Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/RdDdglqDDQ18m4UNsM9hxuMbu_E.roa
File:                     RdDdglqDDQ18m4UNsM9hxuMbu_E.roa (raw, json)
Hash identifier:          lcmJ1kHiz7VfLZUaD62G+oFn9K0z79RW6i6bvQU7O00=
Subject key identifier:   45:D0:DD:82:5A:83:0D:0D:7C:9B:85:0D:B0:CF:61:C6:E3:1B:BB:F1
Certificate issuer:       /CN=31242850cad41cdf75a3c9d60b21fca543f74384
Certificate serial:       01932F766AAB284049E9BDA17F46AE7F6E1A
Authority key identifier: 31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/RdDdglqDDQ18m4UNsM9hxuMbu_E.roa
Signing time:             Fri 15 Nov 2024 10:55:09 +0000
ROA not before:           Fri 15 Nov 2024 10:55:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        193.201.149.0/26 maxlen: 26
                          2001:7f8:25::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:76:6a:ab:28:40:49:e9:bd:a1:7f:46:ae:7f:6e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31242850cad41cdf75a3c9d60b21fca543f74384
        Validity
            Not Before: Nov 15 10:55:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45d0dd825a830d0d7c9b850db0cf61c6e31bbbf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:17:84:11:96:03:e0:28:70:ed:f8:a8:42:13:
                    51:fd:1a:a9:65:79:8d:d0:a0:82:00:02:f3:66:e2:
                    3c:a1:3a:ee:70:ec:06:26:3d:db:4d:33:c4:ca:d0:
                    0f:44:c2:b5:fd:4e:97:4c:9b:46:34:5a:64:52:57:
                    66:d2:7e:fe:3a:89:03:44:c2:3b:92:9e:b2:05:5f:
                    50:d6:9a:33:f1:4d:1c:f5:5e:fa:54:03:74:b2:43:
                    3a:28:13:f3:17:4e:8b:19:52:d4:5e:89:35:8e:2a:
                    57:ef:ed:ba:3f:06:4b:b0:c5:a0:26:33:5f:f8:ed:
                    4c:75:16:2f:8f:36:3d:7c:86:d3:bc:9f:69:32:13:
                    c3:2b:70:ed:00:92:27:6f:fa:0b:2c:1f:99:77:4f:
                    0f:11:4f:bc:f3:fc:02:89:55:45:3d:fa:cf:b9:6d:
                    09:79:4b:31:65:c0:1a:9b:78:35:c4:e8:33:b2:9d:
                    b2:66:34:81:7d:93:4a:ee:2c:c3:5d:e6:15:e7:b8:
                    12:43:b9:a1:d2:db:ad:7f:e0:09:d5:a4:1d:ff:b6:
                    64:24:1a:0f:3b:0b:51:69:6f:60:a2:08:a5:ea:30:
                    8e:4e:fe:70:40:b7:8d:c1:3d:6f:e1:9d:b0:8f:f7:
                    a4:d5:e1:28:85:ea:d5:ee:66:97:01:d9:53:c5:e4:
                    71:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D0:DD:82:5A:83:0D:0D:7C:9B:85:0D:B0:CF:61:C6:E3:1B:BB:F1
            X509v3 Authority Key Identifier:
                keyid:31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/RdDdglqDDQ18m4UNsM9hxuMbu_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.149.0/26
