Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/7a9961-213e-4cc4-8f96-7f579ba098be/1/OQRcfzOP1c5BKCV75NGf-zc0JG0.roa
File:                     OQRcfzOP1c5BKCV75NGf-zc0JG0.roa (raw, json)
Hash identifier:          jqSWQr5hS+p16E6WMEFV1CsRjiW4PUHXys4rBr326Vw=
Subject key identifier:   39:04:5C:7F:33:8F:D5:CE:41:28:25:7B:E4:D1:9F:FB:37:34:24:6D
Certificate issuer:       /CN=48395eb4c0ee2daa5392cd99fc45efbc4a754e90
Certificate serial:       018CC492F71B0A3312E636EADBD99BE7055C
Authority key identifier: 48:39:5E:B4:C0:EE:2D:AA:53:92:CD:99:FC:45:EF:BC:4A:75:4E:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SDletMDuLapTks2Z_EXvvEp1TpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/7a9961-213e-4cc4-8f96-7f579ba098be/1/OQRcfzOP1c5BKCV75NGf-zc0JG0.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        45.150.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/7a9961-213e-4cc4-8f96-7f579ba098be/1/SDletMDuLapTks2Z_EXvvEp1TpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/7a9961-213e-4cc4-8f96-7f579ba098be/1/SDletMDuLapTks2Z_EXvvEp1TpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SDletMDuLapTks2Z_EXvvEp1TpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f7:1b:0a:33:12:e6:36:ea:db:d9:9b:e7:05:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48395eb4c0ee2daa5392cd99fc45efbc4a754e90
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39045c7f338fd5ce4128257be4d19ffb3734246d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f9:69:fa:6c:0c:77:58:cf:42:00:bb:f7:21:
                    ee:69:13:56:ed:ff:a0:8d:18:49:58:c8:42:23:a4:
                    28:3e:a3:88:d3:de:71:78:90:f3:c5:53:3c:40:0d:
                    fc:83:9c:cb:54:53:49:e6:6d:e2:52:af:7a:d6:83:
                    ef:f1:40:c3:17:76:0d:1d:f1:f6:28:1f:38:f8:29:
                    50:c9:3f:85:20:30:1b:6d:36:a1:04:50:1c:db:04:
                    62:26:1a:c4:8d:51:fa:2e:1d:1b:fc:4a:aa:31:04:
                    14:d3:90:67:1d:2f:b3:a1:45:9d:8e:f3:35:5a:7d:
                    98:94:44:19:ad:5e:6a:e7:d0:85:9f:44:dc:d7:98:
                    74:0e:9e:26:17:5c:8f:2d:0f:b6:76:5f:ea:ae:94:
                    b1:9f:93:dc:bc:87:0d:41:0d:cd:8e:ae:93:db:32:
                    f2:51:73:e8:bd:59:31:ef:c3:08:f6:bb:3a:54:20:
                    3d:cb:5d:1e:81:8f:24:4e:81:39:ff:e3:ef:b2:4b:
                    ef:ad:27:40:67:83:67:1c:78:61:d9:1b:f2:0a:cd:
                    24:50:39:95:90:2b:40:5e:f9:79:17:30:4c:fb:90:
                    e4:32:f1:be:6b:48:60:ae:65:ce:b1:8c:ce:0d:f3:
                    f9:b0:6d:6a:19:1f:17:a5:eb:d4:b0:c8:d9:46:12:
                    d1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:04:5C:7F:33:8F:D5:CE:41:28:25:7B:E4:D1:9F:FB:37:34:24:6D
            X509v3 Authority Key Identifier:
                keyid:48:39:5E:B4:C0:EE:2D:AA:53:92:CD:99:FC:45:EF:BC:4A:75:4E:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SDletMDuLapTks2Z_EXvvEp1TpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7a9961-213e-4cc4-8f96-7f579ba098be/1/OQRcfzOP1c5BKCV75NGf-zc0JG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7a9961-213e-4cc4-8f96-7f579ba098be/1/SDletMDuLapTks2Z_EXvvEp1TpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:14:b0:e3:74:4a:40:4d:d5:24:9b:56:59:29:3f:3c:d1:52:
         69:32:7b:0c:42:70:1e:4d:11:92:84:6d:b3:ed:9c:1a:6b:71:
         86:72:40:45:1f:74:b6:b9:e9:5a:6b:fb:d8:e9:9c:c5:0f:92:
         43:58:3a:9b:32:84:4c:ae:83:cb:ac:00:8f:4a:98:6a:af:a6:
         ad:1c:22:7b:a3:05:85:fe:23:00:a1:0a:ad:a0:a4:3c:3a:63:
         68:0a:19:a5:a6:5d:4b:ff:b7:b7:83:0d:97:ef:f5:8b:10:36:
         f2:f8:ca:3d:16:63:64:6f:51:4a:ef:da:0e:79:9c:a9:fe:fe:
         f9:85:b6:ba:99:c2:0e:61:b1:9b:07:18:64:72:6f:20:d4:7b:
         7e:2d:ce:8a:32:00:3d:5f:ef:e3:b2:76:ec:b0:09:4f:b1:f7:
         5d:00:20:ca:75:29:7a:e3:5d:cb:c9:8b:11:73:c8:2e:2c:aa:
         99:48:f9:ed:d2:4b:8a:b8:68:c4:8d:47:e1:6e:b1:e3:19:64:
         11:ea:aa:85:80:53:5b:82:b2:d2:74:31:a3:1b:df:b6:ff:35:
         86:d7:88:03:e2:3a:6b:88:9e:e7:2b:34:f4:0e:c5:ff:48:fd:
         89:f9:5e:35:c2:1d:2d:86:6d:c3:01:dd:b2:6e:0e:82:ae:3d:
         37:8d:26:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvcbCjMS5jbq29mb5wVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4Mzk1ZWI0YzBlZTJkYWE1MzkyY2Q5OWZjNDVlZmJjNGE3
NTRlOTAwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA0NWM3ZjMzOGZkNWNlNDEyODI1N2JlNGQxOWZmYjM3MzQyNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvlp+mwMd1jPQgC79yHuaRNW7f+g
jRhJWMhCI6QoPqOI095xeJDzxVM8QA38g5zLVFNJ5m3iUq961oPv8UDDF3YNHfH2
KB84+ClQyT+FIDAbbTahBFAc2wRiJhrEjVH6Lh0b/EqqMQQU05BnHS+zoUWdjvM1
Wn2YlEQZrV5q59CFn0Tc15h0Dp4mF1yPLQ+2dl/qrpSxn5PcvIcNQQ3Njq6T2zLy
UXPovVkx78MI9rs6VCA9y10egY8kToE5/+PvskvvrSdAZ4NnHHhh2RvyCs0kUDmV
kCtAXvl5FzBM+5DkMvG+a0hgrmXOsYzODfP5sG1qGR8XpevUsMjZRhLRGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkEXH8zj9XOQSgle+TRn/s3NCRtMB8GA1UdIwQY
MBaAFEg5XrTA7i2qU5LNmfxF77xKdU6QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0RsZXRNRHVMYXBUa3MyWl9FWHZ2RXAxVHBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy83YTk5NjEtMjEzZS00Y2M0LThmOTYt
N2Y1NzliYTA5OGJlLzEvT1FSY2Z6T1AxYzVCS0NWNzVOR2YtemMwSkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy83YTk5NjEtMjEzZS00Y2M0LThmOTYtN2Y1NzliYTA5OGJl
LzEvU0RsZXRNRHVMYXBUa3MyWl9FWHZ2RXAxVHBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZYMMA0G
CSqGSIb3DQEBCwUAA4IBAQDLFLDjdEpATdUkm1ZZKT880VJpMnsMQnAeTRGShG2z
7Zwaa3GGckBFH3S2uelaa/vY6ZzFD5JDWDqbMoRMroPLrACPSphqr6atHCJ7owWF
/iMAoQqtoKQ8OmNoChmlpl1L/7e3gw2X7/WLEDby+Mo9FmNkb1FK79oOeZyp/v75
hba6mcIOYbGbBxhkcm8g1Ht+Lc6KMgA9X+/jsnbssAlPsfddACDKdSl6413LyYsR
c8guLKqZSPnt0kuKuGjEjUfhbrHjGWQR6qqFgFNbgrLSdDGjG9+2/zWG14gD4jpr
iJ7nKzT0DsX/SP2J+V41wh0thm3DAd2ybg6Crj03jSYX
-----END CERTIFICATE-----