Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/7e8c17-e201-4ff4-8366-f0df23898f64/1/5Q07-loC8Yo_46xHmztaIrZFiKM.roa
File:                     5Q07-loC8Yo_46xHmztaIrZFiKM.roa (raw, json)
Hash identifier:          hIzc9IF421BMYwUUnKbBK9/WCdBWd18li2W89Ps53Js=
Subject key identifier:   E5:0D:3B:FA:5A:02:F1:8A:3F:E3:AC:47:9B:3B:5A:22:B6:45:88:A3
Certificate issuer:       /CN=aaa314592ef5ea8bbe84d064b256171fe2afc83e
Certificate serial:       018CC9BB2D487DA8CD7759838EFBFB4A971E
Authority key identifier: AA:A3:14:59:2E:F5:EA:8B:BE:84:D0:64:B2:56:17:1F:E2:AF:C8:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqMUWS716ou-hNBkslYXH-KvyD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/7e8c17-e201-4ff4-8366-f0df23898f64/1/5Q07-loC8Yo_46xHmztaIrZFiKM.roa
Signing time:             Tue 02 Jan 2024 10:32:16 +0000
ROA not before:           Tue 02 Jan 2024 10:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        185.159.247.0/24 maxlen: 24
                          45.80.108.0/24 maxlen: 24
                          45.80.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/7e8c17-e201-4ff4-8366-f0df23898f64/1/qqMUWS716ou-hNBkslYXH-KvyD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/7e8c17-e201-4ff4-8366-f0df23898f64/1/qqMUWS716ou-hNBkslYXH-KvyD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqMUWS716ou-hNBkslYXH-KvyD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:2d:48:7d:a8:cd:77:59:83:8e:fb:fb:4a:97:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaa314592ef5ea8bbe84d064b256171fe2afc83e
        Validity
            Not Before: Jan  2 10:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e50d3bfa5a02f18a3fe3ac479b3b5a22b64588a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:5a:be:48:ec:39:8f:df:84:ea:24:a2:17:39:
                    da:26:10:ce:c2:00:78:8e:d5:ce:62:e8:51:b4:88:
                    27:f2:98:4f:51:c3:ae:1f:3d:5c:06:48:c9:76:0e:
                    6c:8a:70:3f:44:2b:9e:c6:2d:cc:a4:cb:6a:14:ef:
                    56:f4:5d:db:d0:57:7c:9e:99:4a:db:95:91:22:6b:
                    af:bf:23:f8:c0:f5:e8:10:f3:6c:55:f7:50:42:87:
                    47:af:9b:e7:8e:58:42:0e:6b:4a:a8:7c:94:47:a1:
                    77:ab:f9:f9:26:2b:e5:50:4c:13:ad:c0:0b:0f:6d:
                    9b:c7:59:87:af:c6:5d:4c:f4:34:14:9a:2c:46:08:
                    8b:16:b3:45:de:44:1c:ca:d4:0e:e3:87:cb:56:ff:
                    1d:db:2f:9c:83:5b:e3:62:a8:5f:27:76:67:81:66:
                    5c:0a:9a:c6:2a:46:6d:03:a9:6e:c0:2b:8d:80:90:
                    38:f5:c4:b8:14:44:7f:4c:c8:ba:30:a4:61:ec:3f:
                    47:81:9f:0d:11:10:5a:4c:c4:68:3a:22:7a:db:08:
                    af:08:8d:4a:00:81:7c:cc:12:ab:a0:fb:f1:48:7e:
                    e1:38:85:aa:29:c4:76:af:38:53:ab:ec:3a:9b:43:
                    85:e7:10:60:45:b8:6b:38:67:0e:1b:4f:8c:96:72:
                    97:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0D:3B:FA:5A:02:F1:8A:3F:E3:AC:47:9B:3B:5A:22:B6:45:88:A3
            X509v3 Authority Key Identifier:
                keyid:AA:A3:14:59:2E:F5:EA:8B:BE:84:D0:64:B2:56:17:1F:E2:AF:C8:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqMUWS716ou-hNBkslYXH-KvyD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/7e8c17-e201-4ff4-8366-f0df23898f64/1/5Q07-loC8Yo_46xHmztaIrZFiKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/7e8c17-e201-4ff4-8366-f0df23898f64/1/qqMUWS716ou-hNBkslYXH-KvyD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.108.0/24
                  45.80.110.0/24
                  185.159.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:2e:f1:f0:18:37:97:3d:26:aa:c6:d0:e7:dd:fa:69:8d:b8:
         03:7c:dc:03:35:98:c5:b8:80:84:1e:6a:16:af:79:e3:4c:5f:
         96:6a:05:1c:00:10:d7:17:33:2b:72:a0:f5:1d:44:3a:88:3d:
         ff:0c:a9:fe:cc:d4:b9:2e:8b:62:2a:e7:9d:37:63:60:af:69:
         54:0b:de:48:dd:35:7a:5b:73:3f:24:02:26:0c:bf:6d:69:d5:
         a2:d4:23:1c:5d:34:80:3e:4d:68:94:a6:01:18:0f:e0:ae:bd:
         a3:5a:4f:c6:bf:42:48:c9:2d:19:f4:89:d3:75:20:54:28:43:
         80:fd:5a:8c:d7:ee:f5:fd:e3:84:40:5f:4a:2d:e9:b2:76:8c:
         20:a6:88:76:c4:0f:04:59:9e:fd:4f:07:8f:5a:34:ec:ce:15:
         7e:a5:c9:db:bf:ef:51:33:f2:8b:e2:fd:13:c0:bc:d9:e2:90:
         da:d7:57:66:9a:d9:7a:0f:d9:ed:78:59:68:04:19:7b:46:69:
         6a:b8:93:b1:6f:75:13:bf:f7:61:bd:3f:83:39:e2:3c:d9:38:
         5e:72:41:3f:eb:e9:57:eb:03:1b:8c:65:1e:cc:d9:b3:78:8e:
         b2:c3:c9:38:0b:59:5c:8b:5b:dc:ac:e5:f2:f6:d1:4a:1f:db:
         df:fe:63:5f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJuy1IfajNd1mDjvv7SpceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYTMxNDU5MmVmNWVhOGJiZTg0ZDA2NGIyNTYxNzFmZTJh
ZmM4M2UwHhcNMjQwMTAyMTAzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBkM2JmYTVhMDJmMThhM2ZlM2FjNDc5YjNiNWEyMmI2NDU4OGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51q+SOw5j9+E6iSiFznaJhDOwgB4
jtXOYuhRtIgn8phPUcOuHz1cBkjJdg5sinA/RCuexi3MpMtqFO9W9F3b0Fd8nplK
25WRImuvvyP4wPXoEPNsVfdQQodHr5vnjlhCDmtKqHyUR6F3q/n5JivlUEwTrcAL
D22bx1mHr8ZdTPQ0FJosRgiLFrNF3kQcytQO44fLVv8d2y+cg1vjYqhfJ3ZngWZc
CprGKkZtA6luwCuNgJA49cS4FER/TMi6MKRh7D9HgZ8NERBaTMRoOiJ62wivCI1K
AIF8zBKroPvxSH7hOIWqKcR2rzhTq+w6m0OF5xBgRbhrOGcOG0+MlnKXfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOUNO/paAvGKP+OsR5s7WiK2RYijMB8GA1UdIwQY
MBaAFKqjFFku9eqLvoTQZLJWFx/ir8g+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXFNVVdTNzE2b3UtaE5Ca3NsWVhILUt2eUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83ZThjMTctZTIwMS00ZmY0LTgzNjYt
ZjBkZjIzODk4ZjY0LzEvNVEwNy1sb0M4WW9fNDZ4SG16dGFJclpGaUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83ZThjMTctZTIwMS00ZmY0LTgzNjYtZjBkZjIzODk4ZjY0
LzEvcXFNVVdTNzE2b3UtaE5Ca3NsWVhILUt2eUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVBsAwQA
LVBuAwQAuZ/3MA0GCSqGSIb3DQEBCwUAA4IBAQBQLvHwGDeXPSaqxtDn3fppjbgD
fNwDNZjFuICEHmoWr3njTF+WagUcABDXFzMrcqD1HUQ6iD3/DKn+zNS5LotiKued
N2Ngr2lUC95I3TV6W3M/JAImDL9tadWi1CMcXTSAPk1olKYBGA/grr2jWk/Gv0JI
yS0Z9InTdSBUKEOA/VqM1+71/eOEQF9KLemydowgpoh2xA8EWZ79TwePWjTszhV+
pcnbv+9RM/KL4v0TwLzZ4pDa11dmmtl6D9nteFloBBl7RmlquJOxb3UTv/dhvT+D
OeI82TheckE/6+lX6wMbjGUezNmzeI6yw8k4C1lci1vcrOXy9tFKH9vf/mNf
-----END CERTIFICATE-----