Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/N_dQkqVxBbicfLoPi5SqpyikUNU.roa
File:                     N_dQkqVxBbicfLoPi5SqpyikUNU.roa (raw, json)
Hash identifier:          XrW4KjhQW6JQfh4KdCkckoCjWvO0MhK2gV4J60DIw5s=
Subject key identifier:   37:F7:50:92:A5:71:05:B8:9C:7C:BA:0F:8B:94:AA:A7:28:A4:50:D5
Certificate issuer:       /CN=1662cfd26eccf289757399cc99c17d1cb4357535
Certificate serial:       018CC34929638BA8E67CF89BC3B96EE4C0F5
Authority key identifier: 16:62:CF:D2:6E:CC:F2:89:75:73:99:CC:99:C1:7D:1C:B4:35:75:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/N_dQkqVxBbicfLoPi5SqpyikUNU.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21473
IP address blocks:        45.148.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:29:63:8b:a8:e6:7c:f8:9b:c3:b9:6e:e4:c0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1662cfd26eccf289757399cc99c17d1cb4357535
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37f75092a57105b89c7cba0f8b94aaa728a450d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:50:77:f4:65:e0:5e:b6:96:13:cf:b5:9b:4d:
                    17:17:d0:79:50:dc:cf:b5:85:14:ee:5c:1c:8d:1f:
                    95:0f:46:c8:98:10:8e:76:ee:77:68:9b:1c:c8:c9:
                    5c:ac:61:04:ee:36:70:be:13:dc:5f:2c:e8:fd:4f:
                    46:88:10:c0:01:3c:7f:96:53:81:0c:e7:7d:a5:d3:
                    fe:38:c6:b7:0d:3a:b1:38:0c:3e:e6:0e:ee:ab:61:
                    b1:c0:c5:00:d6:3f:85:28:4e:3f:29:c7:53:58:25:
                    fe:68:37:90:5b:3b:bf:b2:67:d2:4b:d1:56:3d:41:
                    ea:68:f4:71:31:e2:07:eb:91:c4:ba:76:93:e7:82:
                    62:ee:75:65:da:22:10:47:37:ef:b2:9e:e8:6c:95:
                    94:b0:10:ea:b2:06:83:90:09:6e:c6:4f:6a:2e:c5:
                    96:08:65:2e:60:f2:13:37:12:38:ff:ac:13:ba:f0:
                    ec:2a:13:cf:d2:29:dd:ab:98:f5:ed:ca:8a:c0:e3:
                    0e:43:e5:d0:6d:2f:18:bd:f1:5f:bb:19:fb:47:d1:
                    d6:1e:32:1a:50:e0:92:4c:71:8b:0e:2a:22:3a:cd:
                    23:9e:2a:51:e2:0b:23:3b:69:83:2e:3d:79:35:fd:
                    95:ba:96:c9:f1:eb:52:22:ad:49:40:36:2a:d2:0f:
                    77:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F7:50:92:A5:71:05:B8:9C:7C:BA:0F:8B:94:AA:A7:28:A4:50:D5
            X509v3 Authority Key Identifier:
                keyid:16:62:CF:D2:6E:CC:F2:89:75:73:99:CC:99:C1:7D:1C:B4:35:75:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/N_dQkqVxBbicfLoPi5SqpyikUNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:06:a8:2c:e4:94:62:10:69:38:7e:27:98:31:23:5d:6b:9d:
