Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/pqIs1Da65u_EucMPfwnMR4aPMY8.roa
File:                     pqIs1Da65u_EucMPfwnMR4aPMY8.roa (raw, json)
Hash identifier:          gVcAuVYmyuS1JvHUQ7GhO4uuZdvMoEbrfJtLIZLIrdc=
Subject key identifier:   A6:A2:2C:D4:36:BA:E6:EF:C4:B9:C3:0F:7F:09:CC:47:86:8F:31:8F
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948BC8467B115CEBADBAC348E3AD46
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/pqIs1Da65u_EucMPfwnMR4aPMY8.roa
Signing time:             Tue 02 Jan 2024 00:30:50 +0000
ROA not before:           Tue 02 Jan 2024 00:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45929
IP address blocks:        45.132.120.0/22 maxlen: 22
                          45.82.4.0/22 maxlen: 22
                          45.88.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8b:c8:46:7b:11:5c:eb:ad:ba:c3:48:e3:ad:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6a22cd436bae6efc4b9c30f7f09cc47868f318f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:65:75:b8:dd:69:36:b7:c2:ad:16:26:a9:90:
                    30:4f:c8:cc:63:cb:4e:4e:f0:09:c6:dc:54:3f:7b:
                    2d:60:91:77:c6:8b:d0:5e:22:bb:c6:35:eb:0c:60:
                    4f:fb:2d:f5:ba:52:98:30:11:26:e6:92:c9:c3:ec:
                    21:92:49:ad:df:e7:80:ad:88:e8:7f:10:a4:b6:53:
                    27:3c:32:c5:40:e6:81:6f:f0:34:bf:73:44:ba:3a:
                    51:f9:fb:02:e9:1a:fe:da:46:71:26:d9:5f:89:16:
                    dd:5c:63:82:98:f4:73:c4:a3:a4:29:ab:50:b6:37:
                    81:af:3b:20:16:cf:b2:2d:fd:8f:ad:49:65:9f:eb:
                    a6:d1:9e:8e:b4:45:73:64:0a:87:c2:8a:23:e0:e0:
                    6e:a2:f5:a7:fe:b5:5a:35:d5:94:16:ed:10:26:a3:
                    d1:60:3d:95:aa:63:fd:ee:a9:bd:4c:1c:95:d5:04:
                    4e:ea:43:76:cd:41:be:a4:d3:22:56:64:62:cd:70:
                    24:60:5f:f3:d3:f9:fa:02:b4:07:16:65:c1:05:64:
                    cc:22:df:bc:3d:7c:46:c6:8f:73:1a:06:c0:ab:96:
                    7c:32:6d:9f:28:77:94:59:23:b6:d7:10:b1:6a:b5:
                    2d:bc:c3:60:aa:3e:08:9e:83:51:3a:30:4e:d8:78:
                    4c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A2:2C:D4:36:BA:E6:EF:C4:B9:C3:0F:7F:09:CC:47:86:8F:31:8F
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/pqIs1Da65u_EucMPfwnMR4aPMY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.4.0/22
                  45.88.84.0/22
                  45.132.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:fb:9c:ef:42:ce:ec:38:f3:7e:ce:da:f1:7e:3d:a0:6f:4a:
         42:aa:5a:9a:29:35:ee:0a:48:54:8e:07:2f:7e:2e:38:11:46:
         27:e8:21:9e:0a:34:61:e1:cb:1e:62:f5:05:00:8b:51:05:99:
         10:e6:e5:cc:73:49:fc:6d:59:da:e5:0a:ce:77:32:22:78:a2:
         cd:19:07:e0:51:16:f2:a9:51:18:6a:0c:3e:87:5b:c6:46:3b:
         40:89:94:fb:86:39:f1:18:0f:51:97:d4:51:e5:3b:6a:27:b9:
         50:58:b4:d9:59:2e:81:a9:e3:a9:d6:7d:57:ea:91:a5:44:e6:
         fe:ac:c2:28:81:75:46:0c:6c:93:1a:10:a1:81:d8:71:3c:c7:
         93:d2:95:ce:32:4a:3b:fb:44:25:c4:99:de:71:f3:c8:19:a9:
         2f:94:b6:e3:0a:86:24:5d:44:7a:88:ae:36:8a:91:b5:3f:62:
         af:0c:60:2a:18:1e:bb:86:3f:60:70:54:07:63:b4:09:9a:32:
         90:24:5d:37:32:48:48:4b:29:d8:fa:b4:b4:fa:b6:3a:08:7e:
         61:1c:ac:f8:ac:05:bf:db:01:77:41:60:0c:44:c4:d1:46:78:
         a2:0e:7a:7a:eb:86:ca:18:b2:4d:93:0b:78:b6:ff:08:6e:b3:
         9f:7d:3c:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlIvIRnsRXOutusNI461GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmEyMmNkNDM2YmFlNmVmYzRiOWMzMGY3ZjA5Y2M0Nzg2OGYzMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmV1uN1pNrfCrRYmqZAwT8jMY8tO
TvAJxtxUP3stYJF3xovQXiK7xjXrDGBP+y31ulKYMBEm5pLJw+whkkmt3+eArYjo
fxCktlMnPDLFQOaBb/A0v3NEujpR+fsC6Rr+2kZxJtlfiRbdXGOCmPRzxKOkKatQ
tjeBrzsgFs+yLf2PrUlln+um0Z6OtEVzZAqHwooj4OBuovWn/rVaNdWUFu0QJqPR
YD2VqmP97qm9TByV1QRO6kN2zUG+pNMiVmRizXAkYF/z0/n6ArQHFmXBBWTMIt+8
PXxGxo9zGgbAq5Z8Mm2fKHeUWSO21xCxarUtvMNgqj4InoNROjBO2HhMDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKaiLNQ2uubvxLnDD38JzEeGjzGPMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvcHFJczFEYTY1dV9FdWNNUGZ3bk1SNGFQTVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVIEAwQC
LVhUAwQCLYR4MA0GCSqGSIb3DQEBCwUAA4IBAQCj+5zvQs7sOPN+ztrxfj2gb0pC
qlqaKTXuCkhUjgcvfi44EUYn6CGeCjRh4cseYvUFAItRBZkQ5uXMc0n8bVna5QrO
dzIieKLNGQfgURbyqVEYagw+h1vGRjtAiZT7hjnxGA9Rl9RR5TtqJ7lQWLTZWS6B
qeOp1n1X6pGlROb+rMIogXVGDGyTGhChgdhxPMeT0pXOMko7+0QlxJnecfPIGakv
lLbjCoYkXUR6iK42ipG1P2KvDGAqGB67hj9gcFQHY7QJmjKQJF03MkhISynY+rS0
+rY6CH5hHKz4rAW/2wF3QWAMRMTRRniiDnp664bKGLJNkwt4tv8IbrOffTw+
-----END CERTIFICATE-----