Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/QdZX7Cnqsgnqo7vt6XyuFxi_sEc.roa
File:                     QdZX7Cnqsgnqo7vt6XyuFxi_sEc.roa (raw, json)
Hash identifier:          2OcFmI42FXKmQRt7EuSywAWJ068CGld+T5VD5zFpGGY=
Subject key identifier:   41:D6:57:EC:29:EA:B2:09:EA:A3:BB:ED:E9:7C:AE:17:18:BF:B0:47
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DACDA15B8B0DE77F6E4B7536D81A25
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/QdZX7Cnqsgnqo7vt6XyuFxi_sEc.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203534
IP address blocks:        45.131.172.0/22 maxlen: 24
                          185.131.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cd:a1:5b:8b:0d:e7:7f:6e:4b:75:36:d8:1a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41d657ec29eab209eaa3bbede97cae1718bfb047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:41:f2:53:ff:25:e2:1c:84:10:3f:6b:55:1e:
                    fe:3b:68:6a:b8:c4:8b:29:80:e0:7e:0c:a0:3d:92:
                    7d:f3:d5:36:a8:31:a4:9a:d8:a3:b3:2a:a4:6c:f3:
                    60:38:3e:f1:af:33:d5:38:ea:81:41:7a:af:06:20:
                    a1:6e:4a:b9:71:bf:6d:0e:c8:8b:79:90:27:07:cd:
                    f9:99:b5:0f:76:ef:a5:b5:9f:7a:cd:12:4e:c2:4b:
                    8b:6d:73:5c:9a:0d:46:57:1e:bb:ee:28:99:b2:73:
                    2b:25:c5:a4:e2:a6:63:01:81:38:34:e5:04:fc:cd:
                    e5:03:b0:b1:10:fb:73:1c:83:9f:48:a3:84:0a:fa:
                    26:79:29:38:a0:4f:f2:16:75:b2:2e:eb:e8:ac:4a:
                    54:09:63:6e:26:16:f6:ed:3c:fb:33:43:97:c2:65:
                    4c:eb:86:c6:e4:8e:cb:65:3a:76:e8:23:35:50:ae:
                    66:49:13:b3:a7:8a:70:fc:27:7b:f3:be:d7:16:51:
                    de:40:e9:30:87:85:54:ff:16:90:a9:1f:0d:c7:d5:
                    ff:c5:d2:fb:26:7c:e6:c6:52:2c:4f:cc:a4:95:a7:
                    ce:68:6d:64:23:19:04:a0:18:2f:83:f8:36:6b:ee:
                    cf:df:94:69:c2:d9:6c:d6:b0:d4:6a:66:15:87:be:
                    b6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D6:57:EC:29:EA:B2:09:EA:A3:BB:ED:E9:7C:AE:17:18:BF:B0:47
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/QdZX7Cnqsgnqo7vt6XyuFxi_sEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.172.0/22
                  185.131.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:12:b1:05:a2:33:3b:04:4c:21:f0:1a:2c:81:5c:67:e5:19:
         57:ad:42:3f:8c:4e:71:9a:2e:ee:ab:b9:8f:f9:63:cd:3a:0f:
         a8:1f:41:a3:70:e0:41:8d:e9:2b:23:e0:01:a7:33:db:e4:5c:
         3a:60:cd:24:be:d3:ab:bc:5e:10:07:6a:18:a4:16:d3:90:b2:
         36:86:b0:3a:fa:2e:f7:31:57:19:8e:72:b1:09:26:86:92:6f:
         d4:08:a7:aa:54:b6:eb:e9:f6:ba:14:88:e3:12:35:52:06:e3:
         69:99:6e:55:8e:f2:fb:c1:af:f1:40:e6:cc:fb:47:fc:54:e6:
         65:7b:64:60:2b:46:bc:57:d1:12:2f:2c:4c:e2:1c:f3:bb:5c:
         fe:c8:5b:83:a5:f3:74:17:ea:f6:62:82:cd:00:3a:f4:b4:ec:
         05:26:ac:95:26:78:a5:af:0e:47:bb:7c:89:d6:82:a5:53:2f:
         7c:33:a3:18:0f:c1:2c:fc:b3:1c:ce:30:9f:7f:0d:26:1a:25:
         3d:37:1f:8b:c7:30:51:61:e4:7a:28:b6:34:73:38:62:94:34:
         ef:b1:4d:52:72:04:e7:c6:aa:83:7b:08:93:6a:42:8d:8d:fc:
         60:38:24:9d:fa:1d:34:e7:c2:fd:ea:dd:65:a8:45:28:b9:13:
         ee:0f:a2:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2s2hW4sN539uS3U22BolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ2NTdlYzI5ZWFiMjA5ZWFhM2JiZWRlOTdjYWUxNzE4YmZiMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50HyU/8l4hyEED9rVR7+O2hquMSL
KYDgfgygPZJ989U2qDGkmtijsyqkbPNgOD7xrzPVOOqBQXqvBiChbkq5cb9tDsiL
eZAnB835mbUPdu+ltZ96zRJOwkuLbXNcmg1GVx677iiZsnMrJcWk4qZjAYE4NOUE
/M3lA7CxEPtzHIOfSKOECvomeSk4oE/yFnWyLuvorEpUCWNuJhb27Tz7M0OXwmVM
64bG5I7LZTp26CM1UK5mSROzp4pw/Cd7877XFlHeQOkwh4VU/xaQqR8Nx9X/xdL7
JnzmxlIsT8yklafOaG1kIxkEoBgvg/g2a+7P35Rpwtls1rDUamYVh762FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHWV+wp6rIJ6qO77el8rhcYv7BHMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvUWRaWDdDbnFzZ25xbzd2dDZYeXVGeGlfc0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYOsAwQC
uYO4MA0GCSqGSIb3DQEBCwUAA4IBAQAsErEFojM7BEwh8BosgVxn5RlXrUI/jE5x
mi7uq7mP+WPNOg+oH0GjcOBBjekrI+ABpzPb5Fw6YM0kvtOrvF4QB2oYpBbTkLI2
hrA6+i73MVcZjnKxCSaGkm/UCKeqVLbr6fa6FIjjEjVSBuNpmW5VjvL7wa/xQObM
+0f8VOZle2RgK0a8V9ESLyxM4hzzu1z+yFuDpfN0F+r2YoLNADr0tOwFJqyVJnil
rw5Hu3yJ1oKlUy98M6MYD8Es/LMczjCffw0mGiU9Nx+LxzBRYeR6KLY0czhilDTv
sU1ScgTnxqqDewiTakKNjfxgOCSd+h0058L96t1lqEUouRPuD6KG
-----END CERTIFICATE-----