Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Q-S-6ZgE8VweKZfKKNFTCD6kEE4.roa
File:                     Q-S-6ZgE8VweKZfKKNFTCD6kEE4.roa (raw, json)
Hash identifier:          TNselkEV7RWcqnUkwrsO9JVAbXIV5dX6GuAW6+wxzFQ=
Subject key identifier:   43:E4:BE:E9:98:04:F1:5C:1E:29:97:CA:28:D1:53:08:3E:A4:10:4E
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018F056DACF3F019BBCB2305A9CB215C9487
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Q-S-6ZgE8VweKZfKKNFTCD6kEE4.roa
Signing time:             Mon 22 Apr 2024 10:50:24 +0000
ROA not before:           Mon 22 Apr 2024 10:50:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397630
IP address blocks:        45.146.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:6d:ac:f3:f0:19:bb:cb:23:05:a9:cb:21:5c:94:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Apr 22 10:50:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e4bee99804f15c1e2997ca28d153083ea4104e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3d:13:12:d8:3f:c5:01:d5:ca:d4:e4:c7:21:
                    df:be:ec:69:56:79:c3:32:0b:d0:c6:41:77:47:1a:
                    c5:f1:ce:59:2e:59:06:60:b1:67:e5:48:42:6f:65:
                    89:dd:49:6d:a1:34:18:f5:6c:83:54:5b:5d:78:f3:
                    c1:b4:b0:b4:b3:5c:b7:f7:fb:3a:88:d7:37:ac:3e:
                    37:8b:2d:05:93:f3:d2:f2:29:90:50:e3:14:ce:81:
                    1d:35:28:d3:78:10:59:cc:69:ac:74:e8:7a:81:80:
                    05:8c:65:bf:00:d1:41:9f:99:bf:f6:12:60:c1:d0:
                    ed:dc:c5:ad:65:32:2a:4a:39:d6:b6:10:4b:2d:96:
                    2d:64:6c:8c:b1:58:b2:62:f1:e2:09:3c:b7:ee:01:
                    0a:2d:75:4f:cd:3f:1c:4e:6a:af:b7:73:2d:b1:52:
                    1b:2f:0d:c1:e4:52:19:4b:b1:60:f8:e0:3f:c2:26:
                    f9:e7:63:61:20:41:c7:4f:1e:c7:49:61:a1:12:3b:
                    70:09:a1:1f:70:1f:35:ba:22:86:26:26:26:37:21:
                    37:28:fe:1f:d1:21:32:f0:59:2c:22:5e:86:19:f0:
                    10:e1:55:b5:e2:4a:72:45:c4:b8:b0:8f:1a:fe:93:
                    26:07:43:43:bb:ee:42:5f:dc:f0:ff:49:d1:c2:ce:
                    c4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E4:BE:E9:98:04:F1:5C:1E:29:97:CA:28:D1:53:08:3E:A4:10:4E
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Q-S-6ZgE8VweKZfKKNFTCD6kEE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:6f:e5:19:d5:e2:f3:fd:76:3d:b8:ba:81:a2:9a:df:1f:0b:
         77:46:25:f0:df:94:3f:84:10:4b:74:c5:2d:3f:c9:9a:1c:63:
         e3:01:9e:5c:eb:54:d7:26:78:14:b1:f9:32:0e:6a:14:cf:90:
         6b:66:ae:fe:08:dc:4b:e3:a2:e4:11:5b:ed:6b:e1:84:a4:a3:
         21:fa:03:85:c3:1b:e9:4c:f6:9f:64:c2:4d:f5:f5:91:fb:bc:
         20:f5:d7:97:e7:72:09:04:f1:30:07:1b:79:0b:68:e3:af:5c:
         90:57:6b:87:1e:29:ca:dc:a7:38:00:e0:ae:e6:0e:0a:f0:4e:
         8f:b2:54:4d:ef:1d:5a:bd:48:0d:86:18:62:ba:53:99:20:29:
         a5:27:bb:fd:1c:8f:b8:c5:39:d7:4e:18:a8:41:ba:2b:f0:39:
         89:cc:8b:9e:66:95:88:e5:38:c0:db:7e:56:24:8a:05:99:8f:
         5f:cd:40:f1:b3:d6:a2:17:0b:7f:32:b3:48:2b:5e:67:44:04:
         c2:73:cd:d5:f5:78:57:c4:6a:90:6a:e4:08:a4:b3:58:16:10:
         cb:7f:ad:e5:aa:b7:79:cb:37:90:aa:67:a4:bd:07:53:51:95:
         4e:37:94:6b:37:77:9a:75:4b:38:c8:9f:b0:c8:6e:24:43:6a:
         ba:27:b2:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Fbazz8Bm7yyMFqcshXJSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwNDIyMTA1MDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U0YmVlOTk4MDRmMTVjMWUyOTk3Y2EyOGQxNTMwODNlYTQxMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3D0TEtg/xQHVytTkxyHfvuxpVnnD
MgvQxkF3RxrF8c5ZLlkGYLFn5UhCb2WJ3UltoTQY9WyDVFtdePPBtLC0s1y39/s6
iNc3rD43iy0Fk/PS8imQUOMUzoEdNSjTeBBZzGmsdOh6gYAFjGW/ANFBn5m/9hJg
wdDt3MWtZTIqSjnWthBLLZYtZGyMsViyYvHiCTy37gEKLXVPzT8cTmqvt3MtsVIb
Lw3B5FIZS7Fg+OA/wib552NhIEHHTx7HSWGhEjtwCaEfcB81uiKGJiYmNyE3KP4f
0SEy8FksIl6GGfAQ4VW14kpyRcS4sI8a/pMmB0NDu+5CX9zw/0nRws7EGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPkvumYBPFcHimXyijRUwg+pBBOMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvUS1TLTZaZ0U4VndlS1pmS0tORlRDRDZrRUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLLMA0G
CSqGSIb3DQEBCwUAA4IBAQBvb+UZ1eLz/XY9uLqBoprfHwt3RiXw35Q/hBBLdMUt
P8maHGPjAZ5c61TXJngUsfkyDmoUz5BrZq7+CNxL46LkEVvta+GEpKMh+gOFwxvp
TPafZMJN9fWR+7wg9deX53IJBPEwBxt5C2jjr1yQV2uHHinK3Kc4AOCu5g4K8E6P
slRN7x1avUgNhhhiulOZICmlJ7v9HI+4xTnXThioQbor8DmJzIueZpWI5TjA235W
JIoFmY9fzUDxs9aiFwt/MrNIK15nRATCc83V9XhXxGqQauQIpLNYFhDLf63lqrd5
yzeQqmekvQdTUZVON5RrN3eadUs4yJ+wyG4kQ2q6J7KQ
-----END CERTIFICATE-----