Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/0QhRCBCbZAWVh2uQR4tpsRvYurk.roa
File:                     0QhRCBCbZAWVh2uQR4tpsRvYurk.roa (raw, json)
Hash identifier:          TvxeY8MJepJaXhm1vHBBTmBB30+V15MQHLuHQMCrCho=
Subject key identifier:   D1:08:51:08:10:9B:64:05:95:87:6B:90:47:8B:69:B1:1B:D8:BA:B9
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BC9F2C7550FC11A18555447903FEEE
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/0QhRCBCbZAWVh2uQR4tpsRvYurk.roa
Signing time:             Tue 02 Jan 2024 10:33:51 +0000
ROA not before:           Tue 02 Jan 2024 10:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1124
IP address blocks:        145.18.0.0/16 maxlen: 16
                          145.109.0.0/17 maxlen: 17
                          145.109.128.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9f:2c:75:50:fc:11:a1:85:55:44:79:03:fe:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1085108109b640595876b90478b69b11bd8bab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c7:04:e6:37:b1:13:df:40:ee:a4:af:ff:87:
                    3c:63:b1:94:39:4f:2c:98:49:b7:ce:32:ad:b8:c6:
                    e4:72:1d:ff:59:fb:a2:a2:a8:c1:f2:92:e1:5c:9c:
                    d4:b7:8f:62:c5:76:f8:a8:e9:f0:a2:83:cf:6a:f7:
                    15:48:7f:0a:7b:65:8c:1b:9e:76:3b:f5:0b:92:e2:
                    a6:31:88:dd:48:87:86:6e:75:4e:56:52:4b:7d:a2:
                    20:c6:22:50:29:f7:3d:a0:7b:1b:74:f4:1d:35:c2:
                    55:c1:71:7f:2d:0c:f0:46:ea:b3:e8:ac:70:5b:5b:
                    51:93:96:ac:be:81:b4:d3:95:49:fc:9f:d4:88:b2:
                    a3:5b:e8:52:d1:c2:4d:37:ff:ba:5f:66:c0:5f:5e:
                    60:62:9b:95:6e:91:3e:c9:de:b5:8b:c7:d6:c3:27:
                    ee:30:37:60:e7:1c:68:1b:25:cb:20:d5:91:89:57:
                    40:1b:b1:b2:81:d3:41:41:9b:d8:85:eb:9a:4e:27:
                    16:83:a4:d6:96:f0:c9:a0:60:d9:33:c0:68:a8:ff:
                    5a:1b:d1:57:55:0f:4b:87:c5:2c:10:77:37:e2:67:
                    bb:42:1a:ec:cd:87:3e:3d:71:4c:cd:ef:a0:38:0c:
                    41:ca:ed:f7:53:e8:fa:90:e8:86:e6:3e:3c:fd:23:
                    b4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:08:51:08:10:9B:64:05:95:87:6B:90:47:8B:69:B1:1B:D8:BA:B9
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/0QhRCBCbZAWVh2uQR4tpsRvYurk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.18.0.0/16
                  145.109.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         49:c1:f6:81:f1:45:a3:ee:38:69:df:fc:fd:9a:f1:99:20:13:
         54:8f:12:85:64:2b:83:75:8f:3b:7f:6d:3f:56:fb:56:4e:fe:
         8d:bb:d4:af:98:bb:3f:70:b1:72:ef:4f:a6:52:e8:72:f4:bf:
         9c:6e:13:96:d9:9d:9b:53:42:60:71:8b:70:e1:2c:87:e0:66:
         60:4e:5e:8e:cb:b2:1c:2d:2e:60:d3:11:42:3e:49:54:c6:ad:
         0d:5c:0b:38:e2:8e:21:13:6b:8c:de:54:be:ca:01:53:2b:68:
         a4:4c:76:99:4a:72:05:6f:5b:5d:33:6f:ae:1e:76:21:40:5b:
         fd:c9:1b:2f:1a:a0:10:38:86:2d:ff:c2:0a:9f:01:86:b1:e7:
         16:69:ed:0f:3e:51:13:10:9b:c2:ca:c5:83:a6:4f:2d:f1:08:
         c0:9e:37:d9:12:5f:dd:c8:cd:25:15:00:39:49:60:cf:21:4b:
         93:a4:59:69:f3:2f:75:89:96:49:8e:12:e0:2d:ac:89:01:74:
         49:3b:b5:3f:96:bb:7d:d5:e7:14:d8:6f:14:6f:09:93:25:46:
         52:de:41:2b:5c:92:b6:5f:1c:04:e4:36:4f:20:4c:83:94:cc:
         1f:c5:e8:dd:1f:b4:da:6a:e6:9c:06:63:83:41:5e:da:44:8e:
         08:0d:af:f0
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJvJ8sdVD8EaGFVUR5A/7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTA4NTEwODEwOWI2NDA1OTU4NzZiOTA0NzhiNjliMTFiZDhiYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMcE5jexE99A7qSv/4c8Y7GUOU8s
mEm3zjKtuMbkch3/WfuioqjB8pLhXJzUt49ixXb4qOnwooPPavcVSH8Ke2WMG552
O/ULkuKmMYjdSIeGbnVOVlJLfaIgxiJQKfc9oHsbdPQdNcJVwXF/LQzwRuqz6Kxw
W1tRk5asvoG005VJ/J/UiLKjW+hS0cJNN/+6X2bAX15gYpuVbpE+yd61i8fWwyfu
MDdg5xxoGyXLINWRiVdAG7GygdNBQZvYheuaTicWg6TWlvDJoGDZM8BoqP9aG9FX
VQ9Lh8UsEHc34me7QhrszYc+PXFMze+gOAxByu33U+j6kOiG5j48/SO0qQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFNEIUQgQm2QFlYdrkEeLabEb2Lq5MB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvMFFoUkNCQ2JaQVdWaDJ1UVI0dHBzUnZZdXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAkRIDAwCR
bTANBgkqhkiG9w0BAQsFAAOCAQEAScH2gfFFo+44ad/8/ZrxmSATVI8ShWQrg3WP
O39tP1b7Vk7+jbvUr5i7P3Cxcu9PplLocvS/nG4Tltmdm1NCYHGLcOEsh+BmYE5e
jsuyHC0uYNMRQj5JVMatDVwLOOKOIRNrjN5UvsoBUytopEx2mUpyBW9bXTNvrh52
IUBb/ckbLxqgEDiGLf/CCp8BhrHnFmntDz5RExCbwsrFg6ZPLfEIwJ432RJf3cjN
JRUAOUlgzyFLk6RZafMvdYmWSY4S4C2siQF0STu1P5a7fdXnFNhvFG8JkyVGUt5B
K1yStl8cBOQ2TyBMg5TMH8Xo3R+02mrmnAZjg0Fe2kSOCA2v8A==
-----END CERTIFICATE-----