Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/50b18f-9a7d-452c-a6d5-9de7525ba712/1/Q2gCgxsybswGzFw3MDpTrC9Qk3k.roa
File:                     Q2gCgxsybswGzFw3MDpTrC9Qk3k.roa (raw, json)
Hash identifier:          PR3OJJCqKRzUm3DdR5Pl8EZnOUFZZ8Xv1KvAqG+E/pY=
Subject key identifier:   43:68:02:83:1B:32:6E:CC:06:CC:5C:37:30:3A:53:AC:2F:50:93:79
Certificate issuer:       /CN=b814345affd1506af9af32ec0d77399b7664aa3f
Certificate serial:       0192A51087EA816A20A31DB091B15EE6397E
Authority key identifier: B8:14:34:5A:FF:D1:50:6A:F9:AF:32:EC:0D:77:39:9B:76:64:AA:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uBQ0Wv_RUGr5rzLsDXc5m3Zkqj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/50b18f-9a7d-452c-a6d5-9de7525ba712/1/Q2gCgxsybswGzFw3MDpTrC9Qk3k.roa
Signing time:             Sat 19 Oct 2024 13:56:16 +0000
ROA not before:           Sat 19 Oct 2024 13:56:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197641
IP address blocks:        45.144.104.0/22 maxlen: 22
                          2a0e:ec40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/50b18f-9a7d-452c-a6d5-9de7525ba712/1/uBQ0Wv_RUGr5rzLsDXc5m3Zkqj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/50b18f-9a7d-452c-a6d5-9de7525ba712/1/uBQ0Wv_RUGr5rzLsDXc5m3Zkqj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uBQ0Wv_RUGr5rzLsDXc5m3Zkqj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a5:10:87:ea:81:6a:20:a3:1d:b0:91:b1:5e:e6:39:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b814345affd1506af9af32ec0d77399b7664aa3f
        Validity
            Not Before: Oct 19 13:56:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=436802831b326ecc06cc5c37303a53ac2f509379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fe:b1:8e:e4:df:75:b0:c1:83:f4:28:05:ce:
                    33:1c:6c:2b:ec:47:c9:ba:cf:c5:85:94:b3:1c:ea:
                    90:32:b8:d3:22:04:86:5f:d5:67:b1:c6:22:9e:9d:
                    3b:f9:41:93:4c:d5:b9:74:e8:ff:65:38:26:dd:f5:
                    91:36:80:da:4b:d9:c6:36:16:1d:2a:5c:00:b8:1c:
                    e3:5a:74:af:fb:61:a1:b0:d6:56:77:62:74:07:4a:
                    56:e4:15:ff:f0:29:18:61:17:fb:fb:cf:66:3e:9f:
                    33:eb:5d:7c:8a:da:a5:0e:26:7b:ec:4b:0e:b9:b1:
                    07:c3:32:c6:87:e9:24:f0:a8:a0:ee:46:1f:4a:e4:
                    a9:b0:06:cd:e4:bb:4e:3e:91:c6:47:a8:1c:24:9a:
                    41:18:f3:42:4b:09:37:67:ab:f2:4f:6a:f6:15:bb:
                    d6:de:a7:19:3d:3f:ff:e7:17:a3:4e:86:3f:ad:ee:
                    fd:81:48:bb:1e:9a:bf:d6:7a:2e:c0:e6:e4:e9:02:
                    3b:fc:3e:41:cd:e6:da:22:a6:81:33:2d:24:74:3d:
                    b5:19:13:e4:c2:90:d6:94:42:63:80:da:7a:f6:e1:
                    22:5e:54:1d:4c:37:b7:1f:31:64:0d:71:19:95:f6:
                    3c:9d:a1:58:b0:b2:1f:86:98:86:c5:44:6c:86:73:
                    90:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:68:02:83:1B:32:6E:CC:06:CC:5C:37:30:3A:53:AC:2F:50:93:79
            X509v3 Authority Key Identifier:
