Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/DqcTFo44IPwyFLWj0UJ3IwZk9Sk.roa
File:                     DqcTFo44IPwyFLWj0UJ3IwZk9Sk.roa (raw, json)
Hash identifier:          e+Ed5zcDb9RKdDfzp1vilb5+gQBsDp06IBZEH7Igt1Q=
Subject key identifier:   0E:A7:13:16:8E:38:20:FC:32:14:B5:A3:D1:42:77:23:06:64:F5:29
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       018DEAE00C753ADBC80E5F6C9D6A054167DB
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/DqcTFo44IPwyFLWj0UJ3IwZk9Sk.roa
Signing time:             Tue 27 Feb 2024 14:02:48 +0000
ROA not before:           Tue 27 Feb 2024 14:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        45.10.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:e0:0c:75:3a:db:c8:0e:5f:6c:9d:6a:05:41:67:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Feb 27 14:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ea713168e3820fc3214b5a3d14277230664f529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:38:d4:d1:92:d7:39:f4:85:39:de:44:af:fb:
                    d3:06:7e:3e:b9:43:0e:ed:39:23:95:eb:74:55:30:
                    70:03:03:27:d0:51:a1:d0:06:90:1e:a3:d3:b3:d3:
                    54:28:a8:d2:d2:7e:7f:51:a6:17:6c:40:9c:31:17:
                    04:63:8f:80:a8:cc:63:ae:72:1c:3b:58:09:45:8a:
                    ed:f0:3f:b3:5d:5e:eb:d4:b2:a1:9c:f3:08:65:2b:
                    93:a9:b7:17:fc:5f:3a:2e:8b:4e:e2:45:7a:8a:8d:
                    97:c1:18:45:13:b4:dc:63:ac:fa:6f:05:ac:8a:aa:
                    63:22:7d:04:85:d8:9f:13:73:6b:f5:1b:d7:9d:6f:
                    3a:de:2b:9f:09:a7:04:48:3b:e4:85:24:21:7b:5f:
                    3c:f1:a2:cb:3e:58:a5:5d:00:15:33:84:a6:df:c9:
                    b1:d5:a5:f4:0b:33:50:93:84:59:92:44:0c:d3:8c:
                    22:bf:4d:a4:d4:bd:b5:63:22:bf:81:0b:05:6c:90:
                    d5:e9:af:22:50:b9:da:95:ad:b6:c8:8c:df:3e:aa:
                    be:59:57:cd:81:c7:fd:b6:ee:ea:cc:3a:fb:8d:2b:
                    92:96:19:03:da:ed:cb:43:45:fa:44:73:f0:41:0b:
                    e2:d8:7f:fd:65:23:bb:0a:d5:da:50:17:9a:94:ee:
                    c9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A7:13:16:8E:38:20:FC:32:14:B5:A3:D1:42:77:23:06:64:F5:29
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/DqcTFo44IPwyFLWj0UJ3IwZk9Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ab:fb:6e:31:1e:26:84:4f:4d:6f:a0:d8:10:a9:78:33:27:
         02:5e:73:bd:a7:88:ab:97:b8:22:f3:1b:97:eb:02:bc:69:81:
         72:96:79:1f:93:9f:69:97:eb:4c:e7:65:6d:1b:de:57:b1:d5:
         1d:3f:43:96:28:e7:c4:47:42:de:c0:fe:03:31:88:8f:08:73:
         70:9c:3c:3e:9b:6e:ca:9e:69:e2:54:a0:df:28:20:8f:28:1c:
         0a:ce:b8:2a:af:15:e4:eb:c1:5a:28:57:12:76:fe:81:3f:bc:
         4a:d1:db:2d:16:46:6f:8f:32:c2:05:aa:84:ae:7d:4b:3f:21:
         e0:b7:ca:2e:ce:80:6a:52:db:e7:86:7e:08:57:93:8f:ff:32:
         96:e7:fb:d3:c3:58:e2:d5:1d:52:9a:b5:42:89:f9:18:fa:0d:
         fe:c6:f8:2a:a3:eb:85:9c:46:c8:6e:c9:5b:03:15:d4:62:62:
         97:fb:09:d0:a1:b3:4c:51:25:c6:d1:9b:73:6f:66:bb:0b:4a:
         66:f2:0e:e6:6d:00:a6:c2:62:b1:1b:10:4f:fc:7b:ba:cf:ea:
         4d:d0:61:35:1b:0a:ba:66:9e:10:08:0d:82:6c:53:f4:38:25:
         7d:29:02:89:cf:1e:65:11:6b:74:78:8e:ab:90:e9:62:ff:b8:
         b9:30:35:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3q4Ax1OtvIDl9snWoFQWfbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjQwMjI3MTQwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWE3MTMxNjhlMzgyMGZjMzIxNGI1YTNkMTQyNzcyMzA2NjRmNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDjU0ZLXOfSFOd5Er/vTBn4+uUMO
7Tkjlet0VTBwAwMn0FGh0AaQHqPTs9NUKKjS0n5/UaYXbECcMRcEY4+AqMxjrnIc
O1gJRYrt8D+zXV7r1LKhnPMIZSuTqbcX/F86LotO4kV6io2XwRhFE7TcY6z6bwWs
iqpjIn0EhdifE3Nr9RvXnW863iufCacESDvkhSQhe1888aLLPlilXQAVM4Sm38mx
1aX0CzNQk4RZkkQM04wiv02k1L21YyK/gQsFbJDV6a8iULnala22yIzfPqq+WVfN
gcf9tu7qzDr7jSuSlhkD2u3LQ0X6RHPwQQvi2H/9ZSO7CtXaUBealO7JzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6nExaOOCD8MhS1o9FCdyMGZPUpMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvRHFjVEZvNDRJUHd5RkxXajBVSjNJd1prOVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQo4MA0G
CSqGSIb3DQEBCwUAA4IBAQBSq/tuMR4mhE9Nb6DYEKl4MycCXnO9p4irl7gi8xuX
6wK8aYFylnkfk59pl+tM52VtG95XsdUdP0OWKOfER0LewP4DMYiPCHNwnDw+m27K
nmniVKDfKCCPKBwKzrgqrxXk68FaKFcSdv6BP7xK0dstFkZvjzLCBaqErn1LPyHg
t8ouzoBqUtvnhn4IV5OP/zKW5/vTw1ji1R1SmrVCifkY+g3+xvgqo+uFnEbIbslb
AxXUYmKX+wnQobNMUSXG0Ztzb2a7C0pm8g7mbQCmwmKxGxBP/Hu6z+pN0GE1Gwq6
Zp4QCA2CbFP0OCV9KQKJzx5lEWt0eI6rkOli/7i5MDVA
-----END CERTIFICATE-----