Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/QxOiP1xd31a0cnqfBBokBA-_qe4.roa
File:                     QxOiP1xd31a0cnqfBBokBA-_qe4.roa (raw, json)
Hash identifier:          KGruz4wRL+1WiaR6POFTmlrOfxviHb0iYJm6XLCO+Cc=
Subject key identifier:   43:13:A2:3F:5C:5D:DF:56:B4:72:7A:9F:04:1A:24:04:0F:BF:A9:EE
Certificate issuer:       /CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
Certificate serial:       018EA57A62FFD0CC98676828CDEBC61AC8AA
Authority key identifier: 5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/QxOiP1xd31a0cnqfBBokBA-_qe4.roa
Signing time:             Wed 03 Apr 2024 19:40:45 +0000
ROA not before:           Wed 03 Apr 2024 19:40:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215250
IP address blocks:        45.91.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:7a:62:ff:d0:cc:98:67:68:28:cd:eb:c6:1a:c8:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
        Validity
            Not Before: Apr  3 19:40:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4313a23f5c5ddf56b4727a9f041a24040fbfa9ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ef:7c:0d:00:c6:98:c3:bb:8a:3b:bc:f1:51:
                    5c:dd:40:3c:40:06:99:8f:9d:97:71:4d:71:5a:de:
                    a7:e8:80:48:3e:5e:f2:48:b5:a0:7b:87:34:e6:cb:
                    a3:47:52:0c:b1:51:78:a6:66:8c:cc:52:75:c3:c4:
                    d8:51:33:d5:06:d9:33:04:42:97:5b:6b:09:68:be:
                    e1:3a:8e:ce:0d:84:a0:f4:3e:a0:3c:ef:49:00:9e:
                    bb:65:dc:cb:05:cd:40:94:ad:75:05:b2:60:7d:fb:
                    11:db:46:db:e1:5c:2a:51:e4:e5:f6:67:3d:b7:96:
                    12:06:e4:71:3b:58:32:1d:63:d3:75:6a:95:04:e1:
                    90:06:ba:6b:9a:07:cf:d8:2f:f3:73:6b:37:36:48:
                    25:83:5a:20:cd:b5:b8:27:f7:08:a3:98:a8:87:64:
                    84:59:55:48:0c:6e:1c:03:83:e3:db:f6:e1:fc:db:
                    de:da:00:b6:17:78:07:12:04:bf:77:0a:9b:88:e2:
                    a5:3b:d6:7c:54:a5:6f:c4:ca:b3:10:ed:13:a5:67:
                    c4:44:55:b1:16:b6:99:0b:76:c0:0f:6f:2f:f2:b1:
                    d8:9c:d4:55:59:56:f8:02:ad:66:bf:ad:ba:c8:23:
                    4f:15:21:59:95:9c:e3:1f:aa:e0:95:25:f2:7b:d4:
                    5d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:13:A2:3F:5C:5D:DF:56:B4:72:7A:9F:04:1A:24:04:0F:BF:A9:EE
            X509v3 Authority Key Identifier:
                keyid:5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/QxOiP1xd31a0cnqfBBokBA-_qe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b7:85:31:df:59:bf:9f:ee:b0:d2:60:bf:4d:eb:19:73:19:
         02:38:7f:bd:6b:df:6d:a5:1f:64:ef:95:63:00:a1:2c:5c:45:
         46:de:e8:6c:9d:7d:15:10:d4:23:39:60:45:04:a6:f0:0e:00:
         55:8a:f3:44:15:d6:a5:2f:51:59:d6:9d:76:e1:94:46:7d:17:
         d7:2b:db:24:24:51:93:95:ef:52:e6:d2:57:47:3d:9c:7a:ac:
         8a:a7:aa:f7:ac:55:17:e2:69:8b:62:c7:61:9f:3f:d9:9f:b1:
         7d:70:58:f4:e0:81:27:5d:8b:99:2e:92:9e:a2:e9:bb:40:11:
         ec:80:4e:03:0a:c7:11:6e:40:ed:c4:37:fb:8e:0f:e2:61:6e:
         49:31:c4:c3:b6:73:ee:18:4e:aa:b5:4f:28:d1:1c:c7:b1:9c:
         23:87:6a:26:f7:2b:31:b0:e8:4b:56:a1:2c:80:b9:05:94:de:
         ce:c3:20:13:93:c5:29:c8:37:10:92:d5:c0:35:76:d7:61:98:
         2e:40:cb:15:df:39:a0:ae:1d:ba:08:f0:d7:b2:67:bf:c0:0b:
         86:40:1e:52:ee:e6:be:59:7a:29:88:08:7e:30:f4:b7:5e:7a:
         26:37:d3:c1:d3:8a:7a:0a:75:4a:6b:26:67:79:58:88:33:6f:
         79:0e:00:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6lemL/0MyYZ2gozevGGsiqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzA2NTA5ODU3NDYyOWQ0YTdlMmQyYjIwNTVhYTdiZjIz
MDJmZWUwHhcNMjQwNDAzMTk0MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzEzYTIzZjVjNWRkZjU2YjQ3MjdhOWYwNDFhMjQwNDBmYmZhOWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe98DQDGmMO7iju88VFc3UA8QAaZ
j52XcU1xWt6n6IBIPl7ySLWge4c05sujR1IMsVF4pmaMzFJ1w8TYUTPVBtkzBEKX
W2sJaL7hOo7ODYSg9D6gPO9JAJ67ZdzLBc1AlK11BbJgffsR20bb4VwqUeTl9mc9
t5YSBuRxO1gyHWPTdWqVBOGQBrprmgfP2C/zc2s3Nkglg1ogzbW4J/cIo5ioh2SE
WVVIDG4cA4Pj2/bh/Nve2gC2F3gHEgS/dwqbiOKlO9Z8VKVvxMqzEO0TpWfERFWx
FraZC3bAD28v8rHYnNRVWVb4Aq1mv626yCNPFSFZlZzjH6rglSXye9RdSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMToj9cXd9WtHJ6nwQaJAQPv6nuMB8GA1UdIwQY
MBaAFF/AZQmFdGKdSn4tKyBVqnvyMC/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQt
ODU3NTk5NjgzYzNlLzEvUXhPaVAxeGQzMWEwY25xZkJCb2tCQS1fcWU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQtODU3NTk5NjgzYzNl
LzEvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVsMMA0G
CSqGSIb3DQEBCwUAA4IBAQAzt4Ux31m/n+6w0mC/TesZcxkCOH+9a99tpR9k75Vj
AKEsXEVG3uhsnX0VENQjOWBFBKbwDgBVivNEFdalL1FZ1p124ZRGfRfXK9skJFGT
le9S5tJXRz2ceqyKp6r3rFUX4mmLYsdhnz/Zn7F9cFj04IEnXYuZLpKeoum7QBHs
gE4DCscRbkDtxDf7jg/iYW5JMcTDtnPuGE6qtU8o0RzHsZwjh2om9ysxsOhLVqEs
gLkFlN7OwyATk8UpyDcQktXANXbXYZguQMsV3zmgrh26CPDXsme/wAuGQB5S7ua+
WXopiAh+MPS3XnomN9PB04p6CnVKayZneViIM295DgBR
-----END CERTIFICATE-----