Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/5QNlrMYuST4cXnfJcG_GygUVtGc.roa
File:                     5QNlrMYuST4cXnfJcG_GygUVtGc.roa (raw, json)
Hash identifier:          nugIBAGU7ZpKoo5cBm8dUCBADitw/ly2amGTvfqMRJc=
Subject key identifier:   E5:03:65:AC:C6:2E:49:3E:1C:5E:77:C9:70:6F:C6:CA:05:15:B4:67
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       0192440BADDD24E3E2A75514C527BD37D029
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/5QNlrMYuST4cXnfJcG_GygUVtGc.roa
Signing time:             Mon 30 Sep 2024 17:47:48 +0000
ROA not before:           Mon 30 Sep 2024 17:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        45.145.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:44:0b:ad:dd:24:e3:e2:a7:55:14:c5:27:bd:37:d0:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Sep 30 17:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e50365acc62e493e1c5e77c9706fc6ca0515b467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ad:48:5f:3a:5a:a0:e0:17:14:9e:65:98:6b:
                    3a:b1:15:ea:58:62:b0:3d:2f:05:09:25:dd:e4:ab:
                    51:6b:6a:5a:d4:d2:53:47:42:2c:5e:c5:0a:76:dd:
                    de:f5:1a:73:93:a2:15:23:ac:d9:cf:34:f0:93:f5:
                    fa:ab:d7:6a:5e:63:d7:59:71:e5:ee:be:c0:d9:ba:
                    df:46:e2:2b:63:e7:c5:f0:e2:0b:9b:f8:56:8d:f5:
                    26:ea:c5:55:b3:23:d9:a0:fd:4d:8b:3c:ee:bb:73:
                    77:d5:28:b7:aa:96:9d:2f:05:91:eb:c6:ae:99:52:
                    2d:39:63:00:ee:e1:6f:c9:b7:63:80:6a:f7:b1:c3:
                    62:9d:c4:ee:61:66:c1:f3:b1:2e:58:4d:ae:73:2b:
                    37:66:bc:74:4f:ef:9f:02:ff:25:76:ea:43:d0:a1:
                    43:8c:f3:56:94:d1:57:0b:c7:12:9a:ad:f7:e7:ed:
                    3e:54:b7:e7:b0:ce:32:33:09:b2:a5:7e:0c:33:a0:
                    05:95:38:b6:83:aa:c5:41:d9:24:e1:4a:3d:a2:de:
                    1e:ec:62:97:21:7b:af:80:bc:38:7a:4c:c0:46:5b:
                    53:f9:b5:79:9c:be:23:f6:f1:e5:ee:db:ef:74:cb:
                    d2:84:7f:06:67:3a:32:3f:47:f0:8d:c1:fa:2d:db:
                    e7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:03:65:AC:C6:2E:49:3E:1C:5E:77:C9:70:6F:C6:CA:05:15:B4:67
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/5QNlrMYuST4cXnfJcG_GygUVtGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5f:e9:fb:32:17:c8:33:a6:4b:fa:ae:93:65:39:cd:93:f1:
         8a:fb:f2:8a:85:3e:11:71:ca:0c:71:49:2d:d6:31:d2:17:80:
         50:a2:ad:04:71:e2:a3:4b:3c:93:91:75:58:f4:8f:5a:d4:eb:
         28:01:18:d5:62:a1:ac:56:84:5a:65:e1:2b:eb:2c:28:1d:27:
         1a:63:5d:62:7b:a4:bc:01:ae:be:7a:8b:c6:3e:42:ab:0f:9e:
         00:65:e4:1c:29:c8:f6:c0:6a:a1:f6:12:44:07:94:3b:8a:57:
         a6:c6:65:52:00:b7:33:87:30:c4:d3:fe:24:09:32:5a:e1:42:
         1a:43:e4:4f:1a:a8:78:a3:c6:1e:5c:89:c6:9a:c4:6c:0e:d0:
         ff:60:62:8c:bf:54:f0:99:c2:80:43:82:41:c3:dd:f9:aa:a7:
         f2:b9:e6:ed:f1:69:70:2f:a1:9f:31:94:32:05:2e:ef:ef:e8:
         2a:24:a0:7d:3c:3c:77:be:c4:f1:fc:d4:d5:bd:c6:7c:2e:54:
         1f:83:38:94:50:15:37:7e:d7:d9:4f:00:50:63:ce:bb:25:e2:
         3e:b9:b3:a8:c7:c3:31:fa:ba:d9:67:d1:e3:51:08:55:7f:28:
         73:30:82:6b:fa:e5:95:27:18:64:d0:df:ae:2c:0b:0b:80:35:
         b3:40:87:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJEC63dJOPip1UUxSe9N9ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjQwOTMwMTc0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTAzNjVhY2M2MmU0OTNlMWM1ZTc3Yzk3MDZmYzZjYTA1MTViNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq1IXzpaoOAXFJ5lmGs6sRXqWGKw
PS8FCSXd5KtRa2pa1NJTR0IsXsUKdt3e9Rpzk6IVI6zZzzTwk/X6q9dqXmPXWXHl
7r7A2brfRuIrY+fF8OILm/hWjfUm6sVVsyPZoP1Nizzuu3N31Si3qpadLwWR68au
mVItOWMA7uFvybdjgGr3scNincTuYWbB87EuWE2ucys3Zrx0T++fAv8ldupD0KFD
jPNWlNFXC8cSmq335+0+VLfnsM4yMwmypX4MM6AFlTi2g6rFQdkk4Uo9ot4e7GKX
IXuvgLw4ekzARltT+bV5nL4j9vHl7tvvdMvShH8GZzoyP0fwjcH6LdvntQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUDZazGLkk+HF53yXBvxsoFFbRnMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvNVFObHJNWXVTVDRjWG5mSmNHX0d5Z1VWdEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZE0MA0G
CSqGSIb3DQEBCwUAA4IBAQAcX+n7MhfIM6ZL+q6TZTnNk/GK+/KKhT4RccoMcUkt
1jHSF4BQoq0EceKjSzyTkXVY9I9a1OsoARjVYqGsVoRaZeEr6ywoHScaY11ie6S8
Aa6+eovGPkKrD54AZeQcKcj2wGqh9hJEB5Q7ilemxmVSALczhzDE0/4kCTJa4UIa
Q+RPGqh4o8YeXInGmsRsDtD/YGKMv1TwmcKAQ4JBw935qqfyuebt8WlwL6GfMZQy
BS7v7+gqJKB9PDx3vsTx/NTVvcZ8LlQfgziUUBU3ftfZTwBQY867JeI+ubOox8Mx
+rrZZ9HjUQhVfyhzMIJr+uWVJxhk0N+uLAsLgDWzQIem
-----END CERTIFICATE-----