Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/RqBJ-xO6SX8hoo3SBuwSWz7roXM.roa
File:                     RqBJ-xO6SX8hoo3SBuwSWz7roXM.roa (raw, json)
Hash identifier:          NQcKOXenUg3NwtILJ68xLquwwWYUkdS9se4BVT9SURU=
Subject key identifier:   46:A0:49:FB:13:BA:49:7F:21:A2:8D:D2:06:EC:12:5B:3E:EB:A1:73
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       018D7FB4DC2FFBB132EA8D920EF831CDFA46
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/RqBJ-xO6SX8hoo3SBuwSWz7roXM.roa
Signing time:             Tue 06 Feb 2024 18:36:15 +0000
ROA not before:           Tue 06 Feb 2024 18:36:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        192.145.53.0/24 maxlen: 24
                          192.145.54.0/24 maxlen: 24
                          192.145.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:b4:dc:2f:fb:b1:32:ea:8d:92:0e:f8:31:cd:fa:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Feb  6 18:36:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46a049fb13ba497f21a28dd206ec125b3eeba173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:23:91:69:06:8a:eb:6b:09:7a:ca:50:f4:f8:
                    45:89:12:a0:bf:a3:54:b8:58:0c:ff:a6:08:71:22:
                    3b:5a:c0:83:15:04:34:fe:f5:d1:00:ef:8f:6e:d1:
                    1e:67:02:17:53:0b:9b:25:d4:db:d0:27:e4:3c:c6:
                    59:4e:8f:d6:5c:59:f4:03:bf:16:de:7f:a0:fe:20:
                    5d:b6:78:d7:50:0f:86:c0:7a:41:2f:23:ab:08:c1:
                    28:42:60:7a:d1:ba:8b:5e:60:df:1e:06:db:2f:79:
                    06:d7:3b:84:d4:e6:84:23:d3:03:3d:73:23:14:cc:
                    fb:e9:55:1a:95:9e:15:5b:74:a0:ba:bd:c6:d8:bc:
                    cd:a9:db:37:cb:88:fb:da:67:32:c0:26:17:45:dc:
                    b6:8d:37:fb:72:30:5f:fb:63:28:31:6e:bc:f3:86:
                    af:98:dc:44:10:a3:69:a0:de:62:78:f2:36:da:dc:
                    c9:3c:68:2d:26:62:01:91:f3:d2:99:14:3b:40:b2:
                    22:5f:c5:85:8b:03:fc:52:66:06:ba:2b:ab:cc:92:
                    30:a3:0f:bc:32:9f:77:1e:1f:be:b7:36:06:9c:fe:
                    eb:5c:ff:9a:85:3c:df:c5:3a:39:96:12:87:c8:80:
                    53:7e:93:ef:37:50:fd:ff:5c:c0:99:32:93:2b:cf:
                    b6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A0:49:FB:13:BA:49:7F:21:A2:8D:D2:06:EC:12:5B:3E:EB:A1:73
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/RqBJ-xO6SX8hoo3SBuwSWz7roXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.53.0-192.145.55.255

    Signature Algorithm: sha256WithRSAEncryption
         7b:fe:c4:b8:84:42:e1:2f:14:d9:e2:f8:82:bd:12:a0:74:1e:
         5a:63:07:cb:52:5e:f1:c4:0c:08:30:f8:ab:de:2c:cb:d9:0d:
         75:53:e4:e0:64:e5:e8:cd:09:79:1e:db:97:b3:9f:54:51:9d:
         f6:d6:08:09:2d:91:29:4a:f2:35:2a:b3:f5:28:56:da:b1:d4:
         14:81:bf:44:ca:6a:fd:ea:a4:bf:76:c6:dc:5c:0a:ec:7b:60:
         97:19:bb:6e:cf:a5:21:f0:4c:3f:eb:45:77:c3:b4:23:ce:94:
         af:50:33:5f:1c:1c:f1:af:a7:4b:36:c5:1f:36:a1:6e:90:f7:
         7b:49:16:2c:2a:c5:8d:7a:43:63:67:57:bd:68:89:da:7c:94:
         76:24:7b:e9:81:68:09:11:00:2a:cc:56:c9:1f:a1:87:d3:33:
         49:d6:a8:d2:65:60:66:8b:d2:38:e9:7e:e9:c0:d9:a9:ac:8b:
         c6:5c:b5:8f:5d:13:3c:3c:01:9d:21:2f:0b:fb:d1:e2:50:e6:
         e6:0c:98:15:b9:d8:48:a9:f8:08:4d:d8:1e:d6:84:45:63:a1:
         79:a5:ff:04:2a:da:ba:cb:67:6b:fc:00:66:4f:a7:fe:06:78:
         14:dc:78:31:df:aa:f8:e1:33:d6:ff:12:d8:a5:17:04:58:95:
         23:5f:7f:67
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY1/tNwv+7Ey6o2SDvgxzfpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjQwMjA2MTgzNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmEwNDlmYjEzYmE0OTdmMjFhMjhkZDIwNmVjMTI1YjNlZWJhMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgiORaQaK62sJespQ9PhFiRKgv6NU
uFgM/6YIcSI7WsCDFQQ0/vXRAO+PbtEeZwIXUwubJdTb0CfkPMZZTo/WXFn0A78W
3n+g/iBdtnjXUA+GwHpBLyOrCMEoQmB60bqLXmDfHgbbL3kG1zuE1OaEI9MDPXMj
FMz76VUalZ4VW3Sgur3G2LzNqds3y4j72mcywCYXRdy2jTf7cjBf+2MoMW6884av
mNxEEKNpoN5iePI22tzJPGgtJmIBkfPSmRQ7QLIiX8WFiwP8UmYGuiurzJIwow+8
Mp93Hh++tzYGnP7rXP+ahTzfxTo5lhKHyIBTfpPvN1D9/1zAmTKTK8+2/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEagSfsTukl/IaKN0gbsEls+66FzMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvUnFCSi14TzZTWDhob28zU0J1d1NXejdyb1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADAkTUD
BAPAkTAwDQYJKoZIhvcNAQELBQADggEBAHv+xLiEQuEvFNni+IK9EqB0HlpjB8tS
XvHEDAgw+KveLMvZDXVT5OBk5ejNCXke25ezn1RRnfbWCAktkSlK8jUqs/UoVtqx
1BSBv0TKav3qpL92xtxcCux7YJcZu27PpSHwTD/rRXfDtCPOlK9QM18cHPGvp0s2
xR82oW6Q93tJFiwqxY16Q2NnV71oidp8lHYke+mBaAkRACrMVskfoYfTM0nWqNJl
YGaL0jjpfunA2amsi8ZctY9dEzw8AZ0hLwv70eJQ5uYMmBW52Eip+AhN2B7WhEVj
oXml/wQq2rrLZ2v8AGZPp/4GeBTceDHfqvjhM9b/EtilFwRYlSNff2c=
-----END CERTIFICATE-----