Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/ece2c4-015a-4bfa-b2b9-d06cfa226c64/1/_QF6_GP1mt7CeyapOUtdnwivlRU.roa
File:                     _QF6_GP1mt7CeyapOUtdnwivlRU.roa (raw, json)
Hash identifier:          DV+gzF+w/owIKfhuKTY/qFPpnU4bzthPvXy7sWkpqcQ=
Subject key identifier:   FD:01:7A:FC:63:F5:9A:DE:C2:7B:26:A9:39:4B:5D:9F:08:AF:95:15
Certificate issuer:       /CN=d546e24430dba89bdce22c6bf32818cbde6bbca0
Certificate serial:       018CC94E39CBC656A4A76CF81A29A6A51F26
Authority key identifier: D5:46:E2:44:30:DB:A8:9B:DC:E2:2C:6B:F3:28:18:CB:DE:6B:BC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1UbiRDDbqJvc4ixr8ygYy95rvKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/ece2c4-015a-4bfa-b2b9-d06cfa226c64/1/_QF6_GP1mt7CeyapOUtdnwivlRU.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208859
IP address blocks:        45.81.144.0/24 maxlen: 24
                          45.81.144.0/22 maxlen: 22
                          45.81.145.0/24 maxlen: 24
                          45.81.146.0/24 maxlen: 24
                          45.81.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/ece2c4-015a-4bfa-b2b9-d06cfa226c64/1/1UbiRDDbqJvc4ixr8ygYy95rvKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/ece2c4-015a-4bfa-b2b9-d06cfa226c64/1/1UbiRDDbqJvc4ixr8ygYy95rvKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1UbiRDDbqJvc4ixr8ygYy95rvKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:39:cb:c6:56:a4:a7:6c:f8:1a:29:a6:a5:1f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d546e24430dba89bdce22c6bf32818cbde6bbca0
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd017afc63f59adec27b26a9394b5d9f08af9515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b9:e3:9a:02:ab:5c:51:86:88:04:11:99:1b:
                    4e:44:0e:96:f8:d3:af:f7:c6:7b:5a:94:90:93:3b:
                    63:3b:e0:f1:f4:9a:c7:4a:b2:b2:91:60:47:4f:e2:
                    ee:11:54:6d:98:03:50:f1:c5:3b:a9:6f:40:1b:59:
                    40:e5:e1:89:ce:fb:95:04:b2:8b:54:de:c3:07:1f:
                    cb:95:dc:a7:7c:4b:db:0f:b8:7e:e9:2f:5f:fa:a2:
                    6f:fe:73:61:09:84:bc:e3:c4:f5:9e:dc:82:3d:d9:
                    21:78:80:47:d0:55:99:0b:4b:01:14:ed:9e:ba:d1:
                    67:c8:5e:8b:ee:74:20:12:40:25:48:f0:47:51:94:
                    f3:94:c3:ac:3f:f7:a9:01:e9:14:ea:90:8b:fe:2d:
                    13:9b:2b:13:fe:a5:04:60:60:b5:b4:ec:a1:ca:a1:
                    16:80:78:c5:85:1b:e5:f4:b7:c8:94:07:59:a2:d1:
                    d3:60:3c:ee:f6:09:37:b1:20:d8:d4:e7:c5:83:7e:
                    bb:a4:33:fc:7b:ee:32:ff:77:66:7f:66:85:d6:eb:
                    a7:f3:34:ad:ca:5d:6e:73:83:3e:f5:5f:78:55:d6:
                    a2:5a:ae:92:42:4d:3b:27:d1:0a:19:93:33:41:22:
                    9a:d8:cb:34:de:51:83:36:8f:45:db:ac:b4:e4:c9:
                    8c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:01:7A:FC:63:F5:9A:DE:C2:7B:26:A9:39:4B:5D:9F:08:AF:95:15
            X509v3 Authority Key Identifier:
