Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/qrOmVhvxm_3kBgX_D9PKkC4RSjw.roa
File:                     qrOmVhvxm_3kBgX_D9PKkC4RSjw.roa (raw, json)
Hash identifier:          Hw4ByRrzaQeAj4Ag44yLOtk12xebK4PdBoXPBm55st8=
Subject key identifier:   AA:B3:A6:56:1B:F1:9B:FD:E4:06:05:FF:0F:D3:CA:90:2E:11:4A:3C
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018FC8528691AA80D4CD33E387F3823BFC5A
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/qrOmVhvxm_3kBgX_D9PKkC4RSjw.roa
Signing time:             Thu 30 May 2024 07:06:42 +0000
ROA not before:           Thu 30 May 2024 07:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215267
IP address blocks:        45.89.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c8:52:86:91:aa:80:d4:cd:33:e3:87:f3:82:3b:fc:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: May 30 07:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aab3a6561bf19bfde40605ff0fd3ca902e114a3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:29:60:6f:d8:0d:aa:04:ec:c6:94:ae:f1:fc:
                    cd:13:2d:d1:1f:d0:97:8f:98:71:7e:a5:51:6b:30:
                    17:0e:85:95:bb:d7:97:b3:91:7a:3e:ee:ec:83:6e:
                    49:92:10:74:3a:41:e4:ac:c8:b6:2f:53:a9:eb:c0:
                    82:4f:5b:5c:a9:2c:c3:2c:f7:ad:84:80:c3:36:af:
                    9c:79:d4:84:64:bc:3a:ec:49:8e:5b:ef:76:36:f0:
                    07:db:f9:8e:cd:fe:c6:a0:38:59:02:24:4d:2b:99:
                    73:35:6a:2f:82:8f:70:aa:9f:8a:e4:5a:1a:57:b0:
                    90:f3:58:9b:4f:0b:13:c5:a3:6f:59:b7:80:07:79:
                    62:bc:2f:0e:82:2e:7d:c3:27:47:81:d3:d5:45:fb:
                    a6:c0:69:72:8c:54:60:1a:1a:59:86:e4:e0:d4:fc:
                    70:30:b9:b6:77:c4:9c:c5:58:c7:9c:15:f5:d2:70:
                    75:05:db:7a:b8:4b:ba:f0:08:a9:3e:9c:65:cc:4f:
                    96:2e:df:d4:2d:26:ac:07:e0:8d:10:49:f2:06:b4:
                    55:56:90:25:56:bf:97:0b:0c:1a:50:54:cf:54:00:
                    32:f7:ac:db:20:03:87:03:ae:51:7b:fc:3c:51:74:
                    a8:73:29:a4:e0:8c:d4:d5:9d:40:42:fa:57:f9:93:
                    56:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B3:A6:56:1B:F1:9B:FD:E4:06:05:FF:0F:D3:CA:90:2E:11:4A:3C
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/qrOmVhvxm_3kBgX_D9PKkC4RSjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:33:85:08:04:e8:d4:6e:09:5a:2e:f7:b8:06:9a:ca:e9:59:
         12:ed:47:b0:f7:51:aa:be:6e:74:73:41:cb:11:87:61:22:62:
         e9:87:f9:4d:35:29:5d:94:3a:35:93:aa:b4:07:08:68:0e:4d:
         06:6f:ff:21:11:40:d5:5f:07:c1:29:43:4d:56:92:cd:db:e9:
         89:40:80:29:a0:9c:c4:0b:6b:e4:44:74:13:e2:a3:3f:18:3e:
         e3:2c:ad:12:cd:30:32:cd:a3:4c:84:30:fb:6f:b9:ef:4d:35:
         3f:a3:10:45:3e:cd:ea:72:79:37:53:e0:a5:cf:e0:72:fc:9e:
         89:88:c8:01:18:65:be:45:88:4f:9d:02:c9:20:cf:eb:49:fe:
         d5:99:23:58:1e:cf:19:c8:da:eb:4d:3c:2f:d6:76:94:6e:ce:
         0f:dc:ff:ce:64:81:8a:2b:ea:f0:27:fe:61:c3:19:ad:ea:b2:
         70:53:ff:70:b2:5f:76:7b:e3:3e:61:00:eb:fd:e0:37:ba:67:
         7e:4c:78:61:1f:b1:88:71:ee:5a:bb:af:77:f8:41:83:6e:78:
         0e:d4:2d:66:fb:91:bc:2c:6d:cb:95:40:e6:7a:d3:a2:f5:35:
         b2:10:70:99:cd:52:2e:ea:9a:62:e8:15:03:f5:b1:8d:ad:64:
         66:eb:61:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/IUoaRqoDUzTPjh/OCO/xaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwNTMwMDcwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWIzYTY1NjFiZjE5YmZkZTQwNjA1ZmYwZmQzY2E5MDJlMTE0YTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySlgb9gNqgTsxpSu8fzNEy3RH9CX
j5hxfqVRazAXDoWVu9eXs5F6Pu7sg25JkhB0OkHkrMi2L1Op68CCT1tcqSzDLPet
hIDDNq+cedSEZLw67EmOW+92NvAH2/mOzf7GoDhZAiRNK5lzNWovgo9wqp+K5Foa
V7CQ81ibTwsTxaNvWbeAB3livC8Ogi59wydHgdPVRfumwGlyjFRgGhpZhuTg1Pxw
MLm2d8ScxVjHnBX10nB1Bdt6uEu68AipPpxlzE+WLt/ULSasB+CNEEnyBrRVVpAl
Vr+XCwwaUFTPVAAy96zbIAOHA65Re/w8UXSocymk4IzU1Z1AQvpX+ZNWKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqzplYb8Zv95AYF/w/TypAuEUo8MB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvcXJPbVZodnhtXzNrQmdYX0Q5UEtrQzRSU2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkcMA0G
CSqGSIb3DQEBCwUAA4IBAQAUM4UIBOjUbglaLve4BprK6VkS7Uew91Gqvm50c0HL
EYdhImLph/lNNSldlDo1k6q0BwhoDk0Gb/8hEUDVXwfBKUNNVpLN2+mJQIApoJzE
C2vkRHQT4qM/GD7jLK0SzTAyzaNMhDD7b7nvTTU/oxBFPs3qcnk3U+Clz+By/J6J
iMgBGGW+RYhPnQLJIM/rSf7VmSNYHs8ZyNrrTTwv1naUbs4P3P/OZIGKK+rwJ/5h
wxmt6rJwU/9wsl92e+M+YQDr/eA3umd+THhhH7GIce5au693+EGDbngO1C1m+5G8
LG3LlUDmetOi9TWyEHCZzVIu6ppi6BUD9bGNrWRm62FX
-----END CERTIFICATE-----