                IPv6:
                  2001:7f8:25::/64

    Signature Algorithm: sha256WithRSAEncryption
         2d:78:3e:4b:06:8b:1d:82:b3:6b:7e:12:4f:92:b3:16:54:17:
         51:b4:64:fb:3f:00:ae:a4:ce:67:88:fc:ee:8f:6a:68:3d:45:
         85:ba:f8:5d:4e:14:b3:e5:2f:11:f1:ae:dc:f5:cf:7d:ba:48:
         bc:d6:84:dc:0a:6a:0c:3d:53:7d:85:94:25:37:e5:46:dd:63:
         6c:19:d4:14:1c:8a:3a:1b:9e:cf:b0:b8:d6:18:a2:ec:1b:35:
         e3:7c:6c:b3:fc:59:27:f6:38:24:c4:c3:28:61:3f:a1:0f:e0:
         79:1b:6d:ca:ba:79:08:b6:bc:c6:bb:e0:a3:53:26:1c:f9:0e:
         6a:0c:d4:0e:70:f9:40:c7:47:f5:c1:bb:f9:80:ec:0e:11:3a:
         4e:f7:bd:71:36:84:9e:ec:71:29:9b:f0:6e:7d:9e:48:65:d5:
         1d:77:e9:b8:2e:05:90:c9:c5:4a:2f:c0:b0:0d:dc:b1:70:96:
         44:9c:73:fc:4a:c7:38:5c:e5:73:1e:4b:90:1b:5c:8c:52:c6:
         7f:ac:64:0b:77:b9:8d:57:43:97:e7:73:02:12:20:13:76:84:
         e2:86:bc:96:26:bf:64:8d:12:62:22:9d:d1:d7:bb:ce:f3:a4:
         3f:ce:6f:01:4d:34:1b:3e:15:13:5e:97:5d:b3:cf:4c:a8:6e:
         91:e7:9c:fb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZMvdmqrKEBJ6b2hf0auf24aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMjQyODUwY2FkNDFjZGY3NWEzYzlkNjBiMjFmY2E1NDNm
NzQzODQwHhcNMjQxMTE1MTA1NTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQwZGQ4MjVhODMwZDBkN2M5Yjg1MGRiMGNmNjFjNmUzMWJiYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBeEEZYD4Chw7fioQhNR/RqpZXmN
0KCCAALzZuI8oTrucOwGJj3bTTPEytAPRMK1/U6XTJtGNFpkUldm0n7+OokDRMI7
kp6yBV9Q1poz8U0c9V76VAN0skM6KBPzF06LGVLUXok1jipX7+26PwZLsMWgJjNf
+O1MdRYvjzY9fIbTvJ9pMhPDK3DtAJInb/oLLB+Zd08PEU+88/wCiVVFPfrPuW0J
eUsxZcAam3g1xOgzsp2yZjSBfZNK7izDXeYV57gSQ7mh0tutf+AJ1aQd/7ZkJBoP
OwtRaW9gogil6jCOTv5wQLeNwT1v4Z2wj/ek1eEoherV7maXAdlTxeRxOwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFEXQ3YJagw0NfJuFDbDPYcbjG7vxMB8GA1UdIwQY
MBaAFDEkKFDK1BzfdaPJ1gsh/KVD90OEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEt
MDdlZDQ2YjE0OWMzLzEvUmREZGdscUREUTE4bTRVTnNNOWh4dU1idV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEtMDdlZDQ2YjE0OWMz
LzEvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjANBAIAATAHAwUGwcmVADAR
BAIAAjALAwkAIAEH+AAlAAAwDQYJKoZIhvcNAQELBQADggEBAC14PksGix2Cs2t+
Ek+SsxZUF1G0ZPs/AK6kzmeI/O6Pamg9RYW6+F1OFLPlLxHxrtz1z326SLzWhNwK
agw9U32FlCU35UbdY2wZ1BQcijobns+wuNYYouwbNeN8bLP8WSf2OCTEwyhhP6EP
4Hkbbcq6eQi2vMa74KNTJhz5DmoM1A5w+UDHR/XBu/mA7A4ROk73vXE2hJ7scSmb
8G59nkhl1R136bguBZDJxUovwLAN3LFwlkScc/xKxzhc5XMeS5AbXIxSxn+sZAt3
uY1XQ5fncwISIBN2hOKGvJYmv2SNEmIindHXu87zpD/ObwFNNBs+FRNel12zz0yo
bpHnnPs=
-----END CERTIFICATE-----