         06:cf:af:59:fd:ac:3b:48:d7:de:4e:fe:80:64:9a:02:34:a9:
         76:d3:ee:11:a8:1f:de:d3:14:78:b0:d2:7b:f7:e0:b8:16:75:
         e1:4b:64:77:7a:11:1a:3b:d2:03:8e:6b:b4:6b:22:94:e6:dc:
         be:65:9c:df:cf:e6:12:79:45:8f:a8:2d:73:7d:d2:ac:b0:46:
         ec:33:7d:60:68:c3:99:3c:0e:17:84:f7:3d:c4:14:01:da:5e:
         f1:83:d3:d1:cc:48:ca:35:7b:0b:d9:7e:36:05:6b:9f:94:d2:
         cf:20:16:2a:5f:6b:7e:43:d1:f0:4d:b4:20:73:69:6e:49:2f:
         fd:58:4b:1d:89:79:ed:9e:a3:22:5f:86:6d:e7:a8:95:da:8a:
         8f:c5:3c:70:ca:b1:13:1b:a2:14:41:9d:be:9e:10:c0:41:a7:
         5e:33:b7:94:45:e4:04:8b:99:56:74:9c:21:e2:54:1d:86:e9:
         b0:09:c7:91:05:2b:ce:62:2c:1c:11:d8:16:7e:82:f6:d1:95:
         a5:3c:d0:51:5f:30:3b:46:9c:3a:a7:d9:d0:aa:76:25:13:7b:
         60:e4:61:88:a4:97:65:8a:8b:8b:20:96:80:a2:df:54:c4:d1:
         9b:9d:99:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSlji6jmfPibw7lu5MD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NjJjZmQyNmVjY2YyODk3NTczOTljYzk5YzE3ZDFjYjQz
NTc1MzUwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Y3NTA5MmE1NzEwNWI4OWM3Y2JhMGY4Yjk0YWFhNzI4YTQ1MGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lB39GXgXraWE8+1m00XF9B5UNzP
tYUU7lwcjR+VD0bImBCOdu53aJscyMlcrGEE7jZwvhPcXyzo/U9GiBDAATx/llOB
DOd9pdP+OMa3DTqxOAw+5g7uq2GxwMUA1j+FKE4/KcdTWCX+aDeQWzu/smfSS9FW
PUHqaPRxMeIH65HEunaT54Ji7nVl2iIQRzfvsp7obJWUsBDqsgaDkAluxk9qLsWW
CGUuYPITNxI4/6wTuvDsKhPP0indq5j17cqKwOMOQ+XQbS8YvfFfuxn7R9HWHjIa
UOCSTHGLDioiOs0jnipR4gsjO2mDLj15Nf2VupbJ8etSIq1JQDYq0g93FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf3UJKlcQW4nHy6D4uUqqcopFDVMB8GA1UdIwQY
MBaAFBZiz9JuzPKJdXOZzJnBfRy0NXU1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1MUDBtN004b2wxYzVuTW1jRjlITFExZFRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81Yjk4NzgtMjA4MC00MzU0LTk1OTIt
YjcyMzE5NDFmYzNhLzEvTl9kUWtxVnhCYmljZkxvUGk1U3FweWlrVU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81Yjk4NzgtMjA4MC00MzU0LTk1OTItYjcyMzE5NDFmYzNh
LzEvRm1MUDBtN004b2wxYzVuTW1jRjlITFExZFRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZTYMA0G
CSqGSIb3DQEBCwUAA4IBAQAYBqgs5JRiEGk4fieYMSNda50Gz69Z/aw7SNfeTv6A
ZJoCNKl20+4RqB/e0xR4sNJ79+C4FnXhS2R3ehEaO9IDjmu0ayKU5ty+ZZzfz+YS
eUWPqC1zfdKssEbsM31gaMOZPA4XhPc9xBQB2l7xg9PRzEjKNXsL2X42BWuflNLP
IBYqX2t+Q9HwTbQgc2luSS/9WEsdiXntnqMiX4Zt56iV2oqPxTxwyrETG6IUQZ2+
nhDAQadeM7eUReQEi5lWdJwh4lQdhumwCceRBSvOYiwcEdgWfoL20ZWlPNBRXzA7
Rpw6p9nQqnYlE3tg5GGIpJdliouLIJaAot9UxNGbnZm2
-----END CERTIFICATE-----