Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/efdfc9-da3a-46bd-8300-e1c8a4febdee/1/HqGzF7ESfosv0PTTZyGBpx2ngr0.roa
File:                     HqGzF7ESfosv0PTTZyGBpx2ngr0.roa (raw, json)
Hash identifier:          TI6AY2H4S/QfLqHfZD8CT39qRGMQAtESKxME/X3usng=
Subject key identifier:   1E:A1:B3:17:B1:12:7E:8B:2F:D0:F4:D3:67:21:81:A7:1D:A7:82:BD
Certificate issuer:       /CN=4ce37f71c933bf827118c63c07774de98645d019
Certificate serial:       018CCA29CD6069F0050061B1765F7914CBED
Authority key identifier: 4C:E3:7F:71:C9:33:BF:82:71:18:C6:3C:07:77:4D:E9:86:45:D0:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TON_cckzv4JxGMY8B3dN6YZF0Bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/efdfc9-da3a-46bd-8300-e1c8a4febdee/1/HqGzF7ESfosv0PTTZyGBpx2ngr0.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        45.131.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/efdfc9-da3a-46bd-8300-e1c8a4febdee/1/TON_cckzv4JxGMY8B3dN6YZF0Bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/efdfc9-da3a-46bd-8300-e1c8a4febdee/1/TON_cckzv4JxGMY8B3dN6YZF0Bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TON_cckzv4JxGMY8B3dN6YZF0Bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cd:60:69:f0:05:00:61:b1:76:5f:79:14:cb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce37f71c933bf827118c63c07774de98645d019
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ea1b317b1127e8b2fd0f4d3672181a71da782bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:39:74:37:15:c5:61:c8:39:d2:3a:4e:bc:30:
                    8d:84:fe:40:60:b0:02:ab:ef:5e:d0:07:16:61:9e:
                    3d:28:9a:87:2a:d0:db:3f:d7:70:dc:b8:ec:aa:9d:
                    84:9d:fd:6f:0e:df:78:5d:90:19:01:40:70:4b:da:
                    c3:3f:71:d4:5c:b7:b8:67:de:e1:88:f7:b0:23:00:
                    89:43:f8:75:2f:9e:7d:7a:48:a4:c6:6d:50:9b:69:
                    e7:d7:ff:74:b2:d5:80:bc:1d:91:a1:fa:64:82:75:
                    83:6e:53:98:48:5a:78:09:d1:89:f2:80:d0:37:3c:
                    72:d8:81:20:30:f7:33:28:a8:d6:95:45:b6:ef:80:
                    82:60:b4:5b:bf:b9:08:8b:57:71:d5:cf:d3:8d:db:
                    82:bf:44:bf:dc:81:07:c4:ce:4e:96:3f:a8:fb:c7:
                    40:66:96:2e:2b:ed:8f:f5:be:30:3e:d0:d3:59:46:
                    c3:ed:7e:b3:04:03:55:a7:4f:b2:0f:15:c4:79:db:
                    5a:f2:65:23:c2:a4:a8:dc:44:31:f8:5d:79:f5:f2:
                    30:7e:dc:ca:53:3f:c6:36:67:b9:c6:0d:68:3b:54:
                    5d:be:09:74:c8:f4:44:d3:2a:64:3d:87:38:74:23:
                    52:69:a3:8d:2d:df:f8:ac:e0:ff:b5:3d:d2:33:98:
                    26:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A1:B3:17:B1:12:7E:8B:2F:D0:F4:D3:67:21:81:A7:1D:A7:82:BD
            X509v3 Authority Key Identifier:
