Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/QSTOI5-ZSD-_cIot_SeMhI7IR_U.roa
File:                     QSTOI5-ZSD-_cIot_SeMhI7IR_U.roa (raw, json)
Hash identifier:          YCm24oE1VY0RsFWp3adP5mGvRexvrWV+UuhT75zXpeY=
Subject key identifier:   41:24:CE:23:9F:99:48:3F:BF:70:8A:2D:FD:27:8C:84:8E:C8:47:F5
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0190EE1C847C5FDCE7995D5A682B908ED394
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/QSTOI5-ZSD-_cIot_SeMhI7IR_U.roa
Signing time:             Fri 26 Jul 2024 08:16:04 +0000
ROA not before:           Fri 26 Jul 2024 08:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141968
IP address blocks:        45.66.153.0/24 maxlen: 24
                          85.209.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:1c:84:7c:5f:dc:e7:99:5d:5a:68:2b:90:8e:d3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jul 26 08:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4124ce239f99483fbf708a2dfd278c848ec847f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b5:50:97:f8:c8:87:fd:1b:74:a7:cd:a4:15:
                    84:8f:8f:f3:17:54:56:d3:eb:b2:be:2d:42:df:c1:
                    fe:1d:cf:10:35:b6:5f:e7:3c:1e:ef:f8:fe:9f:b8:
                    c7:24:05:17:cb:cb:9e:68:c6:3a:0c:20:12:92:b5:
                    3d:26:cd:af:eb:cf:a7:45:82:a6:6c:67:9d:5c:f0:
                    e1:0d:e3:f4:5d:8c:47:20:30:a5:35:5b:74:f0:3b:
                    b1:f4:ef:23:5e:e6:17:9b:92:3b:d0:28:98:2e:c6:
                    1b:d1:6f:44:f6:00:aa:70:f5:1b:87:45:6b:99:51:
                    5e:fe:86:2a:ee:f8:35:3c:c9:7d:28:ad:35:cd:e6:
                    43:4d:ac:ad:1d:d1:5a:c8:41:c8:de:bb:9d:b2:a3:
                    94:61:b9:0c:3c:a7:fe:c6:b4:8f:9e:19:ae:bc:76:
                    89:0c:fe:af:38:37:c1:1d:05:42:1f:90:52:0e:f7:
                    d9:8d:45:f9:37:92:3c:0e:dc:0b:3a:54:0a:38:eb:
                    21:b6:9a:d7:1d:d8:8d:fe:56:12:28:75:fd:b4:b7:
                    9c:6a:27:ee:32:e7:62:b7:d9:f2:d1:3b:d3:14:89:
                    78:bf:94:92:55:40:37:61:7b:79:3b:a4:ea:b7:fa:
                    a6:f6:f1:58:1e:d5:e8:1f:53:1e:b0:2c:df:55:f0:
                    4e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:24:CE:23:9F:99:48:3F:BF:70:8A:2D:FD:27:8C:84:8E:C8:47:F5
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/QSTOI5-ZSD-_cIot_SeMhI7IR_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.153.0/24
                  85.209.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:6c:15:32:89:c0:cf:0e:73:07:08:a6:10:4b:02:4d:b9:3e:
         09:fa:a5:01:2f:0d:8a:10:c4:4a:b5:cf:0f:ee:ad:f9:54:64:
         1f:9c:07:2c:32:39:e6:8d:f1:a4:de:fb:c3:50:c6:f3:b1:9d:
         bc:5a:45:24:bf:5f:6b:99:14:09:60:20:01:f2:0d:78:70:94:
         eb:80:01:0a:a7:0b:03:9a:aa:ac:15:c2:b2:30:dd:48:9e:d1:
         97:9a:0d:88:10:5b:03:59:57:1a:98:09:29:3b:b2:47:69:84:
         78:5f:7d:fe:e0:c1:dd:82:9c:1b:64:66:c3:c3:e6:b8:8b:66:
         9c:9b:11:05:95:e9:07:cc:11:85:26:83:5c:6a:03:ba:fd:bb:
         c3:68:83:bd:d1:77:73:90:ea:07:57:fd:6f:0e:b4:55:62:df:
         b7:93:3e:fe:c9:a9:04:14:bf:b3:44:e3:69:55:f9:9f:82:4c:
         4a:1b:6e:53:ac:45:bb:23:d7:fe:89:7b:50:44:45:78:b8:8a:
         fc:a8:b9:47:ef:1e:85:d8:b4:3a:4a:9b:ee:fd:11:63:52:95:
         5a:1d:aa:79:60:ee:d7:75:58:a8:d1:ba:76:59:f7:41:60:8b:
         3f:88:81:be:09:fc:ec:1c:39:2f:44:e9:f3:db:b2:e9:da:73:
         98:ad:8b:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDuHIR8X9znmV1aaCuQjtOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNzI2MDgxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI0Y2UyMzlmOTk0ODNmYmY3MDhhMmRmZDI3OGM4NDhlYzg0N2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rVQl/jIh/0bdKfNpBWEj4/zF1RW
0+uyvi1C38H+Hc8QNbZf5zwe7/j+n7jHJAUXy8ueaMY6DCASkrU9Js2v68+nRYKm
bGedXPDhDeP0XYxHIDClNVt08Dux9O8jXuYXm5I70CiYLsYb0W9E9gCqcPUbh0Vr
mVFe/oYq7vg1PMl9KK01zeZDTaytHdFayEHI3rudsqOUYbkMPKf+xrSPnhmuvHaJ
DP6vODfBHQVCH5BSDvfZjUX5N5I8DtwLOlQKOOshtprXHdiN/lYSKHX9tLecaifu
Mudit9ny0TvTFIl4v5SSVUA3YXt5O6Tqt/qm9vFYHtXoH1MesCzfVfBOnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEEkziOfmUg/v3CKLf0njISOyEf1MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvUVNUT0k1LVpTRC1fY0lvdF9TZU1oSTdJUl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUKZAwQA
VdGjMA0GCSqGSIb3DQEBCwUAA4IBAQC4bBUyicDPDnMHCKYQSwJNuT4J+qUBLw2K
EMRKtc8P7q35VGQfnAcsMjnmjfGk3vvDUMbzsZ28WkUkv19rmRQJYCAB8g14cJTr
gAEKpwsDmqqsFcKyMN1IntGXmg2IEFsDWVcamAkpO7JHaYR4X33+4MHdgpwbZGbD
w+a4i2acmxEFlekHzBGFJoNcagO6/bvDaIO90XdzkOoHV/1vDrRVYt+3kz7+yakE
FL+zRONpVfmfgkxKG25TrEW7I9f+iXtQREV4uIr8qLlH7x6F2LQ6Spvu/RFjUpVa
Hap5YO7XdVio0bp2WfdBYIs/iIG+CfzsHDkvROnz27Lp2nOYrYu0
-----END CERTIFICATE-----