Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/bQTVZ_IjsZWQRt0DWh4wFpgQYC0.roa
File:                     bQTVZ_IjsZWQRt0DWh4wFpgQYC0.roa (raw, json)
Hash identifier:          m3z/s034fsVojimyEpZA92Y8G1yEhWsZPM6VkVREp8s=
Subject key identifier:   6D:04:D5:67:F2:23:B1:95:90:46:DD:03:5A:1E:30:16:98:10:60:2D
Certificate issuer:       /CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
Certificate serial:       01920BA4E4D921B1C914AE3BF453F18A652E
Authority key identifier: 0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/bQTVZ_IjsZWQRt0DWh4wFpgQYC0.roa
Signing time:             Thu 19 Sep 2024 18:56:48 +0000
ROA not before:           Thu 19 Sep 2024 18:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.12.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0b:a4:e4:d9:21:b1:c9:14:ae:3b:f4:53:f1:8a:65:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
        Validity
            Not Before: Sep 19 18:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d04d567f223b1959046dd035a1e30169810602d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:10:ba:c4:b5:9d:97:ec:0b:e3:96:dc:65:20:
                    f1:c2:cc:f5:bb:1d:d4:d0:c6:4a:46:63:42:b0:f2:
                    31:66:b0:11:26:6f:2b:aa:e5:9e:17:2b:5c:8e:e3:
                    e4:9a:18:91:5d:a6:35:1b:7f:c5:7c:64:20:e0:d8:
                    15:b2:a1:99:84:fa:34:c2:5c:3a:0d:d5:11:ab:53:
                    95:6c:ce:5b:f5:e7:86:ca:d6:c2:d1:ce:c1:58:ed:
                    da:7e:5d:3f:44:b6:a8:7b:fc:0b:f5:6f:fc:53:2b:
                    9b:6c:4c:bc:eb:5d:96:b5:e9:1e:63:f9:3d:7b:65:
                    14:a9:c6:c4:95:b9:ca:c0:e8:0b:ae:ef:76:d4:ca:
                    a2:b8:32:4c:4e:19:a6:c1:b7:df:08:bc:cd:8f:51:
                    ca:30:23:20:25:d2:03:ca:1e:f1:31:50:22:5c:e5:
                    ab:56:a5:5d:01:eb:10:c0:bb:7f:ed:9d:5e:3a:b4:
                    32:31:2f:fe:dc:c3:24:9e:7b:15:b1:08:37:b3:dc:
                    4a:0f:7c:79:64:51:15:33:b8:00:eb:0a:36:c6:ef:
                    59:f1:7f:43:73:89:06:7b:5a:1f:e9:74:8d:f4:24:
                    2c:20:b7:00:17:c5:f5:21:4b:05:50:3e:bf:8f:03:
                    d2:1d:62:1c:5c:d3:aa:29:be:06:24:b1:0b:50:80:
                    8b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:04:D5:67:F2:23:B1:95:90:46:DD:03:5A:1E:30:16:98:10:60:2D
            X509v3 Authority Key Identifier:
                keyid:0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/bQTVZ_IjsZWQRt0DWh4wFpgQYC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:6f:b2:93:fb:0e:68:e7:b7:eb:f3:e7:27:d3:57:75:a9:67:
         c2:45:cc:ad:51:0c:ae:50:e0:b2:08:43:37:c1:87:6e:a5:77:
         77:7d:e6:04:17:93:e9:ac:31:06:a4:2a:d4:86:2f:93:6e:01:
         72:25:c6:c3:85:39:52:b8:77:11:86:51:a1:5e:ae:5e:fa:06:
         86:b7:54:22:e8:24:ba:7c:6d:b7:b9:f9:0e:f5:07:7a:24:4b:
         d5:6d:b3:9e:09:0b:39:69:d6:c2:13:65:15:56:38:e6:7a:e8:
         74:cf:73:61:e2:67:90:7d:6d:c7:6b:54:9e:b4:75:ab:04:f1:
         39:7b:f1:54:6d:a9:af:0f:97:47:32:5e:38:cf:e3:ea:95:21:
         6d:ec:0d:b3:47:63:11:34:a2:c8:9e:34:3f:92:86:56:3b:f5:
         39:4b:01:22:14:97:77:2c:b7:1b:bd:ba:ad:d2:35:33:f8:67:
         05:ec:b4:c1:61:3a:89:d9:f1:bb:e8:1a:6c:64:43:1c:f5:8c:
         1c:81:ed:ca:ef:cf:b0:4c:f2:e6:93:21:58:1a:f2:17:63:36:
         f8:71:26:c3:00:f5:b8:37:28:87:1c:4d:ad:0e:19:66:4f:69:
         7e:ca:25:01:3e:52:39:98:4d:6b:8c:25:5a:a9:82:41:d9:17:
         39:52:b7:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZILpOTZIbHJFK479FPximUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzBiNjM1ZDM1NzQ2OGQ3ZjkzMmQzZTFmNTlkNTM3M2Nm
OWY0NjUwHhcNMjQwOTE5MTg1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA0ZDU2N2YyMjNiMTk1OTA0NmRkMDM1YTFlMzAxNjk4MTA2MDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxC6xLWdl+wL45bcZSDxwsz1ux3U
0MZKRmNCsPIxZrARJm8rquWeFytcjuPkmhiRXaY1G3/FfGQg4NgVsqGZhPo0wlw6
DdURq1OVbM5b9eeGytbC0c7BWO3afl0/RLaoe/wL9W/8UyubbEy8612WtekeY/k9
e2UUqcbElbnKwOgLru921MqiuDJMThmmwbffCLzNj1HKMCMgJdIDyh7xMVAiXOWr
VqVdAesQwLt/7Z1eOrQyMS/+3MMknnsVsQg3s9xKD3x5ZFEVM7gA6wo2xu9Z8X9D
c4kGe1of6XSN9CQsILcAF8X1IUsFUD6/jwPSHWIcXNOqKb4GJLELUICLQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0E1WfyI7GVkEbdA1oeMBaYEGAtMB8GA1UdIwQY
MBaAFAowtjXTV0aNf5MtPh9Z1Tc8+fRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjIt
NmRlZjM5OGNlNWM5LzEvYlFUVlpfSWpzWldRUnQwRFdoNHdGcGdRWUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjItNmRlZjM5OGNlNWM5
LzEvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQy5MA0G
CSqGSIb3DQEBCwUAA4IBAQAvb7KT+w5o57fr8+cn01d1qWfCRcytUQyuUOCyCEM3
wYdupXd3feYEF5PprDEGpCrUhi+TbgFyJcbDhTlSuHcRhlGhXq5e+gaGt1Qi6CS6
fG23ufkO9Qd6JEvVbbOeCQs5adbCE2UVVjjmeuh0z3Nh4meQfW3Ha1SetHWrBPE5
e/FUbamvD5dHMl44z+PqlSFt7A2zR2MRNKLInjQ/koZWO/U5SwEiFJd3LLcbvbqt
0jUz+GcF7LTBYTqJ2fG76BpsZEMc9Ywcge3K78+wTPLmkyFYGvIXYzb4cSbDAPW4
NyiHHE2tDhlmT2l+yiUBPlI5mE1rjCVaqYJB2Rc5Urf8
-----END CERTIFICATE-----