Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/2cbf88-58d9-424e-8f8f-fd4604d7e7af/1/Q7j4rDlvWr64Z5WHqrjOoVNkI-0.roa
File:                     Q7j4rDlvWr64Z5WHqrjOoVNkI-0.roa (raw, json)
Hash identifier:          RLhmnW1tSxKRjPeX4vAwpctEBiYJbkH9CT1QNOBM25c=
Subject key identifier:   43:B8:F8:AC:39:6F:5A:BE:B8:67:95:87:AA:B8:CE:A1:53:64:23:ED
Certificate issuer:       /CN=1b368fbf5bbd6d32f3dddc24ec204038c49b0550
Certificate serial:       0190964A5DA3574AA9A1FDF2174A427D9151
Authority key identifier: 1B:36:8F:BF:5B:BD:6D:32:F3:DD:DC:24:EC:20:40:38:C4:9B:05:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GzaPv1u9bTLz3dwk7CBAOMSbBVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/2cbf88-58d9-424e-8f8f-fd4604d7e7af/1/Q7j4rDlvWr64Z5WHqrjOoVNkI-0.roa
Signing time:             Tue 09 Jul 2024 06:59:34 +0000
ROA not before:           Tue 09 Jul 2024 06:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211978
IP address blocks:        45.135.72.0/23 maxlen: 23
                          45.135.74.0/23 maxlen: 23
                          45.135.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/2cbf88-58d9-424e-8f8f-fd4604d7e7af/1/GzaPv1u9bTLz3dwk7CBAOMSbBVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/2cbf88-58d9-424e-8f8f-fd4604d7e7af/1/GzaPv1u9bTLz3dwk7CBAOMSbBVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GzaPv1u9bTLz3dwk7CBAOMSbBVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:96:4a:5d:a3:57:4a:a9:a1:fd:f2:17:4a:42:7d:91:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b368fbf5bbd6d32f3dddc24ec204038c49b0550
        Validity
            Not Before: Jul  9 06:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43b8f8ac396f5abeb8679587aab8cea1536423ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:50:a2:94:45:03:5e:23:8d:ab:89:31:6d:d3:
                    6a:4d:bf:b3:a5:6c:1b:bd:76:8c:8b:ff:7a:4f:0b:
                    f6:dc:1e:aa:12:46:0b:41:94:ed:f3:25:8f:c1:5d:
                    e2:01:49:84:27:c4:7e:f5:1c:d9:99:4c:dd:37:35:
                    f0:bb:29:f3:1d:ff:4f:3f:9a:94:0a:36:8c:b1:a0:
                    32:df:d5:ef:6c:5c:d8:79:eb:93:66:50:19:2d:2d:
                    f1:68:b1:9c:13:f1:f0:87:9b:71:1b:17:ef:0e:40:
                    07:24:34:b8:d7:64:b0:42:6b:6d:36:ef:c5:02:6c:
                    73:82:94:cf:f1:a5:3d:21:68:a2:c6:a7:ca:a5:aa:
                    87:88:24:70:4c:4f:34:42:a2:d3:76:06:5c:a2:86:
                    55:67:66:26:f1:9b:1e:c7:d7:27:94:7a:d8:45:6d:
                    90:03:35:37:be:3f:db:86:98:7f:9e:f9:7d:d1:06:
                    5e:41:f5:30:60:8f:90:2a:44:60:55:b1:a7:b5:0c:
                    a8:b8:f5:a0:45:9d:63:04:3d:da:b4:66:de:7e:d9:
                    b6:95:96:dd:82:72:e6:21:a3:81:3d:fb:76:ba:ab:
                    a3:15:1e:39:8c:22:65:f8:48:1a:ed:9c:1d:da:25:
                    d1:f3:53:18:88:32:c2:89:79:e1:09:d2:19:45:72:
                    11:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B8:F8:AC:39:6F:5A:BE:B8:67:95:87:AA:B8:CE:A1:53:64:23:ED
