Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/WQ6qwemDY8R5Xmrl6T442U72vk4.roa
File:                     WQ6qwemDY8R5Xmrl6T442U72vk4.roa (raw, json)
Hash identifier:          i1B929upAdsxtbsBo6FQTlrdBIMsyXY+kxSj2eW5cgY=
Subject key identifier:   59:0E:AA:C1:E9:83:63:C4:79:5E:6A:E5:E9:3E:38:D9:4E:F6:BE:4E
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0192D440012ACBB083B5B197DD8108DDB23C
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/WQ6qwemDY8R5Xmrl6T442U72vk4.roa
Signing time:             Mon 28 Oct 2024 17:50:17 +0000
ROA not before:           Mon 28 Oct 2024 17:50:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26954
IP address blocks:        45.43.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d4:40:01:2a:cb:b0:83:b5:b1:97:dd:81:08:dd:b2:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 28 17:50:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=590eaac1e98363c4795e6ae5e93e38d94ef6be4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8e:c6:e3:60:38:28:6a:09:37:1c:bc:39:38:
                    73:92:ed:d6:85:56:17:dc:59:7d:a6:75:6c:47:a6:
                    07:2c:f5:9c:03:36:40:11:e9:f6:4f:99:d3:2f:ac:
                    3c:dc:03:07:19:bc:fa:6f:b7:4f:9b:57:ac:fa:dc:
                    f1:15:a2:1b:09:14:a7:8e:1e:ab:a9:c4:ef:63:43:
                    6d:ea:b8:45:70:ad:9b:17:f5:4c:28:49:ec:93:3f:
                    5c:bd:07:5c:0f:17:c8:a9:88:ef:b6:7b:3f:de:a1:
                    12:ed:fa:e2:c9:8a:e7:aa:5b:d9:4a:73:42:85:8a:
                    9d:82:44:2c:89:56:39:56:b0:8c:20:50:86:36:79:
                    8f:a3:d2:45:99:84:53:a9:c9:e4:05:c1:31:08:20:
                    9b:41:6e:8d:f6:f4:11:b2:ad:64:ad:74:6a:e7:69:
                    f7:7c:11:8f:96:9c:2d:a1:38:b6:59:77:97:a1:71:
                    b8:92:c6:86:67:aa:c0:28:dc:88:6d:fb:04:43:e0:
                    67:b7:a7:a3:57:0c:05:4e:33:fc:db:ed:8d:3b:20:
                    d4:5b:0c:5c:15:75:8b:82:fd:af:91:32:56:66:48:
                    01:19:42:0a:73:a6:66:d8:6c:69:6b:0e:dc:df:06:
                    b3:96:03:3a:cc:18:6a:33:c3:8f:68:95:89:c8:39:
                    04:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:0E:AA:C1:E9:83:63:C4:79:5E:6A:E5:E9:3E:38:D9:4E:F6:BE:4E
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/WQ6qwemDY8R5Xmrl6T442U72vk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:40:48:f2:95:40:63:9e:35:d5:b6:96:1e:4f:af:0f:ed:18:
         f1:56:ec:2a:3c:92:33:97:2f:08:57:e0:a2:4d:f7:71:08:bd:
         58:41:53:37:06:00:fa:b3:57:31:58:9b:bd:08:32:2c:82:f2:
         79:17:e2:b1:6f:a3:8f:ed:5c:cc:93:f0:18:2f:81:ed:3e:a5:
         bf:7f:15:55:44:07:17:45:b3:27:3b:a7:a5:df:dc:80:d0:54:
         a7:19:cd:3b:b9:dc:9e:c7:ac:c0:b7:a3:f8:a8:b8:19:7b:0e:
         aa:62:38:49:63:42:6d:f4:4a:4f:37:92:a6:3d:56:76:0f:87:
         19:98:c0:79:7f:18:17:0a:df:82:e8:e0:c7:01:97:aa:c3:6c:
         9b:6c:f6:f1:16:df:7d:42:52:84:ab:88:af:81:45:54:dd:67:
         e2:98:31:9f:54:59:cb:ef:aa:91:8c:b3:ff:40:78:4f:81:d4:
         db:89:25:a9:03:43:a6:fa:c5:98:53:2b:5a:d3:f1:b7:88:bf:
         13:71:88:e4:30:38:45:16:d0:09:16:38:26:5b:a6:c7:a3:fd:
         59:f3:c0:3b:54:07:a7:5e:52:6b:1b:af:a0:3b:d0:96:4f:d8:
         e5:da:46:5a:8e:0a:27:a6:d4:ee:d4:ce:0a:fb:73:71:16:76:
         99:a6:f8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLUQAEqy7CDtbGX3YEI3bI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMDI4MTc1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTBlYWFjMWU5ODM2M2M0Nzk1ZTZhZTVlOTNlMzhkOTRlZjZiZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo7G42A4KGoJNxy8OThzku3WhVYX
3Fl9pnVsR6YHLPWcAzZAEen2T5nTL6w83AMHGbz6b7dPm1es+tzxFaIbCRSnjh6r
qcTvY0Nt6rhFcK2bF/VMKEnskz9cvQdcDxfIqYjvtns/3qES7friyYrnqlvZSnNC
hYqdgkQsiVY5VrCMIFCGNnmPo9JFmYRTqcnkBcExCCCbQW6N9vQRsq1krXRq52n3
fBGPlpwtoTi2WXeXoXG4ksaGZ6rAKNyIbfsEQ+Bnt6ejVwwFTjP82+2NOyDUWwxc
FXWLgv2vkTJWZkgBGUIKc6Zm2Gxpaw7c3wazlgM6zBhqM8OPaJWJyDkEbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkOqsHpg2PEeV5q5ek+ONlO9r5OMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvV1E2cXdlbURZOFI1WG1ybDZUNDQyVTcydms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALSuOMA0G
CSqGSIb3DQEBCwUAA4IBAQBOQEjylUBjnjXVtpYeT68P7RjxVuwqPJIzly8IV+Ci
TfdxCL1YQVM3BgD6s1cxWJu9CDIsgvJ5F+Kxb6OP7VzMk/AYL4HtPqW/fxVVRAcX
RbMnO6el39yA0FSnGc07udyex6zAt6P4qLgZew6qYjhJY0Jt9EpPN5KmPVZ2D4cZ
mMB5fxgXCt+C6ODHAZeqw2ybbPbxFt99QlKEq4ivgUVU3WfimDGfVFnL76qRjLP/
QHhPgdTbiSWpA0Om+sWYUyta0/G3iL8TcYjkMDhFFtAJFjgmW6bHo/1Z88A7VAen
XlJrG6+gO9CWT9jl2kZajgonptTu1M4K+3NxFnaZpvjH
-----END CERTIFICATE-----