Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/9wwOr9__nhdeYDEmUItqyHNyxBc.roa
File:                     9wwOr9__nhdeYDEmUItqyHNyxBc.roa (raw, json)
Hash identifier:          A1c3xidWtOjxc7/QrSl/9bA+MItja0z6j0KCHX6/bXY=
Subject key identifier:   F7:0C:0E:AF:DF:FF:9E:17:5E:60:31:26:50:8B:6A:C8:73:72:C4:17
Certificate issuer:       /CN=4142d3f9b31126e0850265715c9fc32174b557a4
Certificate serial:       018CC794296CB902E74751CB6517F511D48D
Authority key identifier: 41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/9wwOr9__nhdeYDEmUItqyHNyxBc.roa
Signing time:             Tue 02 Jan 2024 00:30:25 +0000
ROA not before:           Tue 02 Jan 2024 00:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208095
IP address blocks:        45.159.28.0/24 maxlen: 24
                          45.159.29.0/24 maxlen: 24
                          2a0f:67c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:29:6c:b9:02:e7:47:51:cb:65:17:f5:11:d4:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4142d3f9b31126e0850265715c9fc32174b557a4
        Validity
            Not Before: Jan  2 00:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f70c0eafdfff9e175e603126508b6ac87372c417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bc:5c:e6:4a:12:b5:72:32:bc:89:1b:16:5c:
                    2b:c1:32:aa:ef:6e:de:89:d3:b3:bb:96:25:83:a6:
                    e4:34:69:95:ee:23:c1:bc:1a:3e:ef:e0:fb:7a:a4:
                    86:63:2f:cf:a4:99:d1:eb:89:09:d2:fd:da:bf:69:
                    49:c7:9e:1c:70:2d:aa:87:28:37:33:51:fe:1c:9b:
                    cb:18:aa:9d:71:b6:a3:0c:ef:ae:4d:b6:26:11:1d:
                    f5:db:2c:d9:78:44:f2:a8:46:65:88:84:6c:be:aa:
                    45:a3:de:7c:7c:c3:a4:25:52:20:1c:24:1e:ef:14:
                    c0:ce:26:65:f5:af:3a:ea:ff:00:b3:bf:04:e2:1b:
                    6c:ae:55:c8:f6:d7:b8:24:fb:90:b4:2e:11:1e:09:
                    b5:74:08:b2:fd:c9:0a:14:93:bc:fc:85:87:8c:f3:
                    91:09:a9:fc:03:7b:63:7d:86:4c:56:ff:19:23:4b:
                    3f:0d:81:d5:05:c3:07:f4:8d:ac:88:0e:41:dc:08:
                    53:bf:0c:ae:6a:43:6e:8f:ff:6e:dd:81:ee:12:69:
                    81:5a:e6:0f:c7:01:a3:f5:e7:e2:c5:88:30:91:9e:
                    c5:49:d7:25:50:25:3f:22:6d:35:5d:11:6d:ea:17:
                    8c:6e:39:07:2b:7f:2f:6d:98:e8:33:44:61:cf:b7:
                    e8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:0C:0E:AF:DF:FF:9E:17:5E:60:31:26:50:8B:6A:C8:73:72:C4:17
            X509v3 Authority Key Identifier:
                keyid:41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/9wwOr9__nhdeYDEmUItqyHNyxBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.28.0/23
                IPv6:
                  2a0f:67c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:a1:77:e1:f3:22:27:dd:bb:eb:82:c7:d0:05:11:69:a6:3d:
         36:3a:b0:ac:ea:c2:6a:03:b4:21:6a:22:06:be:fd:0d:8d:2a:
         48:ba:8b:08:a2:d9:46:18:05:65:32:a8:35:37:15:8f:65:90:
         ac:bc:2c:5e:02:a3:da:13:24:b1:87:29:92:83:23:4a:40:ba:
         ba:74:ec:6b:10:45:b7:be:ca:30:ef:04:92:c2:5a:95:17:b8:
         4f:81:2e:b1:a3:15:8d:4a:8d:61:d3:59:8a:36:ce:bd:dd:0b:
         47:2e:c5:a5:27:eb:27:60:8b:e3:5b:98:9f:2b:dc:e3:e5:9c:
         4c:a4:5d:93:d6:6e:fd:77:0f:47:c3:ae:a0:f9:20:99:8a:19:
         1b:6b:f2:08:59:04:ef:69:53:8b:40:97:23:af:c6:88:f5:5f:
         5b:0a:59:d0:71:1b:7b:09:e0:46:e1:49:3f:85:02:f8:6f:b8:
         4b:92:26:47:6d:6d:27:5d:6c:c4:a3:18:1e:86:de:ad:93:cd:
         0a:63:e8:39:5c:6d:10:b7:af:1f:80:b6:9b:65:06:87:0f:71:
         5b:34:4b:59:de:d9:01:80:26:23:4c:4d:df:b2:69:72:fd:f3:
         d6:1a:ee:6d:de:4e:75:57:ad:93:9a:ff:bf:7f:d5:57:e0:71:
         f7:3f:76:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlClsuQLnR1HLZRf1EdSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDJkM2Y5YjMxMTI2ZTA4NTAyNjU3MTVjOWZjMzIxNzRi
NTU3YTQwHhcNMjQwMTAyMDAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzBjMGVhZmRmZmY5ZTE3NWU2MDMxMjY1MDhiNmFjODczNzJjNDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbxc5koStXIyvIkbFlwrwTKq727e
idOzu5Ylg6bkNGmV7iPBvBo+7+D7eqSGYy/PpJnR64kJ0v3av2lJx54ccC2qhyg3
M1H+HJvLGKqdcbajDO+uTbYmER312yzZeETyqEZliIRsvqpFo958fMOkJVIgHCQe
7xTAziZl9a866v8As78E4htsrlXI9te4JPuQtC4RHgm1dAiy/ckKFJO8/IWHjPOR
Can8A3tjfYZMVv8ZI0s/DYHVBcMH9I2siA5B3AhTvwyuakNuj/9u3YHuEmmBWuYP
xwGj9efixYgwkZ7FSdclUCU/Im01XRFt6heMbjkHK38vbZjoM0Rhz7fogQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPcMDq/f/54XXmAxJlCLashzcsQXMB8GA1UdIwQY
MBaAFEFC0/mzESbghQJlcVyfwyF0tVekMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGIt
OWM5OGQxMTE5N2I3LzEvOXd3T3I5X19uaGRlWURFbVVJdHF5SE55eEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGItOWM5OGQxMTE5N2I3
LzEvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBLZ8cMA8E
AgACMAkDBwAqD2fAAAAwDQYJKoZIhvcNAQELBQADggEBAHChd+HzIifdu+uCx9AF
EWmmPTY6sKzqwmoDtCFqIga+/Q2NKki6iwii2UYYBWUyqDU3FY9lkKy8LF4Co9oT
JLGHKZKDI0pAurp07GsQRbe+yjDvBJLCWpUXuE+BLrGjFY1KjWHTWYo2zr3dC0cu
xaUn6ydgi+NbmJ8r3OPlnEykXZPWbv13D0fDrqD5IJmKGRtr8ghZBO9pU4tAlyOv
xoj1X1sKWdBxG3sJ4EbhST+FAvhvuEuSJkdtbSddbMSjGB6G3q2TzQpj6DlcbRC3
rx+AtptlBocPcVs0S1ne2QGAJiNMTd+yaXL989Ya7m3eTnVXrZOa/79/1Vfgcfc/
dgY=
-----END CERTIFICATE-----