Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/LlQ3T9I_EgsQeFFLw2Yh5YAdyOc.roa
File:                     LlQ3T9I_EgsQeFFLw2Yh5YAdyOc.roa (raw, json)
Hash identifier:          tA8jPai58KlNBdFWmiZy7u4vKi7VBfLlMWaP1G9yfAo=
Subject key identifier:   2E:54:37:4F:D2:3F:12:0B:10:78:51:4B:C3:66:21:E5:80:1D:C8:E7
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC50031B49F4F71B154F45AE4CE7D496E
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/LlQ3T9I_EgsQeFFLw2Yh5YAdyOc.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55933
IP address blocks:        45.150.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:31:b4:9f:4f:71:b1:54:f4:5a:e4:ce:7d:49:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e54374fd23f120b1078514bc36621e5801dc8e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:10:3e:08:de:c8:5c:d9:02:aa:ff:44:d0:41:
                    e4:68:a6:37:28:8a:ba:f3:c5:32:70:83:f3:43:18:
                    ec:d6:e4:27:99:0d:6c:7e:2b:ed:ed:b3:24:20:f0:
                    2d:dd:a8:cd:6c:80:8e:01:14:67:f5:dc:eb:79:aa:
                    49:26:e3:1b:06:2a:f7:de:5e:3f:ee:36:4f:5f:49:
                    2a:b3:02:08:ff:ec:09:ae:9e:5b:60:82:f6:17:e0:
                    24:03:02:ae:cd:d5:9e:29:37:af:30:03:a7:94:0f:
                    2e:c6:19:fd:51:aa:06:0d:16:13:79:56:af:b9:f8:
                    67:ee:0e:88:87:9d:16:db:fb:eb:53:ad:d4:d2:a7:
                    33:22:f9:7c:20:96:34:67:58:99:ac:fa:66:c3:c3:
                    47:75:62:87:5c:8f:da:74:fd:ea:5b:4e:49:81:be:
                    89:34:6c:93:da:c4:6b:63:dc:74:f5:16:99:06:17:
                    c4:53:16:01:80:55:36:f2:e0:92:3c:51:97:21:15:
                    b8:84:ac:0b:80:28:97:5e:3d:d6:b4:1b:a2:89:e0:
                    de:d3:13:b0:bb:5c:9c:a2:2e:e9:0f:31:10:c3:65:
                    41:94:02:99:d8:89:40:01:da:c9:49:8f:9b:d7:b9:
                    ad:45:6f:c2:c9:99:38:24:07:2e:af:63:86:28:02:
                    81:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:54:37:4F:D2:3F:12:0B:10:78:51:4B:C3:66:21:E5:80:1D:C8:E7
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/LlQ3T9I_EgsQeFFLw2Yh5YAdyOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:d6:8e:88:07:c4:14:75:49:b3:ae:3e:30:02:bc:d6:1d:03:
         3e:c1:8b:b0:91:34:5a:c4:59:8f:d3:02:83:4d:e1:61:c9:a9:
         d9:60:d1:ab:53:12:ee:bd:05:89:00:43:72:40:46:24:7d:e3:
         ba:bf:93:34:00:29:c5:88:db:33:07:4a:d7:3d:88:81:30:86:
         cd:13:f0:c1:ba:e5:9a:a5:b1:1e:70:c7:dd:ad:ec:de:e1:54:
         87:a1:ec:59:4f:d2:0b:08:c3:0c:97:c2:51:c3:16:a3:a7:de:
         51:c1:48:9c:8c:e9:1d:37:90:13:1a:d3:14:04:d0:43:f6:97:
         ab:7e:16:f8:2d:b5:9e:7f:43:5e:0a:d1:9c:37:a2:b3:ee:cd:
         4f:fa:f7:48:e5:90:3d:db:5f:a3:f6:dc:f1:24:49:ca:83:83:
         38:41:4a:95:59:e1:35:e0:d7:aa:59:d5:0f:ab:56:4a:be:c0:
         b2:93:d8:c3:1c:15:b7:22:8b:8f:14:60:58:e9:9b:36:f6:d5:
         f4:06:f3:1a:eb:7e:45:02:44:9c:0b:2b:e7:75:9e:f4:68:5c:
         de:e8:8e:0f:0a:a9:c7:8a:43:5f:56:76:df:83:0e:f8:2b:7c:
         2f:96:22:a6:29:8f:c5:0c:5f:d2:bd:5a:b9:c0:d4:0b:96:5e:
         83:e9:8f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADG0n09xsVT0WuTOfUluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTU0Mzc0ZmQyM2YxMjBiMTA3ODUxNGJjMzY2MjFlNTgwMWRjOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBA+CN7IXNkCqv9E0EHkaKY3KIq6
88UycIPzQxjs1uQnmQ1sfivt7bMkIPAt3ajNbICOARRn9dzreapJJuMbBir33l4/
7jZPX0kqswII/+wJrp5bYIL2F+AkAwKuzdWeKTevMAOnlA8uxhn9UaoGDRYTeVav
ufhn7g6Ih50W2/vrU63U0qczIvl8IJY0Z1iZrPpmw8NHdWKHXI/adP3qW05Jgb6J
NGyT2sRrY9x09RaZBhfEUxYBgFU28uCSPFGXIRW4hKwLgCiXXj3WtBuiieDe0xOw
u1ycoi7pDzEQw2VBlAKZ2IlAAdrJSY+b17mtRW/CyZk4JAcur2OGKAKBewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5UN0/SPxILEHhRS8NmIeWAHcjnMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvTGxRM1Q5SV9FZ3NRZUZGTHcyWWg1WUFkeU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZbGMA0G
CSqGSIb3DQEBCwUAA4IBAQAk1o6IB8QUdUmzrj4wArzWHQM+wYuwkTRaxFmP0wKD
TeFhyanZYNGrUxLuvQWJAENyQEYkfeO6v5M0ACnFiNszB0rXPYiBMIbNE/DBuuWa
pbEecMfdreze4VSHoexZT9ILCMMMl8JRwxajp95RwUicjOkdN5ATGtMUBNBD9per
fhb4LbWef0NeCtGcN6Kz7s1P+vdI5ZA921+j9tzxJEnKg4M4QUqVWeE14NeqWdUP
q1ZKvsCyk9jDHBW3IouPFGBY6Zs29tX0BvMa635FAkScCyvndZ70aFze6I4PCqnH
ikNfVnbfgw74K3wvliKmKY/FDF/SvVq5wNQLll6D6Y8d
-----END CERTIFICATE-----