Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/4ca005-177d-44b5-9d96-c5469fc7d2d0/1/XwxQzHFlNQr2KJCsoYTlkimvqeM.roa
File:                     XwxQzHFlNQr2KJCsoYTlkimvqeM.roa (raw, json)
Hash identifier:          8bzUXPu0CjemLm0ubGNwni4bTLneCShQO2ZLuTtxh5M=
Subject key identifier:   5F:0C:50:CC:71:65:35:0A:F6:28:90:AC:A1:84:E5:92:29:AF:A9:E3
Certificate issuer:       /CN=1cb4092ea2d1296dfe61d78a7dfb3c1e03916408
Certificate serial:       018CC7935C52FC48FE43F80C8FEEA8C90BB3
Authority key identifier: 1C:B4:09:2E:A2:D1:29:6D:FE:61:D7:8A:7D:FB:3C:1E:03:91:64:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLQJLqLRKW3-YdeKffs8HgORZAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/4ca005-177d-44b5-9d96-c5469fc7d2d0/1/XwxQzHFlNQr2KJCsoYTlkimvqeM.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203071
IP address blocks:        45.147.94.0/24 maxlen: 24
                          2a13:4e80::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/4ca005-177d-44b5-9d96-c5469fc7d2d0/1/HLQJLqLRKW3-YdeKffs8HgORZAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/4ca005-177d-44b5-9d96-c5469fc7d2d0/1/HLQJLqLRKW3-YdeKffs8HgORZAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HLQJLqLRKW3-YdeKffs8HgORZAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5c:52:fc:48:fe:43:f8:0c:8f:ee:a8:c9:0b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cb4092ea2d1296dfe61d78a7dfb3c1e03916408
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f0c50cc7165350af62890aca184e59229afa9e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5c:44:e5:c6:a8:70:77:22:2a:3a:df:ce:12:
                    a3:38:a8:cd:5e:6e:49:b5:28:e1:bd:4d:ce:15:da:
                    84:94:a6:a0:2e:e2:d1:4d:38:e8:08:3d:b7:e7:5a:
                    d4:4c:69:de:6a:ba:e3:21:81:d2:d6:3d:07:5a:bc:
                    98:67:32:7c:d5:d0:0c:7d:13:ee:61:50:0c:2b:f8:
                    04:53:1f:d6:5d:41:9d:ef:a8:1c:83:11:83:ba:c2:
                    97:0e:42:1e:80:a9:3b:1d:e0:fd:7b:bd:71:2a:4c:
                    5e:30:1e:ea:96:32:50:58:6f:d5:1a:96:10:ee:aa:
                    0b:7f:a3:55:65:4a:02:e3:63:0d:8f:c0:2b:e2:54:
                    15:7f:d5:b1:27:da:3e:7c:86:17:f5:3e:6c:32:9c:
                    72:47:73:50:d6:e5:51:5d:d0:df:de:e7:66:ff:a4:
                    5a:2d:1c:38:ce:b5:36:d2:7c:88:1c:25:9c:6f:c8:
                    dd:ec:39:c6:91:06:82:db:c3:2d:38:c0:dd:33:aa:
                    5e:f9:d0:77:5b:aa:7e:a4:f3:69:91:4e:51:f9:d0:
                    e1:19:a7:42:99:50:91:b5:95:6b:9e:71:df:bb:06:
                    9b:96:33:63:b4:1d:27:17:cc:66:8e:31:d4:30:f3:
                    8b:c9:bf:48:96:22:43:95:56:9a:c3:1e:c7:d1:27:
                    0c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0C:50:CC:71:65:35:0A:F6:28:90:AC:A1:84:E5:92:29:AF:A9:E3
            X509v3 Authority Key Identifier:
                keyid:1C:B4:09:2E:A2:D1:29:6D:FE:61:D7:8A:7D:FB:3C:1E:03:91:64:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLQJLqLRKW3-YdeKffs8HgORZAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/4ca005-177d-44b5-9d96-c5469fc7d2d0/1/XwxQzHFlNQr2KJCsoYTlkimvqeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/4ca005-177d-44b5-9d96-c5469fc7d2d0/1/HLQJLqLRKW3-YdeKffs8HgORZAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.94.0/24
                IPv6:
                  2a13:4e80::/40

    Signature Algorithm: sha256WithRSAEncryption
         74:40:60:d6:96:27:e5:8d:06:a5:b0:25:8c:7d:10:9a:9a:c9:
         92:6c:7a:db:e5:06:31:e3:a9:35:43:73:3a:0d:fe:be:ba:a0:
         6b:ca:dc:a3:04:23:dc:c1:24:db:45:6c:61:da:f2:d2:38:c1:
         78:43:4e:2a:bf:31:27:2a:7f:fa:61:2b:ec:57:7b:a9:fb:30:
         5b:c8:07:2e:32:d3:be:93:ae:f1:83:42:42:8c:b1:96:76:fe:
         75:55:d9:8a:36:db:f1:42:6c:b0:de:94:37:10:9a:57:72:98:
         83:96:59:95:79:21:3b:3f:f9:01:54:f0:c1:ab:08:30:8a:de:
         2f:89:4e:22:e2:aa:06:2a:c3:f0:9c:a0:b4:1a:ce:f3:39:07:
         4f:f9:1d:8e:2d:80:bc:92:e8:48:99:db:78:ac:5e:61:5f:17:
         55:bc:7a:13:04:8c:da:e1:5f:8b:7f:cf:df:36:65:a0:c4:96:
         25:a4:36:03:b9:b1:85:e7:3f:57:43:b2:54:8d:3c:98:e7:a9:
         03:26:9a:3c:15:34:6b:c5:81:17:11:8e:e0:78:f7:1d:e1:cb:
         bc:cf:28:ca:70:cc:d2:72:a1:0d:4d:72:dd:df:29:8d:ee:76:
         bc:63:bf:f8:bb:ce:50:b4:65:70:0b:78:8f:93:84:43:74:50:
         df:96:70:2a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHk1xS/Ej+Q/gMj+6oyQuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYjQwOTJlYTJkMTI5NmRmZTYxZDc4YTdkZmIzYzFlMDM5
MTY0MDgwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBjNTBjYzcxNjUzNTBhZjYyODkwYWNhMTg0ZTU5MjI5YWZhOWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslxE5caocHciKjrfzhKjOKjNXm5J
tSjhvU3OFdqElKagLuLRTTjoCD2351rUTGnearrjIYHS1j0HWryYZzJ81dAMfRPu
YVAMK/gEUx/WXUGd76gcgxGDusKXDkIegKk7HeD9e71xKkxeMB7qljJQWG/VGpYQ
7qoLf6NVZUoC42MNj8Ar4lQVf9WxJ9o+fIYX9T5sMpxyR3NQ1uVRXdDf3udm/6Ra
LRw4zrU20nyIHCWcb8jd7DnGkQaC28MtOMDdM6pe+dB3W6p+pPNpkU5R+dDhGadC
mVCRtZVrnnHfuwabljNjtB0nF8xmjjHUMPOLyb9IliJDlVaawx7H0ScM6QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFF8MUMxxZTUK9iiQrKGE5ZIpr6njMB8GA1UdIwQY
MBaAFBy0CS6i0Slt/mHXin37PB4DkWQIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSExRSkxxTFJLVzMtWWRlS2ZmczhIZ09SWkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC80Y2EwMDUtMTc3ZC00NGI1LTlkOTYt
YzU0NjlmYzdkMmQwLzEvWHd4UXpIRmxOUXIyS0pDc29ZVGxraW12cWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC80Y2EwMDUtMTc3ZC00NGI1LTlkOTYtYzU0NjlmYzdkMmQw
LzEvSExRSkxxTFJLVzMtWWRlS2ZmczhIZ09SWkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALZNeMA4E
AgACMAgDBgAqE06AADANBgkqhkiG9w0BAQsFAAOCAQEAdEBg1pYn5Y0GpbAljH0Q
mprJkmx62+UGMeOpNUNzOg3+vrqga8rcowQj3MEk20VsYdry0jjBeENOKr8xJyp/
+mEr7Fd7qfswW8gHLjLTvpOu8YNCQoyxlnb+dVXZijbb8UJssN6UNxCaV3KYg5ZZ
lXkhOz/5AVTwwasIMIreL4lOIuKqBirD8JygtBrO8zkHT/kdji2AvJLoSJnbeKxe
YV8XVbx6EwSM2uFfi3/P3zZloMSWJaQ2A7mxhec/V0OyVI08mOepAyaaPBU0a8WB
FxGO4Hj3HeHLvM8oynDM0nKhDU1y3d8pje52vGO/+LvOULRlcAt4j5OEQ3RQ35Zw
Kg==
-----END CERTIFICATE-----