            X509v3 Authority Key Identifier:
                keyid:1B:36:8F:BF:5B:BD:6D:32:F3:DD:DC:24:EC:20:40:38:C4:9B:05:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzaPv1u9bTLz3dwk7CBAOMSbBVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/2cbf88-58d9-424e-8f8f-fd4604d7e7af/1/Q7j4rDlvWr64Z5WHqrjOoVNkI-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/2cbf88-58d9-424e-8f8f-fd4604d7e7af/1/GzaPv1u9bTLz3dwk7CBAOMSbBVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:62:0f:d5:bf:0f:19:89:a8:da:72:50:e3:2e:96:7f:5d:97:
         fe:38:a5:c9:92:a0:d0:cb:43:fc:a3:92:f2:06:86:6c:ae:1b:
         04:3a:d4:93:16:27:ed:df:d2:f4:a1:04:21:0f:7f:d2:7d:c5:
         9a:5d:3d:20:fd:e5:03:ad:b3:93:da:80:af:88:bb:15:90:a3:
         32:cc:5e:6c:53:f9:45:6b:eb:8f:d6:3a:9c:8a:4d:c6:c5:be:
         04:57:8b:ec:15:4a:eb:0d:55:ee:ac:48:ae:69:86:20:bd:d0:
         c3:03:d8:d5:7e:bb:69:82:83:2c:bc:f5:92:b5:ea:f9:54:e7:
         81:5f:a0:4f:be:90:e0:8c:13:89:d1:47:b4:0b:47:a3:bf:54:
         36:d4:95:03:8b:68:60:a4:e7:a8:c7:30:04:6e:2a:25:d3:8a:
         d5:4e:2b:07:a8:83:b3:33:70:dd:c3:58:79:7b:82:f6:c7:3c:
         41:0b:7a:67:36:8f:68:a3:94:dd:71:6a:be:55:66:f1:95:4e:
         f7:df:91:c2:4c:bc:c1:78:bd:18:ca:54:e8:5d:ce:66:a6:04:
         02:9e:8b:65:3f:41:62:74:49:04:79:97:d3:97:b4:c5:00:1d:
         67:52:94:f5:44:25:ca:5d:5e:44:1c:c7:ca:5c:5d:00:91:70:
         e5:3d:27:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCWSl2jV0qpof3yF0pCfZFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzY4ZmJmNWJiZDZkMzJmM2RkZGMyNGVjMjA0MDM4YzQ5
YjA1NTAwHhcNMjQwNzA5MDY1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I4ZjhhYzM5NmY1YWJlYjg2Nzk1ODdhYWI4Y2VhMTUzNjQyM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVCilEUDXiONq4kxbdNqTb+zpWwb
vXaMi/96Twv23B6qEkYLQZTt8yWPwV3iAUmEJ8R+9RzZmUzdNzXwuynzHf9PP5qU
CjaMsaAy39XvbFzYeeuTZlAZLS3xaLGcE/Hwh5txGxfvDkAHJDS412SwQmttNu/F
AmxzgpTP8aU9IWiixqfKpaqHiCRwTE80QqLTdgZcooZVZ2Ym8Zsex9cnlHrYRW2Q
AzU3vj/bhph/nvl90QZeQfUwYI+QKkRgVbGntQyouPWgRZ1jBD3atGbeftm2lZbd
gnLmIaOBPft2uqujFR45jCJl+Ega7Zwd2iXR81MYiDLCiXnhCdIZRXIRWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO4+Kw5b1q+uGeVh6q4zqFTZCPtMB8GA1UdIwQY
MBaAFBs2j79bvW0y893cJOwgQDjEmwVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3phUHYxdTliVEx6M2R3azdDQkFPTVNiQlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8yY2JmODgtNThkOS00MjRlLThmOGYt
ZmQ0NjA0ZDdlN2FmLzEvUTdqNHJEbHZXcjY0WjVXSHFyak9vVk5rSS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8yY2JmODgtNThkOS00MjRlLThmOGYtZmQ0NjA0ZDdlN2Fm
LzEvR3phUHYxdTliVEx6M2R3azdDQkFPTVNiQlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYdIMA0G
CSqGSIb3DQEBCwUAA4IBAQCKYg/Vvw8ZiajaclDjLpZ/XZf+OKXJkqDQy0P8o5Ly
BoZsrhsEOtSTFift39L0oQQhD3/SfcWaXT0g/eUDrbOT2oCviLsVkKMyzF5sU/lF
a+uP1jqcik3Gxb4EV4vsFUrrDVXurEiuaYYgvdDDA9jVfrtpgoMsvPWSter5VOeB
X6BPvpDgjBOJ0Ue0C0ejv1Q21JUDi2hgpOeoxzAEbiol04rVTisHqIOzM3Ddw1h5
e4L2xzxBC3pnNo9oo5TdcWq+VWbxlU7335HCTLzBeL0YylToXc5mpgQCnotlP0Fi
dEkEeZfTl7TFAB1nUpT1RCXKXV5EHMfKXF0AkXDlPSce
-----END CERTIFICATE-----