOo8icxysRzVH3RfRlTobljLDs5LTvU1hielubDL7V
aVuGgooukKk4ySzCwKVhLX/lJaKNnmYVjOPNdCG/BKowNbyZVG6M7J45Ud/ULEMs
EntfB0f42ObyRhf5UGAwSuujMSPWLSO1Ed+KLOWwXiznWbfoZrhwMPEl6oJoR7Xs
+lTPuDDCC/gLVuJpkrerlmm9xfxjJj0A3u+mJVTWshJ34U6NP0rmst7KP+VfAEd6
TgCHBaQHC9go1SmAsOc12xnUNPIg08dr2fH3bi8Ucau6QDXre2Z/JjZuAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIRrcxvi+49sCvPKzM+qak/eKySMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvUWhHdHpHLUw3ajJ3Szg4ck16NnBxVDk0ckpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkfMA0G
CSqGSIb3DQEBCwUAA4IBAQB5/sEPxgH2YeuUY36/3xTBYbzJsoQzK8QHDnROBRpO
tYbP7bNQxX8nIjMANxHkd1FQ3eJ2LK6IQUfohXlN1hPDePX7nUUwJwAXkz2UKUyw
MKkYpner3IJg1MQKv4k2EeLPakL/c1OoMypqcNp5GXikDBV3ral4GHmUU0/3rsAb
jfS1yubMh80uG8oBrbex+H644tOM4pfcQsBQN58BIsVzmW8gsQwBh3Nq+wQ+vj1i
Fv+Ug6NxoEPPj2sgcE85LXl/wYmu3kys+3sCzbGHJjSBK6fm2/pHLeldcFe4w2/p
Nthl3irhHUg7YqYtc5iJIeqM6NdPxyyjoX4/Wba5RhB9
-----END CERTIFICATE-----