Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/QcO_97kM9oRus7I7ci9eDnU8--Y.roa
File:                     QcO_97kM9oRus7I7ci9eDnU8--Y.roa (raw, json)
Hash identifier:          Zhat4FpOcass8GhXs5lmNW3mPpCyZNEwjgEqXGcTH7k=
Subject key identifier:   41:C3:BF:F7:B9:0C:F6:84:6E:B3:B2:3B:72:2F:5E:0E:75:3C:FB:E6
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       018FEC828521D55444FB998A8A5845AF8CDE
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/QcO_97kM9oRus7I7ci9eDnU8--Y.roa
Signing time:             Thu 06 Jun 2024 07:45:27 +0000
ROA not before:           Thu 06 Jun 2024 07:45:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.251.60.0/22 maxlen: 22
                          103.49.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:82:85:21:d5:54:44:fb:99:8a:8a:58:45:af:8c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jun  6 07:45:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41c3bff7b90cf6846eb3b23b722f5e0e753cfbe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:81:15:fd:8c:cb:72:c3:29:8c:91:dc:4e:05:
                    46:e3:8d:06:78:30:f0:91:c5:ec:1d:f3:fa:60:50:
                    c0:3c:af:a1:58:5d:fe:d1:f8:64:e1:78:34:e7:50:
                    85:c0:24:09:b8:3f:fd:ca:18:34:4e:34:d8:b4:7e:
                    6b:ab:24:7c:10:23:f8:ec:d8:fe:d1:8e:17:25:50:
                    76:fe:1d:4a:cf:b8:86:de:0b:1b:78:13:d1:48:90:
                    a2:59:b3:f0:37:8f:7f:99:74:c4:62:3a:e4:33:5a:
                    e5:d2:4c:e5:3d:0d:32:d0:b1:58:b0:59:c2:93:fc:
                    3b:e7:8b:67:cc:d6:fe:10:ad:3a:9f:47:01:19:ff:
                    8c:f7:0f:1a:fd:4c:cb:6e:c5:c6:9f:dc:3f:14:70:
                    5c:a1:42:72:a6:be:5a:b6:0a:8b:00:03:6e:1e:ec:
                    7c:d3:7b:85:f5:0d:1d:53:9f:ff:35:5c:a6:9f:8d:
                    d9:91:eb:7d:2a:bf:6e:3d:94:65:90:0e:92:b8:7b:
                    3e:11:3b:ae:f3:df:aa:64:27:4c:f7:22:d9:53:aa:
                    6f:48:01:03:bd:19:32:a9:5a:1c:c4:7d:c0:16:ff:
                    09:cf:6b:6b:b5:b5:f5:13:14:37:f4:a2:9a:d0:79:
                    36:59:d3:33:6b:8b:a3:00:2a:54:61:41:e6:ca:cf:
                    00:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C3:BF:F7:B9:0C:F6:84:6E:B3:B2:3B:72:2F:5E:0E:75:3C:FB:E6
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/QcO_97kM9oRus7I7ci9eDnU8--Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.251.60.0/22
                  103.49.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:da:49:cd:d2:da:f3:a6:a5:e3:2c:4b:37:0d:8b:c9:f5:b4:
         84:9c:05:4d:98:0b:67:53:cf:19:21:b3:29:7b:31:6a:f0:31:
         a7:ed:d1:7f:45:80:6f:7d:f2:57:f1:44:f6:75:16:45:10:76:
         a9:7f:a1:85:f5:61:2b:bb:c3:2a:c5:0b:35:83:2e:a2:75:f6:
         79:70:d6:d4:af:1b:94:d9:23:a0:2e:c2:89:f9:e7:54:e0:f6:
         50:46:33:c1:ec:9c:04:a6:91:c3:ae:c5:d9:ff:19:53:ca:24:
         4c:26:e3:2b:6b:20:f8:8c:7d:06:0c:35:f6:84:a9:a3:e4:3a:
         b9:19:01:b2:f4:0e:c8:d6:f9:51:82:f5:51:76:0e:23:51:7c:
         0f:37:b6:26:d8:fa:d9:75:d7:f0:2e:fb:ea:b9:58:b6:f4:96:
         0c:63:8f:e1:81:a2:a7:58:6c:67:0f:8d:98:7f:ad:73:29:0b:
         a7:60:0f:57:84:45:eb:d0:32:c5:fc:b3:00:28:a0:7c:d4:2b:
         22:4e:92:0e:05:7e:09:57:4e:13:0a:f1:78:73:66:e1:94:c7:
         66:32:29:05:88:28:8e:cf:43:db:bd:22:5a:90:fd:6c:4c:1d:
         13:67:54:d0:04:23:af:45:8b:f7:06:1b:11:04:bb:54:3b:81:
         97:04:ca:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/sgoUh1VRE+5mKilhFr4zeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwNjA2MDc0NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWMzYmZmN2I5MGNmNjg0NmViM2IyM2I3MjJmNWUwZTc1M2NmYmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoEV/YzLcsMpjJHcTgVG440GeDDw
kcXsHfP6YFDAPK+hWF3+0fhk4Xg051CFwCQJuD/9yhg0TjTYtH5rqyR8ECP47Nj+
0Y4XJVB2/h1Kz7iG3gsbeBPRSJCiWbPwN49/mXTEYjrkM1rl0kzlPQ0y0LFYsFnC
k/w754tnzNb+EK06n0cBGf+M9w8a/UzLbsXGn9w/FHBcoUJypr5atgqLAANuHux8
03uF9Q0dU5//NVymn43Zket9Kr9uPZRlkA6SuHs+ETuu89+qZCdM9yLZU6pvSAED
vRkyqVocxH3AFv8Jz2trtbX1ExQ39KKa0Hk2WdMza4ujACpUYUHmys8A7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHDv/e5DPaEbrOyO3IvXg51PPvmMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvUWNPXzk3a005b1J1czdJN2NpOWVEblU4LS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLfs8AwQC
ZzFUMA0GCSqGSIb3DQEBCwUAA4IBAQCy2knN0trzpqXjLEs3DYvJ9bSEnAVNmAtn
U88ZIbMpezFq8DGn7dF/RYBvffJX8UT2dRZFEHapf6GF9WEru8MqxQs1gy6idfZ5
cNbUrxuU2SOgLsKJ+edU4PZQRjPB7JwEppHDrsXZ/xlTyiRMJuMrayD4jH0GDDX2
hKmj5Dq5GQGy9A7I1vlRgvVRdg4jUXwPN7Ym2PrZddfwLvvquVi29JYMY4/hgaKn
WGxnD42Yf61zKQunYA9XhEXr0DLF/LMAKKB81CsiTpIOBX4JV04TCvF4c2bhlMdm
MikFiCiOz0PbvSJakP1sTB0TZ1TQBCOvRYv3BhsRBLtUO4GXBMq8
-----END CERTIFICATE-----