                keyid:D5:46:E2:44:30:DB:A8:9B:DC:E2:2C:6B:F3:28:18:CB:DE:6B:BC:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UbiRDDbqJvc4ixr8ygYy95rvKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ece2c4-015a-4bfa-b2b9-d06cfa226c64/1/_QF6_GP1mt7CeyapOUtdnwivlRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ece2c4-015a-4bfa-b2b9-d06cfa226c64/1/1UbiRDDbqJvc4ixr8ygYy95rvKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:98:4a:7d:11:88:39:96:78:9f:1f:3e:87:60:7a:bc:31:cc:
         4d:81:cc:fd:1c:d6:76:18:e5:b6:6b:69:70:d2:8c:d2:f3:92:
         c4:de:b7:42:8f:c9:5f:e4:e6:4a:1b:52:81:2d:4a:63:4a:e2:
         28:ef:00:6c:9a:0a:2d:5d:01:e5:54:77:cc:70:b0:a6:0b:41:
         77:c7:1a:c9:b6:4a:b4:bf:c7:ef:9c:4b:30:68:70:bd:27:3a:
         e8:6c:41:32:c9:45:96:3c:75:13:b6:60:0f:52:64:d9:cb:1e:
         8b:4d:dd:5b:7c:3a:87:31:2f:f6:4b:aa:5e:de:71:1d:0e:e5:
         7a:ac:15:42:e1:9c:63:6b:cb:77:b0:d7:60:4b:7b:80:05:6d:
         01:6d:c6:29:bf:93:4a:f6:a5:6d:43:65:9b:5a:3d:b1:a6:78:
         76:cd:55:3d:38:81:61:0f:ee:8c:4a:4b:30:47:91:6b:43:b2:
         19:06:bc:ca:0f:bc:2e:13:5b:65:b9:a8:00:f8:ed:b9:02:9d:
         16:f2:fc:59:96:2e:0e:3b:c3:89:32:48:2a:45:ee:35:5f:84:
         65:e2:cc:b9:8f:b6:e3:b9:d7:85:01:44:1b:f1:5f:bc:d2:8c:
         70:ab:c7:b1:b8:b0:0d:ac:8e:52:5d:48:42:dc:8a:c8:2a:1c:
         2f:d6:10:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjnLxlakp2z4GimmpR8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NDZlMjQ0MzBkYmE4OWJkY2UyMmM2YmYzMjgxOGNiZGU2
YmJjYTAwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDAxN2FmYzYzZjU5YWRlYzI3YjI2YTkzOTRiNWQ5ZjA4YWY5NTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrnjmgKrXFGGiAQRmRtORA6W+NOv
98Z7WpSQkztjO+Dx9JrHSrKykWBHT+LuEVRtmANQ8cU7qW9AG1lA5eGJzvuVBLKL
VN7DBx/LldynfEvbD7h+6S9f+qJv/nNhCYS848T1ntyCPdkheIBH0FWZC0sBFO2e
utFnyF6L7nQgEkAlSPBHUZTzlMOsP/epAekU6pCL/i0TmysT/qUEYGC1tOyhyqEW
gHjFhRvl9LfIlAdZotHTYDzu9gk3sSDY1OfFg367pDP8e+4y/3dmf2aF1uun8zSt
yl1uc4M+9V94VdaiWq6SQk07J9EKGZMzQSKa2Ms03lGDNo9F26y05MmMIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0Bevxj9ZrewnsmqTlLXZ8Ir5UVMB8GA1UdIwQY
MBaAFNVG4kQw26ib3OIsa/MoGMvea7ygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVViaVJERGJxSnZjNGl4cjh5Z1l5OTVydktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lY2UyYzQtMDE1YS00YmZhLWIyYjkt
ZDA2Y2ZhMjI2YzY0LzEvX1FGNl9HUDFtdDdDZXlhcE9VdGRud2l2bFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lY2UyYzQtMDE1YS00YmZhLWIyYjktZDA2Y2ZhMjI2YzY0
LzEvMVViaVJERGJxSnZjNGl4cjh5Z1l5OTVydktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVGQMA0G
CSqGSIb3DQEBCwUAA4IBAQBhmEp9EYg5lnifHz6HYHq8McxNgcz9HNZ2GOW2a2lw
0ozS85LE3rdCj8lf5OZKG1KBLUpjSuIo7wBsmgotXQHlVHfMcLCmC0F3xxrJtkq0
v8fvnEswaHC9JzrobEEyyUWWPHUTtmAPUmTZyx6LTd1bfDqHMS/2S6pe3nEdDuV6
rBVC4Zxja8t3sNdgS3uABW0BbcYpv5NK9qVtQ2WbWj2xpnh2zVU9OIFhD+6MSksw
R5FrQ7IZBrzKD7wuE1tluagA+O25Ap0W8vxZli4OO8OJMkgqRe41X4Rl4sy5j7bj
udeFAUQb8V+80oxwq8exuLANrI5SXUhC3IrIKhwv1hDx
-----END CERTIFICATE-----