                keyid:B8:14:34:5A:FF:D1:50:6A:F9:AF:32:EC:0D:77:39:9B:76:64:AA:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uBQ0Wv_RUGr5rzLsDXc5m3Zkqj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/50b18f-9a7d-452c-a6d5-9de7525ba712/1/Q2gCgxsybswGzFw3MDpTrC9Qk3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/50b18f-9a7d-452c-a6d5-9de7525ba712/1/uBQ0Wv_RUGr5rzLsDXc5m3Zkqj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.104.0/22
                IPv6:
                  2a0e:ec40::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:58:63:9b:23:5c:d8:bb:0c:18:9e:42:5f:59:c4:16:98:5b:
         97:47:b8:0e:75:d8:58:92:0f:87:37:37:a4:07:a1:f8:de:cb:
         7a:5d:dc:5f:32:bb:e8:f0:36:e8:54:8e:9c:30:ac:56:56:c0:
         38:2a:38:3b:1a:44:49:5f:36:ab:18:3d:36:33:8e:2a:97:40:
         64:fc:f2:2f:95:99:3c:73:50:b8:38:d8:f2:71:c8:de:fa:30:
         37:62:18:33:8f:8f:8f:0e:0b:94:e9:5b:a2:8a:54:c7:61:8b:
         83:98:6f:82:ed:91:25:bf:60:10:86:45:5e:af:a7:17:f8:71:
         15:38:57:78:97:cb:41:4b:b9:01:42:62:8f:31:fa:d9:57:a6:
         02:4f:ba:2d:f6:01:81:12:49:7b:37:1c:11:6d:05:9a:05:91:
         68:71:f8:8c:c9:ba:96:74:25:ca:23:2b:d5:47:72:3d:9a:0c:
         6c:60:26:1e:f4:97:27:13:ce:3f:6d:9d:dc:c8:38:e4:4d:d9:
         d1:0f:95:0c:8e:59:d9:79:db:b7:78:f1:9a:1f:d2:26:f8:58:
         c0:eb:66:a4:0e:de:77:4f:6d:0a:a3:e9:e4:06:bf:bf:bf:06:
         91:70:bd:d5:e5:37:2f:59:61:86:28:05:25:a2:10:5a:cf:b6:
         73:ca:65:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKlEIfqgWogox2wkbFe5jl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MTQzNDVhZmZkMTUwNmFmOWFmMzJlYzBkNzczOTliNzY2
NGFhM2YwHhcNMjQxMDE5MTM1NjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY4MDI4MzFiMzI2ZWNjMDZjYzVjMzczMDNhNTNhYzJmNTA5Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgv6xjuTfdbDBg/QoBc4zHGwr7EfJ
us/FhZSzHOqQMrjTIgSGX9VnscYinp07+UGTTNW5dOj/ZTgm3fWRNoDaS9nGNhYd
KlwAuBzjWnSv+2GhsNZWd2J0B0pW5BX/8CkYYRf7+89mPp8z6118itqlDiZ77EsO
ubEHwzLGh+kk8Kig7kYfSuSpsAbN5LtOPpHGR6gcJJpBGPNCSwk3Z6vyT2r2FbvW
3qcZPT//5xejToY/re79gUi7Hpq/1nouwObk6QI7/D5BzebaIqaBMy0kdD21GRPk
wpDWlEJjgNp69uEiXlQdTDe3HzFkDXEZlfY8naFYsLIfhpiGxURshnOQkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFENoAoMbMm7MBsxcNzA6U6wvUJN5MB8GA1UdIwQY
MBaAFLgUNFr/0VBq+a8y7A13OZt2ZKo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUJRMFd2X1JVR3I1cnpMc0RYYzVtM1prcWo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81MGIxOGYtOWE3ZC00NTJjLWE2ZDUt
OWRlNzUyNWJhNzEyLzEvUTJnQ2d4c3lic3dHekZ3M01EcFRyQzlRazNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81MGIxOGYtOWE3ZC00NTJjLWE2ZDUtOWRlNzUyNWJhNzEy
LzEvdUJRMFd2X1JVR3I1cnpMc0RYYzVtM1prcWo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZBoMA0E
AgACMAcDBQMqDuxAMA0GCSqGSIb3DQEBCwUAA4IBAQCVWGObI1zYuwwYnkJfWcQW
mFuXR7gOddhYkg+HNzekB6H43st6XdxfMrvo8DboVI6cMKxWVsA4Kjg7GkRJXzar
GD02M44ql0Bk/PIvlZk8c1C4ONjyccje+jA3Yhgzj4+PDguU6VuiilTHYYuDmG+C
7ZElv2AQhkVer6cX+HEVOFd4l8tBS7kBQmKPMfrZV6YCT7ot9gGBEkl7NxwRbQWa
BZFocfiMybqWdCXKIyvVR3I9mgxsYCYe9JcnE84/bZ3cyDjkTdnRD5UMjlnZedu3
ePGaH9Im+FjA62akDt53T20Ko+nkBr+/vwaRcL3V5TcvWWGGKAUlohBaz7ZzymVK
-----END CERTIFICATE-----