Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qCWUGwE6VUnkX4kMSY0InzsLpVQ.roa
File:                     qCWUGwE6VUnkX4kMSY0InzsLpVQ.roa (raw, json)
Hash identifier:          rWI8BeDWahg6D4bFf+K+FOnz7bc11IyBwog46dsLNik=
Subject key identifier:   A8:25:94:1B:01:3A:55:49:E4:5F:89:0C:49:8D:08:9F:3B:0B:A5:54
Certificate issuer:       /CN=a8847f64567e4aa4ad5cb7fc22f22df4e2bc6978
Certificate serial:       018CC9BC672D28A93F8AA20BBA1383AAFEB3
Authority key identifier: A8:84:7F:64:56:7E:4A:A4:AD:5C:B7:FC:22:F2:2D:F4:E2:BC:69:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qCWUGwE6VUnkX4kMSY0InzsLpVQ.roa
Signing time:             Tue 02 Jan 2024 10:33:36 +0000
ROA not before:           Tue 02 Jan 2024 10:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208221
IP address blocks:        45.153.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:67:2d:28:a9:3f:8a:a2:0b:ba:13:83:aa:fe:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8847f64567e4aa4ad5cb7fc22f22df4e2bc6978
        Validity
            Not Before: Jan  2 10:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a825941b013a5549e45f890c498d089f3b0ba554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5d:c5:ea:42:61:e5:08:ff:4d:37:be:be:f4:
                    3d:bd:47:9f:7c:57:67:dc:d6:de:53:44:2a:6b:8e:
                    07:ac:16:64:ab:72:3c:4b:aa:a2:f8:13:04:f6:a9:
                    79:c9:ef:15:33:8b:05:31:8a:3d:eb:18:d9:c8:bf:
                    09:0b:c1:49:3d:93:55:4d:b3:79:c0:f5:c8:5e:af:
                    3a:06:a8:e3:33:26:05:dc:1e:01:60:2c:47:6a:51:
                    6d:99:c2:4e:a8:a2:b2:0d:e0:54:6b:42:0e:a6:b3:
                    d3:9a:9a:54:82:2e:a4:6a:66:e5:ea:32:2f:3b:4d:
                    72:6a:df:3d:a9:ac:0e:a6:f0:06:da:f0:a6:e5:4f:
                    13:b2:d0:7d:40:bc:9f:94:fd:81:4e:50:36:1b:91:
                    cc:e8:8f:93:92:54:4d:9e:8c:05:0d:f6:8c:f6:87:
                    06:da:cb:88:39:38:15:fe:6e:95:bd:2d:0e:f9:9e:
                    fe:3d:df:04:25:25:b5:ff:6c:01:90:63:fe:bc:19:
                    8f:ed:25:8b:b3:d6:fa:be:08:0f:0b:82:ff:d4:45:
                    5d:ac:4b:46:8d:cf:6c:69:70:41:66:b0:32:40:41:
                    36:01:75:8c:ae:64:30:22:88:b7:97:91:62:1b:b1:
                    fe:19:cd:3a:30:ea:ad:79:63:2f:6e:a3:c4:02:ec:
                    f2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:25:94:1B:01:3A:55:49:E4:5F:89:0C:49:8D:08:9F:3B:0B:A5:54
            X509v3 Authority Key Identifier:
                keyid:A8:84:7F:64:56:7E:4A:A4:AD:5C:B7:FC:22:F2:2D:F4:E2:BC:69:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qCWUGwE6VUnkX4kMSY0InzsLpVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:88:0a:37:99:2a:fe:c4:3a:f8:94:01:d9:83:6b:44:6d:6f:
