Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/QVlAR2tdgoy_yJa7PElguHJ6cXg.roa
File:                     QVlAR2tdgoy_yJa7PElguHJ6cXg.roa (raw, json)
Hash identifier:          0zLRVeqNGgmTE3LbohQH2ivPkajASvcKXUKDVSU2Gso=
Subject key identifier:   41:59:40:47:6B:5D:82:8C:BF:C8:96:BB:3C:49:60:B8:72:7A:71:78
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B93179E0DEEC421745BE35BBDB5F2F
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/QVlAR2tdgoy_yJa7PElguHJ6cXg.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        45.150.225.0/24 maxlen: 32
                          45.150.224.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 22:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:31:79:e0:de:ec:42:17:45:be:35:bb:db:5f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=415940476b5d828cbfc896bb3c4960b8727a7178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a3:29:4f:ac:84:91:55:0c:ea:b0:d9:bb:a5:
                    24:a1:ca:08:a1:d3:d2:3c:9c:e5:28:98:81:48:b9:
                    87:ed:31:fd:64:66:5b:0d:64:f6:ef:cc:44:a3:6a:
                    bd:ef:cd:78:f0:39:d6:31:d0:78:67:9f:47:e3:93:
                    7f:a1:23:99:31:8f:bb:e2:c0:a5:e5:d4:44:9a:25:
                    30:73:28:01:fb:69:b0:39:c7:cf:47:42:61:fb:45:
                    94:60:b8:9d:1a:bf:9c:2e:cb:7b:19:fa:d9:f6:35:
                    31:7e:34:8d:6e:c6:5d:88:ee:b3:30:83:ef:eb:60:
                    e0:3c:5f:04:4d:50:19:bd:71:8a:5c:47:fb:65:a9:
                    db:c7:c2:1f:b6:b6:2b:2b:6d:4d:5d:18:20:be:3a:
                    42:bf:56:3a:7c:4c:91:1d:5c:53:ca:f0:5e:5f:e7:
                    e0:15:1b:49:4b:31:dd:49:0d:f3:50:e0:00:39:c8:
                    38:12:3e:94:d6:ad:5e:40:2a:aa:92:d9:57:fd:e4:
                    b0:4e:fd:d5:68:a3:8c:2c:bf:ee:1b:58:5d:60:28:
                    f7:a7:a5:87:30:b1:91:08:d8:d1:29:ea:3c:e1:f5:
                    9c:f5:ed:b5:42:e3:89:7d:e3:33:95:e9:d4:2a:c6:
                    56:44:42:16:93:0e:fc:36:c2:94:16:a1:05:99:ff:
                    80:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:59:40:47:6B:5D:82:8C:BF:C8:96:BB:3C:49:60:B8:72:7A:71:78
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/QVlAR2tdgoy_yJa7PElguHJ6cXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:31:35:36:97:92:c8:aa:5e:c5:e1:5e:fe:df:60:39:62:c4:
         8d:f1:a4:5c:e6:c2:cf:95:88:c8:24:20:20:3b:14:b8:04:50:
         a0:d9:77:26:bc:9a:b8:fa:b1:37:1a:ac:3e:ca:3f:30:08:47:
         b7:a9:81:8e:1e:52:89:7b:a8:49:0e:be:18:0c:9e:38:19:8a:
         27:e8:c0:a6:d7:b2:ba:6d:48:a5:11:22:f0:0d:40:6f:32:25:
         02:ad:bc:15:ea:c1:96:ff:02:5c:07:a2:54:1d:ae:12:38:ed:
         48:69:b9:9f:ad:09:06:0a:3c:36:19:70:96:b8:c5:0e:49:4b:
         8e:75:6d:f2:99:3e:fb:ce:36:26:60:53:84:47:18:36:f4:70:
         ce:77:e6:bf:c0:fe:fb:11:c3:7a:b4:63:ce:bf:a0:f0:22:d1:
         d2:07:a5:f2:bb:3a:4c:c0:f2:1c:79:30:b7:0e:71:75:f2:ae:
         09:72:88:c3:ef:91:f5:f1:43:07:37:bb:9d:e1:88:b0:fe:f7:
         65:b0:09:69:0a:48:e7:e4:91:a6:64:0d:f8:c8:ba:7a:db:28:
         0d:9a:10:f6:bc:21:2a:ba:0b:1b:dd:d6:68:b8:ce:f5:fa:5b:
         0a:8a:27:c3:43:50:56:2c:64:c7:5c:16:54:f8:22:ef:b1:4a:
         8c:f2:e1:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTF54N7sQhdFvjW7218vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTU5NDA0NzZiNWQ4MjhjYmZjODk2YmIzYzQ5NjBiODcyN2E3MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaMpT6yEkVUM6rDZu6UkocoIodPS
PJzlKJiBSLmH7TH9ZGZbDWT278xEo2q978148DnWMdB4Z59H45N/oSOZMY+74sCl
5dREmiUwcygB+2mwOcfPR0Jh+0WUYLidGr+cLst7GfrZ9jUxfjSNbsZdiO6zMIPv
62DgPF8ETVAZvXGKXEf7Zanbx8IftrYrK21NXRggvjpCv1Y6fEyRHVxTyvBeX+fg
FRtJSzHdSQ3zUOAAOcg4Ej6U1q1eQCqqktlX/eSwTv3VaKOMLL/uG1hdYCj3p6WH
MLGRCNjRKeo84fWc9e21QuOJfeMzlenUKsZWREIWkw78NsKUFqEFmf+ALQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFZQEdrXYKMv8iWuzxJYLhyenF4MB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvUVZsQVIydGRnb3lfeUphN1BFbGd1SEo2Y1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZbgMA0G
CSqGSIb3DQEBCwUAA4IBAQBMMTU2l5LIql7F4V7+32A5YsSN8aRc5sLPlYjIJCAg
OxS4BFCg2XcmvJq4+rE3Gqw+yj8wCEe3qYGOHlKJe6hJDr4YDJ44GYon6MCm17K6
bUilESLwDUBvMiUCrbwV6sGW/wJcB6JUHa4SOO1IabmfrQkGCjw2GXCWuMUOSUuO
dW3ymT77zjYmYFOERxg29HDOd+a/wP77EcN6tGPOv6DwItHSB6XyuzpMwPIceTC3
DnF18q4JcojD75H18UMHN7ud4Yiw/vdlsAlpCkjn5JGmZA34yLp62ygNmhD2vCEq
ugsb3dZouM71+lsKiifDQ1BWLGTHXBZU+CLvsUqM8uHM
-----END CERTIFICATE-----