Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QF3EyusI_k8mrwYCXqKRH9751tA.roa
File:                     QF3EyusI_k8mrwYCXqKRH9751tA.roa (raw, json)
Hash identifier:          PZFkbpSNmM2N/AJzNI0KmNIajGQ9lc7V/9T6i3l/mJE=
Subject key identifier:   40:5D:C4:CA:EB:08:FE:4F:26:AF:06:02:5E:A2:91:1F:DE:F9:D6:D0
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       018E7FBCD4374E07955A50F2663818A6A43A
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QF3EyusI_k8mrwYCXqKRH9751tA.roa
Signing time:             Wed 27 Mar 2024 11:47:45 +0000
ROA not before:           Wed 27 Mar 2024 11:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49127
IP address blocks:        45.113.236.0/24 maxlen: 24
                          103.229.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:bc:d4:37:4e:07:95:5a:50:f2:66:38:18:a6:a4:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Mar 27 11:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=405dc4caeb08fe4f26af06025ea2911fdef9d6d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:14:8c:35:3a:9b:e3:86:8f:b0:e4:45:d1:1a:
                    e5:09:98:c2:c7:2e:99:d6:0a:6b:42:4e:01:b2:59:
                    f5:9d:35:fb:50:4d:0d:06:7e:9c:97:e2:56:8c:f7:
                    aa:87:54:0a:a2:3e:e7:83:d2:7f:0d:d1:e4:36:f7:
                    8e:09:b0:f7:ca:19:88:48:4b:e7:cf:8a:6c:78:41:
                    77:c9:3b:78:1a:ea:77:8c:8a:44:e1:b1:12:25:e8:
                    93:53:11:3b:25:ed:f5:b3:ed:7f:91:c7:0d:65:9f:
                    22:48:89:2d:0c:8f:79:2b:97:19:36:53:0d:aa:d9:
                    16:a5:de:a4:69:35:a2:a9:9d:70:5c:c2:7e:81:c9:
                    6a:2b:13:cf:7d:7a:54:8b:00:02:93:cc:f5:b9:aa:
                    40:a1:b0:1b:02:64:bf:9f:c0:57:89:2d:9b:39:d8:
                    9c:48:e1:2e:7b:2b:15:f9:86:64:bc:28:8d:1a:48:
                    bb:50:2b:8e:b3:b4:c1:80:16:c1:d2:78:80:21:63:
                    44:99:f5:c5:84:83:cf:e1:7c:e1:87:c4:4e:1b:08:
                    54:90:a1:cf:26:85:ae:8f:13:94:6a:ad:d2:f4:7a:
                    cd:59:bf:6d:e9:04:3e:35:2f:dd:08:65:2d:bc:56:
                    32:c7:22:f8:eb:ba:d0:74:69:29:ea:38:f6:a7:c9:
                    1b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:5D:C4:CA:EB:08:FE:4F:26:AF:06:02:5E:A2:91:1F:DE:F9:D6:D0
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QF3EyusI_k8mrwYCXqKRH9751tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.113.236.0/24
                  103.229.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:cc:c3:b5:44:21:31:e8:af:2a:e0:0c:a7:a1:c2:36:28:b1:
         59:c1:95:92:6f:62:83:45:d6:a2:59:35:57:0d:b7:39:26:67:
         ff:92:df:cb:0c:bb:c9:d6:a7:83:30:ca:ed:8a:6a:0a:9f:60:
         6c:10:26:0b:aa:21:b6:9c:51:f7:a8:99:67:dc:54:f4:ea:df:
         db:a5:89:a9:dd:13:39:86:90:53:e8:60:63:63:10:e6:6d:07:
         c8:8c:48:8e:9a:3e:7e:99:86:a7:ea:80:b4:b9:5d:51:7d:6d:
         b3:42:ad:c3:a4:18:f3:da:ec:d7:ed:13:dc:64:42:5d:87:83:
         fc:ef:db:85:31:6d:bf:b5:05:5b:b0:2f:ad:b7:7c:fe:9c:62:
         4b:f1:46:10:b1:dd:01:8f:51:10:30:e8:8c:82:2b:b3:3c:c5:
         f3:8f:62:bd:c0:55:7c:80:68:75:30:2b:7c:bf:6f:a6:65:bf:
         0e:64:e7:24:1a:97:55:99:9f:d4:49:3f:13:90:83:cc:2c:e9:
         da:2b:97:dc:87:65:fb:0c:64:ea:71:27:d0:6e:e4:f2:0e:4f:
         33:17:a9:1e:af:00:21:1c:1c:6d:01:a6:62:4a:2c:b2:fe:45:
         27:e4:c8:a7:bb:1a:65:9f:20:4d:fb:ff:56:2c:0e:a2:f8:57:
         da:0f:78:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5/vNQ3TgeVWlDyZjgYpqQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjQwMzI3MTE0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDVkYzRjYWViMDhmZTRmMjZhZjA2MDI1ZWEyOTExZmRlZjlkNmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBSMNTqb44aPsORF0RrlCZjCxy6Z
1gprQk4Bsln1nTX7UE0NBn6cl+JWjPeqh1QKoj7ng9J/DdHkNveOCbD3yhmISEvn
z4pseEF3yTt4Gup3jIpE4bESJeiTUxE7Je31s+1/kccNZZ8iSIktDI95K5cZNlMN
qtkWpd6kaTWiqZ1wXMJ+gclqKxPPfXpUiwACk8z1uapAobAbAmS/n8BXiS2bOdic
SOEueysV+YZkvCiNGki7UCuOs7TBgBbB0niAIWNEmfXFhIPP4Xzhh8ROGwhUkKHP
JoWujxOUaq3S9HrNWb9t6QQ+NS/dCGUtvFYyxyL467rQdGkp6jj2p8kb8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBdxMrrCP5PJq8GAl6ikR/e+dbQMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvUUYzRXl1c0lfazhtcndZQ1hxS1JIOTc1MXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALXHsAwQA
Z+VRMA0GCSqGSIb3DQEBCwUAA4IBAQBizMO1RCEx6K8q4AynocI2KLFZwZWSb2KD
RdaiWTVXDbc5Jmf/kt/LDLvJ1qeDMMrtimoKn2BsECYLqiG2nFH3qJln3FT06t/b
pYmp3RM5hpBT6GBjYxDmbQfIjEiOmj5+mYan6oC0uV1RfW2zQq3DpBjz2uzX7RPc
ZEJdh4P879uFMW2/tQVbsC+tt3z+nGJL8UYQsd0Bj1EQMOiMgiuzPMXzj2K9wFV8
gGh1MCt8v2+mZb8OZOckGpdVmZ/UST8TkIPMLOnaK5fch2X7DGTqcSfQbuTyDk8z
F6kerwAhHBxtAaZiSiyy/kUn5MinuxplnyBN+/9WLA6i+FfaD3gv
-----END CERTIFICATE-----