Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/q0r7hQRxigOvvWrBRylyasMuC0w.roa
File:                     q0r7hQRxigOvvWrBRylyasMuC0w.roa (raw, json)
Hash identifier:          oSGmNvE0ciYvnbaKCbvVUq9SglPYJwIcS8LcfixjIG0=
Subject key identifier:   AB:4A:FB:85:04:71:8A:03:AF:BD:6A:C1:47:29:72:6A:C3:2E:0B:4C
Certificate issuer:       /CN=0265ad94e797135906b3e11a847c8eafd094e745
Certificate serial:       018CC9BCC48ECF485DC11C9B31545DD09139
Authority key identifier: 02:65:AD:94:E7:97:13:59:06:B3:E1:1A:84:7C:8E:AF:D0:94:E7:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AmWtlOeXE1kGs-EahHyOr9CU50U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/q0r7hQRxigOvvWrBRylyasMuC0w.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60641
IP address blocks:        185.45.172.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/AmWtlOeXE1kGs-EahHyOr9CU50U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/AmWtlOeXE1kGs-EahHyOr9CU50U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AmWtlOeXE1kGs-EahHyOr9CU50U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c4:8e:cf:48:5d:c1:1c:9b:31:54:5d:d0:91:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0265ad94e797135906b3e11a847c8eafd094e745
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab4afb8504718a03afbd6ac14729726ac32e0b4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d0:e6:3e:cc:fc:ee:7f:d3:a3:ae:41:46:db:
                    f6:49:15:76:2c:93:57:4c:e1:d6:f5:6f:46:70:90:
                    30:19:18:4a:f7:34:32:cd:fa:6c:9d:0b:b4:2d:29:
                    a0:fb:67:d0:c8:d0:aa:f9:c9:a8:cc:4c:4d:eb:63:
                    98:ce:db:b8:e8:d4:a6:4f:6c:3a:9f:c4:3a:a2:bf:
                    f5:7d:ed:83:51:16:26:e8:d5:97:80:af:94:b8:aa:
                    1f:12:3f:87:41:1c:a8:f2:d3:fc:91:0b:1a:59:79:
                    3f:5b:e5:50:1e:13:be:60:5c:b5:53:a2:55:3d:73:
                    e5:bf:47:1e:b4:0b:50:51:2b:b1:3d:ec:05:b5:4c:
                    c7:46:71:9d:6e:51:65:9b:dc:41:8b:fb:c6:e9:e4:
                    9b:0e:a2:12:04:d0:89:af:83:2a:43:f7:56:da:93:
                    a6:c4:7d:97:f1:79:25:c1:a1:e1:71:44:28:fa:47:
                    fc:d6:43:59:b3:5d:46:36:a8:75:5b:dd:ae:c3:7d:
                    67:91:6c:0c:57:6b:f4:75:aa:cc:ed:14:3d:75:66:
                    40:36:f0:e1:72:36:a4:91:b3:2d:63:7d:29:79:0c:
                    2e:b2:5b:7b:ef:06:27:7a:c0:a3:82:6a:28:d5:b3:
                    76:56:cc:c5:05:b3:cf:e7:48:6a:f2:fd:09:92:1e:
                    7a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:4A:FB:85:04:71:8A:03:AF:BD:6A:C1:47:29:72:6A:C3:2E:0B:4C
            X509v3 Authority Key Identifier:
