Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/dP1rqd0EzJrUlu0AvutGb1LbNug.roa
File:                     dP1rqd0EzJrUlu0AvutGb1LbNug.roa (raw, json)
Hash identifier:          0jKkoFJSBFdCAFgcMeEvcyDh92DqDT5TPI3bcv932XM=
Subject key identifier:   74:FD:6B:A9:DD:04:CC:9A:D4:96:ED:00:BE:EB:46:6F:52:DB:36:E8
Certificate issuer:       /CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
Certificate serial:       018CC26CFCDE3AAF83558BA779A25CECD733
Authority key identifier: DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/dP1rqd0EzJrUlu0AvutGb1LbNug.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203546
IP address blocks:        45.150.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:de:3a:af:83:55:8b:a7:79:a2:5c:ec:d7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74fd6ba9dd04cc9ad496ed00beeb466f52db36e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7e:e7:41:ab:e7:44:65:7c:3d:37:fb:65:b5:
                    65:d7:62:13:c6:bf:6f:a6:8f:8d:f9:e7:d5:f6:3f:
                    39:30:d1:54:3d:1c:aa:e6:96:47:8e:dd:42:c8:c3:
                    6c:88:50:9c:5e:d1:f8:e6:01:22:20:db:fe:6e:f2:
                    f2:00:43:a8:94:0b:98:fa:07:53:d0:c1:17:a2:8f:
                    0f:5e:e9:e1:0d:45:89:5a:25:2f:3e:84:0e:cc:9f:
                    9a:5a:53:02:ad:da:de:5e:5b:7d:50:df:77:d1:5b:
                    af:87:f6:cf:b0:0e:65:d9:fe:74:8a:4b:86:c8:da:
                    8e:91:8a:93:80:31:ae:98:fc:1d:5b:66:d0:3f:20:
                    9a:b4:8b:1e:ac:8a:b5:bd:8a:54:6f:45:cc:d0:75:
                    e3:ad:06:25:cd:30:5e:17:f6:41:6b:27:73:15:dd:
                    e9:7a:30:a7:94:c5:74:3c:37:dc:6b:1b:6e:43:34:
                    34:06:de:78:ed:0f:06:18:d7:46:15:75:00:b4:33:
                    ea:06:5f:7c:6e:42:f1:71:0f:3d:81:d8:02:81:5e:
                    ce:13:89:56:b5:8b:2b:40:0b:16:12:27:cc:eb:49:
                    3a:46:63:f3:8d:2e:9b:20:16:a7:c0:8d:6b:c2:ec:
                    7b:69:1b:58:91:33:2f:56:f0:d4:51:3c:d7:5d:ff:
                    a6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:FD:6B:A9:DD:04:CC:9A:D4:96:ED:00:BE:EB:46:6F:52:DB:36:E8
            X509v3 Authority Key Identifier:
                keyid:DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/dP1rqd0EzJrUlu0AvutGb1LbNug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:52:d3:d9:fe:7c:d3:39:59:0b:bc:4d:76:08:87:50:dd:58:
         1e:e1:42:92:ba:de:b2:1b:8f:d5:35:fc:63:9c:62:0e:12:66:
         29:cf:aa:4b:d0:79:a6:cd:42:d5:f1:da:4c:b0:a8:e6:63:d0:
         ee:71:96:da:3d:2d:18:91:68:55:76:8e:1a:48:aa:7e:9b:ec:
         e7:c8:34:39:38:88:bd:65:fe:1a:ba:d7:64:6d:69:8c:1c:0e:
         e4:18:8e:14:da:e1:0a:6d:e0:78:09:cc:12:d7:73:f3:5a:73:
         dc:57:da:bb:e2:14:b4:d0:6a:1f:93:4c:b4:2d:26:af:fb:60:
         db:b1:10:3d:96:c6:f0:49:f4:07:90:df:ea:37:01:98:84:dd:
         b3:de:41:90:6c:81:ae:e6:01:79:2f:e1:c1:65:a6:a2:1f:3e:
         1d:2f:d2:4a:b5:99:26:7e:3e:46:2e:52:2a:85:e7:21:10:65:
         86:08:d7:1c:31:60:a5:8c:47:dd:07:09:20:6f:c6:aa:0c:d0:
         44:4e:56:8a:18:ef:6e:84:2d:2c:91:a8:1c:3d:ac:9d:bd:1f:
         36:c9:00:d6:74:cc:a1:8a:30:41:07:a9:ee:51:0d:d4:a1:0d:
         3a:38:58:51:5d:74:c7:8a:f0:cc:c0:d3:01:12:df:ed:92:6e:
         f5:bd:56:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPzeOq+DVYuneaJc7NczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMWZkMDA3ZGZmYTUwOGYzMDA2M2ZiZTRkNTNhMmIyZTFl
OGM0ZGUwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGZkNmJhOWRkMDRjYzlhZDQ5NmVkMDBiZWViNDY2ZjUyZGIzNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin7nQavnRGV8PTf7ZbVl12ITxr9v
po+N+efV9j85MNFUPRyq5pZHjt1CyMNsiFCcXtH45gEiINv+bvLyAEOolAuY+gdT
0MEXoo8PXunhDUWJWiUvPoQOzJ+aWlMCrdreXlt9UN930Vuvh/bPsA5l2f50ikuG
yNqOkYqTgDGumPwdW2bQPyCatIserIq1vYpUb0XM0HXjrQYlzTBeF/ZBaydzFd3p
ejCnlMV0PDfcaxtuQzQ0Bt547Q8GGNdGFXUAtDPqBl98bkLxcQ89gdgCgV7OE4lW
tYsrQAsWEifM60k6RmPzjS6bIBanwI1rwux7aRtYkTMvVvDUUTzXXf+mxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHT9a6ndBMya1JbtAL7rRm9S2zboMB8GA1UdIwQY
MBaAFNwf0Aff+lCPMAY/vk1TorLh6MTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMt
YWU0Yzk1Yzk0MDA1LzEvZFAxcnFkMEV6SnJVbHUwQXZ1dEdiMUxiTnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMtYWU0Yzk1Yzk0MDA1
LzEvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZZFMA0G
CSqGSIb3DQEBCwUAA4IBAQAKUtPZ/nzTOVkLvE12CIdQ3Vge4UKSut6yG4/VNfxj
nGIOEmYpz6pL0HmmzULV8dpMsKjmY9DucZbaPS0YkWhVdo4aSKp+m+znyDQ5OIi9
Zf4autdkbWmMHA7kGI4U2uEKbeB4CcwS13PzWnPcV9q74hS00Gofk0y0LSav+2Db
sRA9lsbwSfQHkN/qNwGYhN2z3kGQbIGu5gF5L+HBZaaiHz4dL9JKtZkmfj5GLlIq
hechEGWGCNccMWCljEfdBwkgb8aqDNBETlaKGO9uhC0skagcPaydvR82yQDWdMyh
ijBBB6nuUQ3UoQ06OFhRXXTHivDMwNMBEt/tkm71vVZJ
-----END CERTIFICATE-----