Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/qXZwtAvq7eydd5mduV9jE30kTNo.roa
File:                     qXZwtAvq7eydd5mduV9jE30kTNo.roa (raw, json)
Hash identifier:          bT1kmCgIhklit3nhponFMMJdgEPc/bvPTN5LmpD/vaU=
Subject key identifier:   A9:76:70:B4:0B:EA:ED:EC:9D:77:99:9D:B9:5F:63:13:7D:24:4C:DA
Certificate issuer:       /CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
Certificate serial:       018CC6B8B0759473609E24C24B95A2937D32
Authority key identifier: 16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/qXZwtAvq7eydd5mduV9jE30kTNo.roa
Signing time:             Mon 01 Jan 2024 20:30:41 +0000
ROA not before:           Mon 01 Jan 2024 20:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9890
IP address blocks:        155.45.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b0:75:94:73:60:9e:24:c2:4b:95:a2:93:7d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
        Validity
            Not Before: Jan  1 20:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a97670b40beaedec9d77999db95f63137d244cda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7a:e9:47:63:52:6d:1e:4c:fe:4f:52:0a:f3:
                    20:2f:94:07:14:95:07:d1:fc:dd:b1:1f:63:f5:43:
                    8c:f4:59:1b:5e:9c:98:63:2a:c2:68:eb:eb:93:5a:
                    df:e3:1f:ef:dd:2a:61:96:86:a1:c2:8b:f6:f4:0e:
                    d9:35:d8:e9:97:32:27:e1:4e:62:bd:47:73:a5:84:
                    fd:b2:65:14:09:5a:90:15:56:72:87:51:ac:9c:d5:
                    7d:84:fe:21:19:c4:2b:02:f8:88:d8:be:5a:af:ca:
                    5a:50:99:56:c6:df:dc:b0:49:ba:01:a2:10:30:41:
                    4d:0c:71:65:da:19:7f:1c:82:ce:a3:60:29:16:4e:
                    45:25:a7:59:34:37:e1:4c:0f:fb:7b:0c:61:27:ca:
                    dc:d5:03:16:d2:3d:1b:64:bd:27:f6:2c:14:e1:bc:
                    5e:48:52:e7:f7:f5:9b:0d:15:d2:37:13:46:f4:99:
                    38:13:a2:8d:a0:51:87:ca:cd:c3:fc:b7:33:b3:db:
                    48:2a:24:04:f9:90:ce:63:d3:e1:29:b4:95:44:73:
                    d8:c1:83:d0:45:66:74:98:68:e0:ae:da:28:64:f0:
                    50:71:ef:39:08:bd:d4:4a:f9:c7:54:30:e6:39:ac:
                    89:b3:1d:79:68:73:81:d9:69:19:1e:43:dd:25:94:
                    be:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:76:70:B4:0B:EA:ED:EC:9D:77:99:9D:B9:5F:63:13:7D:24:4C:DA
            X509v3 Authority Key Identifier:
                keyid:16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/qXZwtAvq7eydd5mduV9jE30kTNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.45.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:3d:d8:da:f6:87:d1:7c:fe:1a:a5:f6:1a:45:25:cc:60:da:
         79:cd:ad:ed:b1:99:90:b0:a2:8d:1d:bb:09:1e:12:2b:ee:5b:
         9c:c6:88:fb:86:a8:6d:05:99:ec:ee:71:32:48:3f:c1:ea:da:
         54:95:62:9b:d9:d5:4d:8a:5b:f1:09:76:84:4a:f5:29:a6:27:
         52:68:48:0a:e9:62:ad:e5:1a:30:aa:45:14:dc:19:d4:0f:dd:
         dd:2d:65:2d:da:ac:e8:6b:ff:8a:ac:22:b9:f2:2c:0f:ba:5f:
         e0:ec:bf:f7:63:96:89:23:50:d3:4c:22:80:d0:e9:be:71:ec:
         f2:da:e3:c5:6d:2c:a6:fb:50:21:b2:00:8a:f0:8e:ae:f7:b5:
         00:58:d4:b9:90:6f:a3:6a:ad:26:74:81:22:7d:9a:11:51:60:
         fd:16:14:cf:cb:b7:50:74:06:c6:bb:a4:61:01:f3:da:e6:ae:
         28:8b:b3:30:e0:e2:bc:94:db:57:a8:a7:cb:28:83:1e:12:d3:
         51:9f:3a:81:34:17:82:b8:df:92:55:5f:ab:7f:cb:20:7f:cb:
         ef:26:3c:ae:9f:3f:1c:51:6b:77:a5:2a:25:e1:0d:1b:1e:19:
         87:90:9a:f9:b1:80:c7:78:38:83:15:4c:c1:a8:ba:02:b0:e5:
         58:ae:a3:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLB1lHNgniTCS5Wik30yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Y2RlMTM5YWUwNTczYjBhNGRkYTkzZTc3YjU3ZmYyN2Y5
YmViYTEwHhcNMjQwMTAxMjAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc2NzBiNDBiZWFlZGVjOWQ3Nzk5OWRiOTVmNjMxMzdkMjQ0Y2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXrpR2NSbR5M/k9SCvMgL5QHFJUH
0fzdsR9j9UOM9FkbXpyYYyrCaOvrk1rf4x/v3Sphloahwov29A7ZNdjplzIn4U5i
vUdzpYT9smUUCVqQFVZyh1GsnNV9hP4hGcQrAviI2L5ar8paUJlWxt/csEm6AaIQ
MEFNDHFl2hl/HILOo2ApFk5FJadZNDfhTA/7ewxhJ8rc1QMW0j0bZL0n9iwU4bxe
SFLn9/WbDRXSNxNG9Jk4E6KNoFGHys3D/Lczs9tIKiQE+ZDOY9PhKbSVRHPYwYPQ
RWZ0mGjgrtooZPBQce85CL3USvnHVDDmOayJsx15aHOB2WkZHkPdJZS+bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKl2cLQL6u3snXeZnblfYxN9JEzaMB8GA1UdIwQY
MBaAFBbN4TmuBXOwpN2pPne1f/J/m+uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUt
YjY5ZGNlNzU0N2ExLzEvcVhad3RBdnE3ZXlkZDVtZHVWOWpFMzBrVE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUtYjY5ZGNlNzU0N2Ex
LzEvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmy2CMA0G
CSqGSIb3DQEBCwUAA4IBAQArPdja9ofRfP4apfYaRSXMYNp5za3tsZmQsKKNHbsJ
HhIr7lucxoj7hqhtBZns7nEySD/B6tpUlWKb2dVNilvxCXaESvUppidSaEgK6WKt
5RowqkUU3BnUD93dLWUt2qzoa/+KrCK58iwPul/g7L/3Y5aJI1DTTCKA0Om+cezy
2uPFbSym+1AhsgCK8I6u97UAWNS5kG+jaq0mdIEifZoRUWD9FhTPy7dQdAbGu6Rh
AfPa5q4oi7Mw4OK8lNtXqKfLKIMeEtNRnzqBNBeCuN+SVV+rf8sgf8vvJjyunz8c
UWt3pSol4Q0bHhmHkJr5sYDHeDiDFUzBqLoCsOVYrqM4
-----END CERTIFICATE-----