Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/XQALUUdc8j-wAGWMUMlf0zsRZtc.roa
File:                     XQALUUdc8j-wAGWMUMlf0zsRZtc.roa (raw, json)
Hash identifier:          8tel7lhDNHUmrQah94lZjiXAHtYuT3oHPGYImd2ah3k=
Subject key identifier:   5D:00:0B:51:47:5C:F2:3F:B0:00:65:8C:50:C9:5F:D3:3B:11:66:D7
Certificate issuer:       /CN=143239651db6aab1bcb67325f785b5ee1f4025cb
Certificate serial:       018F573EAE19B2197DDA793974F15C0AB94B
Authority key identifier: 14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/XQALUUdc8j-wAGWMUMlf0zsRZtc.roa
Signing time:             Wed 08 May 2024 08:07:56 +0000
ROA not before:           Wed 08 May 2024 08:07:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209604
IP address blocks:        45.155.125.0/24 maxlen: 24
                          194.36.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:3e:ae:19:b2:19:7d:da:79:39:74:f1:5c:0a:b9:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143239651db6aab1bcb67325f785b5ee1f4025cb
        Validity
            Not Before: May  8 08:07:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d000b51475cf23fb000658c50c95fd33b1166d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:71:f2:0f:82:25:1e:6a:a1:82:6f:42:cf:d6:
                    ae:e7:63:38:1d:df:83:1e:7b:63:40:88:1f:00:53:
                    25:81:b7:7d:5f:58:58:d6:75:dc:5d:dd:b8:c3:53:
                    60:80:23:3e:92:3d:74:e8:bd:98:3e:b2:3f:ab:d1:
                    4f:ef:e4:62:8c:d6:a4:c7:f5:5f:fa:21:c3:02:93:
                    2d:5e:71:e2:a2:73:40:a2:c4:03:71:a7:ea:03:df:
                    34:ce:e2:cb:11:48:7e:bd:f1:f2:6f:09:b3:a0:01:
                    a3:3b:c9:2e:ab:35:33:c3:56:7f:3a:08:b0:49:ad:
                    a8:fc:59:ac:8a:f0:ce:6c:12:c8:d6:73:16:23:c0:
                    95:7d:dd:8d:60:40:fe:58:5d:70:dc:97:78:03:a5:
                    39:7c:5a:e1:09:de:52:fc:ef:08:d8:75:60:6f:31:
                    4f:e4:26:78:62:15:d7:95:c1:d6:ae:e4:fc:70:75:
                    82:d3:1c:b3:f7:83:eb:c0:2c:af:6a:21:41:22:e2:
                    a2:1a:a3:6d:c8:59:c8:04:6a:20:d9:3c:7e:8c:ec:
                    2f:f1:0d:48:72:50:bb:cd:7a:89:10:75:ea:80:3e:
                    0e:95:7e:bd:08:36:ef:82:66:90:ca:62:bb:6b:c6:
                    7c:16:4f:b8:f8:74:87:ee:2f:9b:25:d8:a0:17:04:
                    03:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:00:0B:51:47:5C:F2:3F:B0:00:65:8C:50:C9:5F:D3:3B:11:66:D7
            X509v3 Authority Key Identifier:
                keyid:14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/XQALUUdc8j-wAGWMUMlf0zsRZtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.125.0/24
                  194.36.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f9:61:09:1c:34:dd:6f:6b:72:66:b9:bd:d2:a0:8d:96:b0:
         01:fe:92:13:28:cd:40:a3:49:19:72:e9:d4:ef:c9:be:db:43:
         b8:47:d2:64:07:d4:70:97:02:eb:10:49:a2:23:98:39:3c:4d:
         51:2d:02:f7:f9:60:67:1c:e9:72:5d:4d:5c:10:65:71:3b:de:
         cb:70:cb:c4:b3:67:fc:1c:ba:c7:d2:84:a8:d6:9f:7d:54:91:
         9b:83:74:4d:59:12:f9:51:ee:f4:29:55:b0:78:9a:37:dd:60:
         c8:c5:ad:0f:ec:d7:9e:36:c8:ee:d7:d5:9b:1c:db:c8:a7:f8:
         8b:a4:c4:df:63:28:c1:44:4e:de:23:1a:29:70:71:80:99:40:
         9e:6d:96:19:f9:e7:34:41:db:72:0e:43:89:c5:89:e1:2b:3c:
         62:3c:c2:b3:03:fe:58:1b:f0:96:62:a9:25:2f:58:51:90:b3:
         f9:f1:aa:3a:83:7b:e2:bf:5c:d0:4f:cb:42:db:06:3d:87:fc:
         f2:1d:ba:9e:8d:05:13:3e:86:79:3b:a3:98:3b:19:e8:49:88:
         35:ae:3f:aa:9b:74:1f:aa:45:ad:c0:93:a5:8b:90:1b:00:9b:
         44:e8:12:2e:ee:80:6e:73:03:ff:2f:9b:4d:e6:81:c7:9a:8f:
         72:1d:53:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9XPq4Zshl92nk5dPFcCrlLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MzIzOTY1MWRiNmFhYjFiY2I2NzMyNWY3ODViNWVlMWY0
MDI1Y2IwHhcNMjQwNTA4MDgwNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAwMGI1MTQ3NWNmMjNmYjAwMDY1OGM1MGM5NWZkMzNiMTE2NmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnHyD4IlHmqhgm9Cz9au52M4Hd+D
HntjQIgfAFMlgbd9X1hY1nXcXd24w1NggCM+kj106L2YPrI/q9FP7+RijNakx/Vf
+iHDApMtXnHionNAosQDcafqA980zuLLEUh+vfHybwmzoAGjO8kuqzUzw1Z/Ogiw
Sa2o/FmsivDObBLI1nMWI8CVfd2NYED+WF1w3Jd4A6U5fFrhCd5S/O8I2HVgbzFP
5CZ4YhXXlcHWruT8cHWC0xyz94PrwCyvaiFBIuKiGqNtyFnIBGog2Tx+jOwv8Q1I
clC7zXqJEHXqgD4OlX69CDbvgmaQymK7a8Z8Fk+4+HSH7i+bJdigFwQD3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF0AC1FHXPI/sABljFDJX9M7EWbXMB8GA1UdIwQY
MBaAFBQyOWUdtqqxvLZzJfeFte4fQCXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQt
NmVlYzc3ZDliOTg1LzEvWFFBTFVVZGM4ai13QUdXTVVNbGYwenNSWnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQtNmVlYzc3ZDliOTg1
LzEvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZt9AwQA
wiRVMA0GCSqGSIb3DQEBCwUAA4IBAQCP+WEJHDTdb2tyZrm90qCNlrAB/pITKM1A
o0kZcunU78m+20O4R9JkB9RwlwLrEEmiI5g5PE1RLQL3+WBnHOlyXU1cEGVxO97L
cMvEs2f8HLrH0oSo1p99VJGbg3RNWRL5Ue70KVWweJo33WDIxa0P7NeeNsju19Wb
HNvIp/iLpMTfYyjBRE7eIxopcHGAmUCebZYZ+ec0QdtyDkOJxYnhKzxiPMKzA/5Y
G/CWYqklL1hRkLP58ao6g3viv1zQT8tC2wY9h/zyHbqejQUTPoZ5O6OYOxnoSYg1
rj+qm3QfqkWtwJOli5AbAJtE6BIu7oBucwP/L5tN5oHHmo9yHVMI
-----END CERTIFICATE-----