Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mqJqNuJgQUuuIiW3OM9dHPqsOZk.roa
File:                     mqJqNuJgQUuuIiW3OM9dHPqsOZk.roa (raw, json)
Hash identifier:          9aI2BOZ1dAzPcrU6OqrQi1p67AyCWi57Kh4j2nm64YY=
Subject key identifier:   9A:A2:6A:36:E2:60:41:4B:AE:22:25:B7:38:CF:5D:1C:FA:AC:39:99
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9C11B25CA0F2BDDF40F42FCF5ADB
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mqJqNuJgQUuuIiW3OM9dHPqsOZk.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        45.8.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9c:11:b2:5c:a0:f2:bd:df:40:f4:2f:cf:5a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aa26a36e260414bae2225b738cf5d1cfaac3999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ec:c9:2a:0b:a5:51:0a:75:6f:ed:b3:be:1c:
                    d4:a1:3d:67:2c:80:04:e7:70:98:1e:67:ce:e8:1b:
                    72:ef:34:ca:31:2f:33:8f:40:09:83:ef:4b:59:b1:
                    81:da:23:e9:7b:02:48:c6:09:4b:ba:0e:49:6d:0b:
                    fb:8a:71:bd:2f:57:e8:47:53:28:d9:d4:59:65:af:
                    36:55:5f:da:b3:3f:c4:db:7d:e2:3e:c6:fd:01:4e:
                    3e:7c:4f:8f:6f:f3:0b:df:d2:55:78:c4:41:52:f4:
                    41:91:35:ca:c1:db:6b:a0:6b:0c:dd:f6:ad:d5:62:
                    5f:e7:92:b3:79:43:6d:70:5c:32:39:55:c3:d8:09:
                    a0:32:95:e1:eb:1a:c9:95:95:7b:a3:22:1b:46:c5:
                    05:3e:47:ce:b9:2d:70:29:5a:46:3d:1d:be:f5:fa:
                    c7:69:5c:9c:49:5e:df:c5:ec:80:b3:5c:9c:29:79:
                    2d:e3:81:d1:3d:d4:2a:5b:97:3c:d0:cb:ec:03:b2:
                    03:d3:c7:95:bd:ff:09:61:8f:34:22:d2:25:95:48:
                    01:c5:75:a8:49:b0:3d:b8:bd:83:f7:d4:0d:cb:f9:
                    5b:c6:15:14:89:96:64:5c:67:e0:97:f4:d8:67:5e:
                    8a:eb:04:ce:36:f3:17:0f:13:f2:18:13:de:3c:6d:
                    cc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A2:6A:36:E2:60:41:4B:AE:22:25:B7:38:CF:5D:1C:FA:AC:39:99
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mqJqNuJgQUuuIiW3OM9dHPqsOZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:f5:84:c3:98:ea:dd:30:7f:74:55:58:d1:8f:07:dc:05:3e:
         52:19:2f:1d:ec:94:8c:ec:e4:de:08:90:af:fb:83:52:b9:71:
         68:cd:d8:6f:48:d4:30:37:70:f3:04:98:47:e6:0a:9d:3d:c2:
         99:e8:ea:24:58:96:6a:60:f1:a6:a4:df:56:4c:96:08:3d:c3:
         04:5e:05:f8:70:26:b4:35:66:54:4a:a0:1d:fa:78:61:84:b7:
         d9:9b:5d:9f:ae:71:72:94:d0:ac:66:f2:cb:13:e0:a2:90:ba:
         aa:b3:dc:66:36:66:af:8e:3c:8a:d3:e4:9b:f8:6e:5b:cd:25:
         2a:85:ad:8b:46:b2:70:97:bd:3f:2c:44:30:c3:37:a9:5f:39:
         1a:da:b4:be:02:fe:b8:a1:55:cd:de:84:83:1f:27:06:9e:44:
         8a:82:3d:66:be:59:8e:a0:fb:96:68:4d:0e:a9:ca:b7:84:f2:
         ee:3e:1b:eb:e1:0e:92:cb:17:47:e7:90:1b:b3:d3:1c:f8:e6:
         69:4e:27:f7:65:76:24:d8:80:da:64:e2:05:b7:16:31:38:fe:
         19:6d:cd:c9:68:37:17:2c:c4:09:78:dd:a9:4a:78:f8:a6:94:
         1e:00:db:84:32:09:f2:e9:d2:ad:8c:b3:25:92:89:97:d7:28:
         f0:db:3f:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35wRslyg8r3fQPQvz1rbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWEyNmEzNmUyNjA0MTRiYWUyMjI1YjczOGNmNWQxY2ZhYWMzOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ezJKgulUQp1b+2zvhzUoT1nLIAE
53CYHmfO6Bty7zTKMS8zj0AJg+9LWbGB2iPpewJIxglLug5JbQv7inG9L1foR1Mo
2dRZZa82VV/asz/E233iPsb9AU4+fE+Pb/ML39JVeMRBUvRBkTXKwdtroGsM3fat
1WJf55KzeUNtcFwyOVXD2AmgMpXh6xrJlZV7oyIbRsUFPkfOuS1wKVpGPR2+9frH
aVycSV7fxeyAs1ycKXkt44HRPdQqW5c80MvsA7ID08eVvf8JYY80ItIllUgBxXWo
SbA9uL2D99QNy/lbxhUUiZZkXGfgl/TYZ16K6wTONvMXDxPyGBPePG3MQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqiajbiYEFLriIltzjPXRz6rDmZMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbXFKcU51SmdRVXV1SWlXM09NOWRIUHFzT1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjQMA0G
CSqGSIb3DQEBCwUAA4IBAQBk9YTDmOrdMH90VVjRjwfcBT5SGS8d7JSM7OTeCJCv
+4NSuXFozdhvSNQwN3DzBJhH5gqdPcKZ6OokWJZqYPGmpN9WTJYIPcMEXgX4cCa0
NWZUSqAd+nhhhLfZm12frnFylNCsZvLLE+CikLqqs9xmNmavjjyK0+Sb+G5bzSUq
ha2LRrJwl70/LEQwwzepXzka2rS+Av64oVXN3oSDHycGnkSKgj1mvlmOoPuWaE0O
qcq3hPLuPhvr4Q6SyxdH55Abs9Mc+OZpTif3ZXYk2IDaZOIFtxYxOP4Zbc3JaDcX
LMQJeN2pSnj4ppQeANuEMgny6dKtjLMlkomX1yjw2z9Z
-----END CERTIFICATE-----