Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/6ed434-cd51-4152-aa43-056bae27288e/1/nidqp3MGdvI32YOKGnH-r9iY6w4.roa
File:                     nidqp3MGdvI32YOKGnH-r9iY6w4.roa (raw, json)
Hash identifier:          7Avhl1J2bT/zxi7GsufcVpC2aIY7LbJGV701HemWfKU=
Subject key identifier:   9E:27:6A:A7:73:06:76:F2:37:D9:83:8A:1A:71:FE:AF:D8:98:EB:0E
Certificate issuer:       /CN=507e582adc9369da8ae85dd935740123081c7eed
Certificate serial:       018CC2DAD0F004DDA4CDB49D5B04FDB1A9E1
Authority key identifier: 50:7E:58:2A:DC:93:69:DA:8A:E8:5D:D9:35:74:01:23:08:1C:7E:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UH5YKtyTadqK6F3ZNXQBIwgcfu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/6ed434-cd51-4152-aa43-056bae27288e/1/nidqp3MGdvI32YOKGnH-r9iY6w4.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        45.143.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/6ed434-cd51-4152-aa43-056bae27288e/1/UH5YKtyTadqK6F3ZNXQBIwgcfu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/6ed434-cd51-4152-aa43-056bae27288e/1/UH5YKtyTadqK6F3ZNXQBIwgcfu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UH5YKtyTadqK6F3ZNXQBIwgcfu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d0:f0:04:dd:a4:cd:b4:9d:5b:04:fd:b1:a9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=507e582adc9369da8ae85dd935740123081c7eed
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e276aa7730676f237d9838a1a71feafd898eb0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:e7:8b:be:dd:68:8d:be:fd:6a:6f:42:8b:
                    0c:ce:b9:fb:62:8d:f5:1f:e4:d6:7f:f9:d6:79:3d:
                    c9:ed:ab:dc:fa:f4:37:b4:ac:2e:42:0e:28:d1:08:
                    3b:ea:cd:47:23:ea:62:79:f2:6c:24:67:2d:69:2c:
                    d2:d6:aa:83:c2:f4:2e:fe:b8:dc:0a:48:8b:52:4d:
                    b7:f5:72:de:86:c6:57:0b:25:97:26:00:85:d4:97:
                    a1:92:e8:de:1b:b9:7e:b0:cf:67:ca:69:74:ce:83:
                    8d:22:5f:ac:70:33:86:1f:6f:cd:c8:e6:bc:00:d9:
                    80:2e:f3:fa:32:f3:f1:e1:94:a2:b6:20:ff:88:50:
                    08:ab:6a:2e:50:65:10:ac:71:9f:58:52:f1:4b:28:
                    a2:3f:64:05:4a:ca:68:9a:2f:46:1b:63:cf:e1:97:
                    03:5b:00:39:bb:e5:42:99:21:3b:f3:b6:58:cc:b3:
                    14:ab:df:b0:34:c0:dc:d8:fb:f3:2f:31:3c:2b:1c:
                    ac:81:47:b4:86:4f:15:34:26:4c:7f:c5:4f:d0:20:
                    fc:39:f9:9f:8b:12:a9:4c:1a:96:25:05:ea:a8:04:
                    ae:37:8e:2c:95:3f:15:d3:20:86:51:8d:8b:cb:c8:
                    a8:b0:c8:1e:bf:b8:50:9f:c6:db:88:c9:68:b9:87:
                    f9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:27:6A:A7:73:06:76:F2:37:D9:83:8A:1A:71:FE:AF:D8:98:EB:0E
            X509v3 Authority Key Identifier:
                keyid:50:7E:58:2A:DC:93:69:DA:8A:E8:5D:D9:35:74:01:23:08:1C:7E:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UH5YKtyTadqK6F3ZNXQBIwgcfu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6ed434-cd51-4152-aa43-056bae27288e/1/nidqp3MGdvI32YOKGnH-r9iY6w4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6ed434-cd51-4152-aa43-056bae27288e/1/UH5YKtyTadqK6F3ZNXQBIwgcfu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a0:59:90:97:cc:76:0e:2c:d4:e5:5a:0d:99:4d:8e:c6:9d:
         8c:fa:c1:43:b3:1d:5d:95:59:c1:19:10:11:4a:c9:77:ad:87:
         60:5a:dc:dc:4f:ee:f5:b5:0b:a3:e1:cf:80:7d:bd:00:75:c3:
         fb:21:dd:dc:f2:cb:f9:f4:f9:48:36:6a:05:35:3b:64:07:f3:
         f3:b6:7a:8d:28:49:04:15:32:3d:cc:ee:ad:78:31:73:d1:d6:
         bd:91:a3:56:26:f2:70:e8:c7:af:65:9e:d9:8d:49:3d:29:77:
         6d:82:85:39:04:71:d9:2d:57:a3:16:6b:43:98:3b:07:b2:28:
         83:b5:4b:19:0d:cc:46:e7:57:b1:38:1e:91:99:89:62:f2:41:
         b0:04:69:b3:3a:62:e3:5e:bf:61:67:6d:3c:36:a4:81:06:8b:
         3b:bf:8d:03:90:47:ff:35:ed:3c:21:b5:c7:a1:f8:3c:7d:6a:
         4e:53:a6:61:86:d3:d3:1c:01:d4:06:63:93:2f:47:29:81:48:
         d5:fa:d0:92:81:f7:e0:04:b8:75:b9:4d:ed:a6:67:fe:b5:36:
         fe:85:25:f3:a3:b2:14:7f:2e:0c:a8:0a:72:fe:b3:99:1d:76:
         de:90:8f:82:e4:77:a3:6d:5d:db:f8:8c:68:78:41:18:a2:fc:
         a7:5f:6d:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tDwBN2kzbSdWwT9sanhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwN2U1ODJhZGM5MzY5ZGE4YWU4NWRkOTM1NzQwMTIzMDgx
YzdlZWQwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTI3NmFhNzczMDY3NmYyMzdkOTgzOGExYTcxZmVhZmQ4OThlYjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4fni77daI2+/WpvQosMzrn7Yo31
H+TWf/nWeT3J7avc+vQ3tKwuQg4o0Qg76s1HI+piefJsJGctaSzS1qqDwvQu/rjc
CkiLUk239XLehsZXCyWXJgCF1JehkujeG7l+sM9nyml0zoONIl+scDOGH2/NyOa8
ANmALvP6MvPx4ZSitiD/iFAIq2ouUGUQrHGfWFLxSyiiP2QFSspomi9GG2PP4ZcD
WwA5u+VCmSE787ZYzLMUq9+wNMDc2PvzLzE8KxysgUe0hk8VNCZMf8VP0CD8Ofmf
ixKpTBqWJQXqqASuN44slT8V0yCGUY2Ly8iosMgev7hQn8bbiMlouYf5hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4naqdzBnbyN9mDihpx/q/YmOsOMB8GA1UdIwQY
MBaAFFB+WCrck2naiuhd2TV0ASMIHH7tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUg1WUt0eVRhZHFLNkYzWk5YUUJJd2djZnUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS82ZWQ0MzQtY2Q1MS00MTUyLWFhNDMt
MDU2YmFlMjcyODhlLzEvbmlkcXAzTUdkdkkzMllPS0duSC1yOWlZNnc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS82ZWQ0MzQtY2Q1MS00MTUyLWFhNDMtMDU2YmFlMjcyODhl
LzEvVUg1WUt0eVRhZHFLNkYzWk5YUUJJd2djZnUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY+cMA0G
CSqGSIb3DQEBCwUAA4IBAQADoFmQl8x2DizU5VoNmU2Oxp2M+sFDsx1dlVnBGRAR
Ssl3rYdgWtzcT+71tQuj4c+Afb0AdcP7Id3c8sv59PlINmoFNTtkB/PztnqNKEkE
FTI9zO6teDFz0da9kaNWJvJw6MevZZ7ZjUk9KXdtgoU5BHHZLVejFmtDmDsHsiiD
tUsZDcxG51exOB6RmYli8kGwBGmzOmLjXr9hZ208NqSBBos7v40DkEf/Ne08IbXH
ofg8fWpOU6ZhhtPTHAHUBmOTL0cpgUjV+tCSgffgBLh1uU3tpmf+tTb+hSXzo7IU
fy4MqApy/rOZHXbekI+C5HejbV3b+IxoeEEYovynX21v
-----END CERTIFICATE-----