                keyid:4C:E3:7F:71:C9:33:BF:82:71:18:C6:3C:07:77:4D:E9:86:45:D0:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TON_cckzv4JxGMY8B3dN6YZF0Bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/efdfc9-da3a-46bd-8300-e1c8a4febdee/1/HqGzF7ESfosv0PTTZyGBpx2ngr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/efdfc9-da3a-46bd-8300-e1c8a4febdee/1/TON_cckzv4JxGMY8B3dN6YZF0Bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:5b:bf:13:eb:c3:3d:d7:f9:31:96:90:0c:22:cb:de:b0:e0:
         6a:10:c0:f4:f5:94:a4:54:ee:e4:2f:3d:39:dd:01:0d:20:9c:
         4b:28:a1:8a:2f:1e:bb:43:62:7f:8a:d7:a9:3a:9f:70:5a:82:
         f0:a8:ac:c9:b1:81:b8:8c:ac:16:d2:f2:31:b2:0c:9d:8b:01:
         02:8b:98:78:d9:f6:a9:25:20:f3:a8:c1:af:4f:c9:fc:46:94:
         45:7e:98:e0:b2:c1:57:45:f9:a9:4f:19:63:ed:99:6e:f4:cc:
         21:a2:6e:2d:52:f6:a4:2e:51:c2:5c:19:5f:47:da:bf:3f:0e:
         ef:41:e7:8e:1c:14:ab:c7:40:36:c1:2a:c6:a5:b6:7d:2b:ac:
         e2:3a:15:3d:ae:5a:e6:5d:dd:90:92:f9:21:01:3a:21:e5:8f:
         8a:f5:1c:72:19:6d:26:7f:56:41:1d:91:17:bc:d1:e6:3a:45:
         9f:e5:c3:09:67:ba:0e:bb:90:02:95:8c:61:85:03:b4:9a:da:
         17:6b:02:e7:d2:fc:f1:50:c7:22:83:3b:93:40:4a:00:bc:2e:
         97:65:5d:b9:d3:c0:c5:ae:2b:15:59:99:38:95:33:5d:25:95:
         71:db:c3:7f:bc:a9:aa:0f:94:74:74:0a:d5:34:be:dd:c7:9d:
         a5:4a:d1:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKc1gafAFAGGxdl95FMvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTM3ZjcxYzkzM2JmODI3MTE4YzYzYzA3Nzc0ZGU5ODY0
NWQwMTkwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWExYjMxN2IxMTI3ZThiMmZkMGY0ZDM2NzIxODFhNzFkYTc4MmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDl0NxXFYcg50jpOvDCNhP5AYLAC
q+9e0AcWYZ49KJqHKtDbP9dw3Ljsqp2Enf1vDt94XZAZAUBwS9rDP3HUXLe4Z97h
iPewIwCJQ/h1L559ekikxm1Qm2nn1/90stWAvB2RofpkgnWDblOYSFp4CdGJ8oDQ
Nzxy2IEgMPczKKjWlUW274CCYLRbv7kIi1dx1c/TjduCv0S/3IEHxM5Olj+o+8dA
ZpYuK+2P9b4wPtDTWUbD7X6zBANVp0+yDxXEedta8mUjwqSo3EQx+F159fIwftzK
Uz/GNme5xg1oO1Rdvgl0yPRE0ypkPYc4dCNSaaONLd/4rOD/tT3SM5gmEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6hsxexEn6LL9D002chgacdp4K9MB8GA1UdIwQY
MBaAFEzjf3HJM7+CcRjGPAd3TemGRdAZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9OX2Nja3p2NEp4R01ZOEIzZE42WVpGMEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9lZmRmYzktZGEzYS00NmJkLTgzMDAt
ZTFjOGE0ZmViZGVlLzEvSHFHekY3RVNmb3N2MFBUVFp5R0JweDJuZ3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9lZmRmYzktZGEzYS00NmJkLTgzMDAtZTFjOGE0ZmViZGVl
LzEvVE9OX2Nja3p2NEp4R01ZOEIzZE42WVpGMEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYP8MA0G
CSqGSIb3DQEBCwUAA4IBAQB4W78T68M91/kxlpAMIsvesOBqEMD09ZSkVO7kLz05
3QENIJxLKKGKLx67Q2J/itepOp9wWoLwqKzJsYG4jKwW0vIxsgydiwECi5h42fap
JSDzqMGvT8n8RpRFfpjgssFXRfmpTxlj7Zlu9Mwhom4tUvakLlHCXBlfR9q/Pw7v
QeeOHBSrx0A2wSrGpbZ9K6ziOhU9rlrmXd2QkvkhAToh5Y+K9RxyGW0mf1ZBHZEX
vNHmOkWf5cMJZ7oOu5AClYxhhQO0mtoXawLn0vzxUMcigzuTQEoAvC6XZV2508DF
risVWZk4lTNdJZVx28N/vKmqD5R0dArVNL7dx52lStE4
-----END CERTIFICATE-----