Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/qhWGhSAA1015s3ZbXDBxu9sUytE.roa
File:                     qhWGhSAA1015s3ZbXDBxu9sUytE.roa (raw, json)
Hash identifier:          XQGHB3eIFKZ0vHMqW5kNotg1khl9GCimc0S0oC0slzk=
Subject key identifier:   AA:15:86:85:20:00:D7:4D:79:B3:76:5B:5C:30:71:BB:DB:14:CA:D1
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018DEA6475487CF976F8BCA82424CB3BE0F3
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/qhWGhSAA1015s3ZbXDBxu9sUytE.roa
Signing time:             Tue 27 Feb 2024 11:47:48 +0000
ROA not before:           Tue 27 Feb 2024 11:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        45.9.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:64:75:48:7c:f9:76:f8:bc:a8:24:24:cb:3b:e0:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Feb 27 11:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa1586852000d74d79b3765b5c3071bbdb14cad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7a:58:1f:5b:e8:ed:92:78:63:83:ba:7f:5f:
                    88:8c:bf:8c:da:8a:d5:60:5f:03:db:f5:88:1d:84:
                    75:3d:e9:24:89:4c:37:2b:49:e3:43:fc:ea:85:ea:
                    3e:fe:c8:38:0d:8e:31:ec:ee:04:2a:c5:0d:3b:e7:
                    1b:81:ef:df:03:ff:3d:16:c2:55:bd:cf:f8:1a:c4:
                    9a:2d:b3:ff:3e:79:23:26:be:46:a8:51:33:7e:5c:
                    d3:f3:d5:cc:dc:4c:f6:eb:a4:fe:dc:b9:cb:c2:c1:
                    84:fd:c3:b8:a0:cf:01:01:28:07:eb:03:e2:06:c4:
                    b1:61:27:80:f9:23:56:57:6e:48:8f:8b:b8:07:ac:
                    ae:82:81:ac:e3:7b:1b:6f:4b:76:38:76:d1:08:87:
                    8c:1e:04:10:82:03:c4:db:56:e9:28:70:53:44:c1:
                    d0:41:f5:9b:3b:7c:45:8c:c4:73:80:c8:6b:40:e4:
                    fd:7f:0e:ed:18:cd:64:d5:0f:66:84:6f:03:1c:6f:
                    7d:42:ff:b9:d8:a7:f8:45:be:0e:4e:e1:f6:c1:f8:
                    1b:5a:b3:a3:c3:a3:ea:1f:1c:05:3d:9d:d7:7d:38:
                    52:70:16:f1:eb:be:56:06:38:b5:e1:e6:80:d8:b9:
                    7b:be:7d:f6:08:a4:c0:bd:06:05:0f:4a:fd:b7:06:
                    c7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:15:86:85:20:00:D7:4D:79:B3:76:5B:5C:30:71:BB:DB:14:CA:D1
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/qhWGhSAA1015s3ZbXDBxu9sUytE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:ef:ea:ed:09:66:a7:aa:85:ed:35:f6:95:da:ad:33:82:a2:
         bd:2b:53:fc:0d:b0:6b:d2:70:e3:bb:c4:22:ae:67:2b:65:cf:
         00:66:55:be:69:d9:cd:c4:fb:4c:f3:fa:04:22:1e:6e:b2:95:
         90:83:39:2f:0e:e2:da:d7:4f:f3:62:59:01:e0:e1:5e:dd:84:
         40:d9:02:a2:1e:42:c2:b8:a0:83:c6:c4:37:82:1a:a1:63:1f:
         fd:4b:e3:67:9c:7a:20:18:f1:b0:66:24:f2:3a:6e:49:71:dd:
         5f:8f:69:bf:f9:22:cf:6f:b4:c2:47:a2:91:71:45:5b:d2:b3:
         f9:a1:30:bf:5d:4e:53:45:e5:1a:df:a5:4d:ed:18:47:d1:f6:
         27:ef:7a:1e:8b:39:cf:6c:4e:ed:0a:ee:f8:d3:32:5d:82:1a:
         0f:5b:f5:a9:99:9a:b7:36:98:4d:b3:6c:84:5a:85:97:d1:ab:
         54:47:3d:2a:d9:9f:b6:12:ab:15:04:aa:3f:2d:e7:34:d7:b9:
         71:44:35:25:c6:60:4f:24:30:2d:05:cc:1e:4c:9b:f8:df:dc:
         45:63:2c:f2:6b:72:09:28:2d:7e:38:e9:37:57:73:f9:b2:b3:
         02:4f:97:bf:e5:68:a2:8d:c6:c3:fc:5f:f1:ca:7c:ad:30:01:
         84:35:b3:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3qZHVIfPl2+LyoJCTLO+DzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMjI3MTE0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE1ODY4NTIwMDBkNzRkNzliMzc2NWI1YzMwNzFiYmRiMTRjYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3pYH1vo7ZJ4Y4O6f1+IjL+M2orV
YF8D2/WIHYR1PekkiUw3K0njQ/zqheo+/sg4DY4x7O4EKsUNO+cbge/fA/89FsJV
vc/4GsSaLbP/PnkjJr5GqFEzflzT89XM3Ez266T+3LnLwsGE/cO4oM8BASgH6wPi
BsSxYSeA+SNWV25Ij4u4B6yugoGs43sbb0t2OHbRCIeMHgQQggPE21bpKHBTRMHQ
QfWbO3xFjMRzgMhrQOT9fw7tGM1k1Q9mhG8DHG99Qv+52Kf4Rb4OTuH2wfgbWrOj
w6PqHxwFPZ3XfThScBbx675WBji14eaA2Ll7vn32CKTAvQYFD0r9twbH2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoVhoUgANdNebN2W1wwcbvbFMrRMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvcWhXR2hTQUExMDE1czNaYlhEQnh1OXNVeXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkDMA0G
CSqGSIb3DQEBCwUAA4IBAQDU7+rtCWanqoXtNfaV2q0zgqK9K1P8DbBr0nDju8Qi
rmcrZc8AZlW+adnNxPtM8/oEIh5uspWQgzkvDuLa10/zYlkB4OFe3YRA2QKiHkLC
uKCDxsQ3ghqhYx/9S+NnnHogGPGwZiTyOm5Jcd1fj2m/+SLPb7TCR6KRcUVb0rP5
oTC/XU5TReUa36VN7RhH0fYn73oeiznPbE7tCu740zJdghoPW/WpmZq3NphNs2yE
WoWX0atURz0q2Z+2EqsVBKo/Lec017lxRDUlxmBPJDAtBcweTJv439xFYyzya3IJ
KC1+OOk3V3P5srMCT5e/5WiijcbD/F/xynytMAGENbP5
-----END CERTIFICATE-----