Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/QflgQZH40g-Dw3_RnyBfFcfnLUY.roa
File:                     QflgQZH40g-Dw3_RnyBfFcfnLUY.roa (raw, json)
Hash identifier:          w+35iVXGmnjYZnXXFL/R8718okpmyLroU1uuERbDixs=
Subject key identifier:   41:F9:60:41:91:F8:D2:0F:83:C3:7F:D1:9F:20:5F:15:C7:E7:2D:46
Certificate issuer:       /CN=cc6077e004e88eff8f13b7740df254d9e48dd574
Certificate serial:       01934650A496445EA4D37369306CD13C5500
Authority key identifier: CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/QflgQZH40g-Dw3_RnyBfFcfnLUY.roa
Signing time:             Tue 19 Nov 2024 21:25:10 +0000
ROA not before:           Tue 19 Nov 2024 21:25:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49030
IP address blocks:        45.10.120.0/22 maxlen: 24
                          2a0e:3d80:beaf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:46:50:a4:96:44:5e:a4:d3:73:69:30:6c:d1:3c:55:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc6077e004e88eff8f13b7740df254d9e48dd574
        Validity
            Not Before: Nov 19 21:25:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41f9604191f8d20f83c37fd19f205f15c7e72d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ea:7a:fa:7e:bd:b9:be:76:36:cc:ae:f3:12:
                    72:66:d1:61:ab:a1:6e:f0:5a:ea:c5:eb:1b:e1:a4:
                    13:4f:aa:a4:7c:d2:9e:d1:20:2b:ff:6f:08:76:92:
                    4d:85:94:2e:e7:d9:6e:a6:7f:8a:27:b2:65:cc:71:
                    eb:8e:20:07:26:2a:58:be:ed:17:4b:50:9b:1b:6e:
                    4b:c4:67:68:f9:b3:e7:f7:3b:23:b1:31:fc:64:d3:
                    80:40:b8:f6:25:83:2c:b3:e6:3c:57:55:20:da:15:
                    fe:1f:25:f2:37:10:01:e4:ed:48:46:9f:e8:22:e6:
                    02:96:2c:37:21:25:24:98:e6:a5:b4:ae:90:35:f6:
                    7d:6a:a5:29:9f:51:8d:c5:54:19:94:b2:49:03:d2:
                    1f:75:07:d0:41:c7:dc:8d:23:d6:71:ad:b1:83:80:
                    9d:ee:28:48:e3:90:2c:73:f5:b4:a9:fa:a1:f5:87:
                    93:6a:21:69:b6:46:b0:2e:4f:5c:b2:51:63:6b:89:
                    28:bd:c7:58:d9:5f:1a:b3:ff:95:28:8f:a4:1f:70:
                    bf:6c:fd:94:4f:df:65:cb:32:5c:10:7e:c3:14:eb:
                    6e:dd:98:2f:83:47:f1:a1:39:d2:06:45:3a:02:94:
                    26:96:db:37:52:6c:c9:c0:62:ea:49:3e:e4:8f:9a:
                    29:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F9:60:41:91:F8:D2:0F:83:C3:7F:D1:9F:20:5F:15:C7:E7:2D:46
            X509v3 Authority Key Identifier:
                keyid:CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/QflgQZH40g-Dw3_RnyBfFcfnLUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.120.0/22
                IPv6:
                  2a0e:3d80:beaf::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:d1:4c:e5:4a:f8:ce:ca:8a:c4:07:4f:0b:3e:0c:10:38:4a:
         ef:7b:2d:89:91:7f:0d:d9:95:4a:47:f4:2e:3a:cb:77:4e:16:
         29:16:98:c7:61:dc:6b:c5:d7:02:b4:c0:04:5e:14:8b:f8:7c:
         d1:f6:68:d8:92:32:5d:fd:70:03:1b:a7:91:4e:a0:be:b9:83:
         09:94:f7:e1:d1:0d:fb:75:25:0d:85:41:bb:8d:c5:7b:cd:ac:
         81:6c:87:33:b8:5b:37:9b:ce:5a:ac:62:c8:53:20:dd:b6:9d:
         b9:ae:b6:be:53:41:43:41:e0:73:3f:e7:4a:33:b7:d8:10:d1:
         16:19:75:c1:e7:bc:35:e3:8f:83:eb:7f:27:47:73:c5:53:03:
         30:a9:70:21:79:df:b8:a6:b8:24:83:77:24:2a:86:ac:55:e4:
         00:91:e3:52:6b:b0:f3:90:3f:24:c5:cf:79:ee:2e:5b:d3:26:
         65:cf:da:01:33:75:35:aa:b3:e4:eb:17:80:03:81:39:27:2f:
         43:bb:08:58:a4:26:02:44:cf:82:f6:4e:14:a7:5a:31:3d:83:
         13:e4:f8:d5:3b:36:7c:e5:08:54:08:b1:08:26:c9:a3:8b:91:
         89:00:6b:45:01:48:50:e8:9a:e4:bf:91:c9:9f:7b:b1:e2:3b:
         2b:80:b0:25
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNGUKSWRF6k03NpMGzRPFUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjA3N2UwMDRlODhlZmY4ZjEzYjc3NDBkZjI1NGQ5ZTQ4
ZGQ1NzQwHhcNMjQxMTE5MjEyNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWY5NjA0MTkxZjhkMjBmODNjMzdmZDE5ZjIwNWYxNWM3ZTcyZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOp6+n69ub52Nsyu8xJyZtFhq6Fu
8Frqxesb4aQTT6qkfNKe0SAr/28IdpJNhZQu59lupn+KJ7JlzHHrjiAHJipYvu0X
S1CbG25LxGdo+bPn9zsjsTH8ZNOAQLj2JYMss+Y8V1Ug2hX+HyXyNxAB5O1IRp/o
IuYCliw3ISUkmOaltK6QNfZ9aqUpn1GNxVQZlLJJA9IfdQfQQcfcjSPWca2xg4Cd
7ihI45Asc/W0qfqh9YeTaiFptkawLk9cslFja4kovcdY2V8as/+VKI+kH3C/bP2U
T99lyzJcEH7DFOtu3Zgvg0fxoTnSBkU6ApQmlts3UmzJwGLqST7kj5op2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEH5YEGR+NIPg8N/0Z8gXxXH5y1GMB8GA1UdIwQY
MBaAFMxgd+AE6I7/jxO3dA3yVNnkjdV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEt
NDY3MWY0YmFhOWIxLzEvUWZsZ1FaSDQwZy1EdzNfUm55QmZGY2ZuTFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEtNDY3MWY0YmFhOWIx
LzEvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLQp4MA8E
AgACMAkDBwAqDj2Avq8wDQYJKoZIhvcNAQELBQADggEBABLRTOVK+M7KisQHTws+
DBA4Su97LYmRfw3ZlUpH9C46y3dOFikWmMdh3GvF1wK0wAReFIv4fNH2aNiSMl39
cAMbp5FOoL65gwmU9+HRDft1JQ2FQbuNxXvNrIFshzO4WzebzlqsYshTIN22nbmu
tr5TQUNB4HM/50ozt9gQ0RYZdcHnvDXjj4PrfydHc8VTAzCpcCF537imuCSDdyQq
hqxV5ACR41JrsPOQPyTFz3nuLlvTJmXP2gEzdTWqs+TrF4ADgTknL0O7CFikJgJE
z4L2ThSnWjE9gxPk+NU7NnzlCFQIsQgmyaOLkYkAa0UBSFDomuS/kcmfe7HiOyuA
sCU=
-----END CERTIFICATE-----