                keyid:02:65:AD:94:E7:97:13:59:06:B3:E1:1A:84:7C:8E:AF:D0:94:E7:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AmWtlOeXE1kGs-EahHyOr9CU50U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/q0r7hQRxigOvvWrBRylyasMuC0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/AmWtlOeXE1kGs-EahHyOr9CU50U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:89:d0:d5:b9:8a:b3:9c:55:75:f1:80:61:fb:fc:db:1d:f6:
         14:d8:a1:e8:e3:e9:1d:fa:da:3a:31:30:87:8e:69:f0:a7:21:
         b7:f2:48:71:7c:69:11:61:d3:ba:8c:7d:ed:2d:08:47:fa:3f:
         72:0b:4e:64:0a:89:b4:bc:e0:58:0b:8b:c9:38:7b:68:82:1c:
         d6:93:99:49:49:1f:aa:29:8a:41:a1:63:d1:78:82:7e:83:f1:
         58:37:2f:16:9d:17:87:05:e7:43:0c:b8:32:55:3a:3e:89:05:
         fd:c7:e8:a2:b1:af:ee:56:39:49:83:54:dc:e8:d1:23:c3:32:
         9f:ec:fa:bd:98:3e:cf:b0:49:b5:5a:ad:df:2d:df:86:69:47:
         1c:13:5e:03:6b:25:d5:b7:e5:7d:cb:90:e6:57:4a:d7:27:eb:
         61:dd:ff:f6:0b:d1:46:a8:79:71:ac:e1:d0:71:49:77:fd:97:
         0f:26:af:48:f7:80:ef:e0:f1:49:0b:5c:75:9c:14:28:25:48:
         b3:62:1b:98:15:15:87:59:a7:a6:10:62:09:52:51:37:8c:5b:
         e2:7a:f1:ad:1c:ed:16:fa:a5:16:95:c0:1f:47:00:47:c5:cc:
         54:3c:e9:e5:e1:6c:96:56:6e:18:ec:7f:f7:8b:0e:2a:d9:0d:
         98:7e:8b:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMSOz0hdwRybMVRd0JE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNjVhZDk0ZTc5NzEzNTkwNmIzZTExYTg0N2M4ZWFmZDA5
NGU3NDUwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjRhZmI4NTA0NzE4YTAzYWZiZDZhYzE0NzI5NzI2YWMzMmUwYjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNDmPsz87n/To65BRtv2SRV2LJNX
TOHW9W9GcJAwGRhK9zQyzfpsnQu0LSmg+2fQyNCq+cmozExN62OYztu46NSmT2w6
n8Q6or/1fe2DURYm6NWXgK+UuKofEj+HQRyo8tP8kQsaWXk/W+VQHhO+YFy1U6JV
PXPlv0cetAtQUSuxPewFtUzHRnGdblFlm9xBi/vG6eSbDqISBNCJr4MqQ/dW2pOm
xH2X8XklwaHhcUQo+kf81kNZs11GNqh1W92uw31nkWwMV2v0darM7RQ9dWZANvDh
cjakkbMtY30peQwuslt77wYnesCjgmoo1bN2VszFBbPP50hq8v0Jkh568QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtK+4UEcYoDr71qwUcpcmrDLgtMMB8GA1UdIwQY
MBaAFAJlrZTnlxNZBrPhGoR8jq/QlOdFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW1XdGxPZVhFMWtHcy1FYWhIeU9yOUNVNTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9jYjI4YjYtMjk2Ni00NDRhLThmYmQt
OTdmYjkwMGQ2NjhiLzEvcTByN2hRUnhpZ092dldyQlJ5bHlhc011QzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9jYjI4YjYtMjk2Ni00NDRhLThmYmQtOTdmYjkwMGQ2Njhi
LzEvQW1XdGxPZVhFMWtHcy1FYWhIeU9yOUNVNTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuS2sMA0G
CSqGSIb3DQEBCwUAA4IBAQBLidDVuYqznFV18YBh+/zbHfYU2KHo4+kd+to6MTCH
jmnwpyG38khxfGkRYdO6jH3tLQhH+j9yC05kCom0vOBYC4vJOHtoghzWk5lJSR+q
KYpBoWPReIJ+g/FYNy8WnReHBedDDLgyVTo+iQX9x+iisa/uVjlJg1Tc6NEjwzKf
7Pq9mD7PsEm1Wq3fLd+GaUccE14DayXVt+V9y5DmV0rXJ+th3f/2C9FGqHlxrOHQ
cUl3/ZcPJq9I94Dv4PFJC1x1nBQoJUizYhuYFRWHWaemEGIJUlE3jFvievGtHO0W
+qUWlcAfRwBHxcxUPOnl4WyWVm4Y7H/3iw4q2Q2YfovX
-----END CERTIFICATE-----