         b5:b8:f2:36:4d:e8:50:b0:03:c0:89:8f:48:ed:21:6a:1f:25:
         ef:af:35:c4:71:54:ba:f9:c6:a4:c1:3c:26:cc:4b:48:74:ed:
         1d:91:b8:5f:f7:ab:17:90:b3:0a:b7:dc:b4:46:53:22:6c:be:
         2a:42:de:7f:c3:24:5b:be:5e:20:56:ea:86:ca:7a:13:39:4e:
         89:15:1c:49:fb:2c:44:a7:e0:53:ee:97:53:d5:38:2f:f1:31:
         3e:8a:4b:e2:96:fc:15:f9:12:0f:db:07:af:48:9f:fe:4b:de:
         e4:71:f6:bb:a1:ff:4c:b1:2d:1a:b3:ae:4b:64:06:22:75:7f:
         61:6c:b3:ce:b1:f2:76:08:c9:d6:02:e3:0f:0c:47:64:bb:1b:
         c0:9b:6c:72:4f:fe:f2:92:46:ad:86:8c:fc:7d:00:85:08:69:
         1c:dc:db:5e:87:ad:d3:b9:38:bd:0f:7b:68:59:4f:c0:e2:6c:
         e1:bb:9b:db:0a:81:fb:46:c0:cc:fd:83:9a:b4:3e:4b:d1:99:
         98:1f:0e:83:04:a0:4e:a5:84:8a:0d:f9:12:4d:c0:da:2a:0c:
         5a:55:53:c7:a2:2d:63:11:ae:94:85:f4:f2:19:89:03:67:aa:
         ad:ca:b9:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGctKKk/iqILuhODqv6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ODQ3ZjY0NTY3ZTRhYTRhZDVjYjdmYzIyZjIyZGY0ZTJi
YzY5NzgwHhcNMjQwMTAyMTAzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODI1OTQxYjAxM2E1NTQ5ZTQ1Zjg5MGM0OThkMDg5ZjNiMGJhNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkF3F6kJh5Qj/TTe+vvQ9vUeffFdn
3NbeU0Qqa44HrBZkq3I8S6qi+BME9ql5ye8VM4sFMYo96xjZyL8JC8FJPZNVTbN5
wPXIXq86BqjjMyYF3B4BYCxHalFtmcJOqKKyDeBUa0IOprPTmppUgi6kambl6jIv
O01yat89qawOpvAG2vCm5U8TstB9QLyflP2BTlA2G5HM6I+TklRNnowFDfaM9ocG
2suIOTgV/m6VvS0O+Z7+Pd8EJSW1/2wBkGP+vBmP7SWLs9b6vggPC4L/1EVdrEtG
jc9saXBBZrAyQEE2AXWMrmQwIoi3l5FiG7H+Gc06MOqteWMvbqPEAuzymQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgllBsBOlVJ5F+JDEmNCJ87C6VUMB8GA1UdIwQY
MBaAFKiEf2RWfkqkrVy3/CLyLfTivGl4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUlSX1pGWi1TcVN0WExmOEl2SXQ5T0s4YVhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8xN2FmOTQtNzIxNC00YWRiLWIzMDQt
MTAyNTU3MThhMTg1LzEvcUNXVUd3RTZWVW5rWDRrTVNZMEluenNMcFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8xN2FmOTQtNzIxNC00YWRiLWIzMDQtMTAyNTU3MThhMTg1
LzEvcUlSX1pGWi1TcVN0WExmOEl2SXQ5T0s4YVhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZkMMA0G
CSqGSIb3DQEBCwUAA4IBAQAJiAo3mSr+xDr4lAHZg2tEbW+1uPI2TehQsAPAiY9I
7SFqHyXvrzXEcVS6+cakwTwmzEtIdO0dkbhf96sXkLMKt9y0RlMibL4qQt5/wyRb
vl4gVuqGynoTOU6JFRxJ+yxEp+BT7pdT1Tgv8TE+ikvilvwV+RIP2wevSJ/+S97k
cfa7of9MsS0as65LZAYidX9hbLPOsfJ2CMnWAuMPDEdkuxvAm2xyT/7ykkathoz8
fQCFCGkc3Nteh63TuTi9D3toWU/A4mzhu5vbCoH7RsDM/YOatD5L0ZmYHw6DBKBO
pYSKDfkSTcDaKgxaVVPHoi1jEa6UhfTyGYkDZ6qtyrki
-----END CERTIFICATE-----