Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/QvsA-s2whxkOVzmYHn_bm1UTWH0.roa
File:                     QvsA-s2whxkOVzmYHn_bm1UTWH0.roa (raw, json)
Hash identifier:          iG6mzeAvCUYAv2UGDCbzJCE1sSuvZz+Ko/v7jBzxDHA=
Subject key identifier:   42:FB:00:FA:CD:B0:87:19:0E:57:39:98:1E:7F:DB:9B:55:13:58:7D
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018CC49381D66C0B9DBB095DDE17411AB791
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/QvsA-s2whxkOVzmYHn_bm1UTWH0.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        45.67.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:81:d6:6c:0b:9d:bb:09:5d:de:17:41:1a:b7:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42fb00facdb087190e5739981e7fdb9b5513587d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fa:40:d1:45:3a:1b:b7:c3:c0:a7:07:24:86:
                    9d:f8:2a:2f:21:98:fa:5a:71:56:47:5d:cc:69:07:
                    cd:af:d4:6c:89:03:df:0b:45:76:45:f2:17:ed:48:
                    9b:70:97:08:0d:ea:19:1d:8c:81:f9:3a:0d:94:5c:
                    66:6d:44:1e:aa:d9:ae:44:85:bb:91:23:b5:70:9b:
                    ee:21:84:91:3d:e3:f0:b8:6b:70:5e:52:f2:fb:f9:
                    c2:42:fa:74:fd:26:59:8d:84:95:85:e4:e4:33:37:
                    d8:7a:6a:f2:54:93:64:1e:d6:f6:e9:6f:7d:11:40:
                    bf:45:19:9b:64:12:54:44:0e:75:d3:26:81:7b:60:
                    89:8a:a8:4b:f8:36:d0:0a:bf:92:07:e5:22:a3:ba:
                    c0:cf:2a:9f:40:c4:8d:a7:9e:94:ff:c4:81:b5:b4:
                    41:18:4b:a6:c0:be:29:3e:1b:5b:bf:0f:90:17:a8:
                    68:78:3c:c5:18:9f:6b:ba:53:7c:3c:c6:b4:54:8b:
                    04:11:77:24:9a:8b:7b:61:e5:95:8a:fe:95:72:5f:
                    c0:9a:49:5f:6d:2b:09:83:84:c6:84:32:c5:45:a9:
                    08:a4:4e:57:33:a2:d4:36:b7:67:36:f8:cc:b7:d9:
                    c8:65:70:c6:2a:95:b0:2d:87:bc:9c:04:69:87:8f:
                    29:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:FB:00:FA:CD:B0:87:19:0E:57:39:98:1E:7F:DB:9B:55:13:58:7D
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/QvsA-s2whxkOVzmYHn_bm1UTWH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:88:83:9a:0f:1b:d1:1c:bb:c0:22:5f:4c:f6:66:db:34:21:
         d8:03:8c:01:c4:80:04:d4:e9:a7:c6:04:5c:92:a0:6b:33:69:
         80:df:25:84:89:84:76:34:d3:3b:4d:b6:c0:f2:81:c2:54:fd:
         60:47:c3:91:57:98:6e:be:2e:15:e7:d9:ff:1a:b1:58:b6:6f:
         f9:89:1c:d1:ae:22:c4:26:9c:46:cb:3d:83:13:ee:e1:4b:68:
         4c:34:55:88:05:81:86:70:2d:30:d1:a2:28:5b:5f:88:4a:56:
         02:5e:fb:9b:4c:21:1c:c0:50:20:91:c9:e8:e6:0e:88:21:29:
         95:b2:b5:0c:21:64:a0:fe:ba:da:63:a5:a2:25:4c:29:15:ce:
         ea:db:1b:37:fd:3e:64:5d:b8:32:25:cc:ba:25:77:0d:31:17:
         aa:05:9b:a9:10:ed:d6:4e:41:8b:a5:f1:78:d4:52:d3:e0:93:
         3e:21:34:d4:1c:b2:77:84:44:10:6a:27:2f:d0:a4:ad:44:fa:
         65:4c:75:b4:62:25:09:e4:09:d2:00:7b:d9:5a:82:77:9f:f6:
         e4:e7:7c:ff:65:fc:e6:c8:d2:f0:39:78:be:4e:6f:e7:e7:ad:
         77:2d:db:1f:c1:10:e0:3f:55:17:cb:bd:09:58:97:c1:c9:6e:
         2d:e1:ce:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4HWbAuduwld3hdBGreRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmZiMDBmYWNkYjA4NzE5MGU1NzM5OTgxZTdmZGI5YjU1MTM1ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/pA0UU6G7fDwKcHJIad+CovIZj6
WnFWR13MaQfNr9RsiQPfC0V2RfIX7UibcJcIDeoZHYyB+ToNlFxmbUQeqtmuRIW7
kSO1cJvuIYSRPePwuGtwXlLy+/nCQvp0/SZZjYSVheTkMzfYemryVJNkHtb26W99
EUC/RRmbZBJURA510yaBe2CJiqhL+DbQCr+SB+Uio7rAzyqfQMSNp56U/8SBtbRB
GEumwL4pPhtbvw+QF6hoeDzFGJ9rulN8PMa0VIsEEXckmot7YeWViv6Vcl/Amklf
bSsJg4TGhDLFRakIpE5XM6LUNrdnNvjMt9nIZXDGKpWwLYe8nARph48pNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEL7APrNsIcZDlc5mB5/25tVE1h9MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvUXZzQS1zMndoeGtPVnptWUhuX2JtMVVUV0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUOMMA0G
CSqGSIb3DQEBCwUAA4IBAQBaiIOaDxvRHLvAIl9M9mbbNCHYA4wBxIAE1OmnxgRc
kqBrM2mA3yWEiYR2NNM7TbbA8oHCVP1gR8ORV5huvi4V59n/GrFYtm/5iRzRriLE
JpxGyz2DE+7hS2hMNFWIBYGGcC0w0aIoW1+ISlYCXvubTCEcwFAgkcno5g6IISmV
srUMIWSg/rraY6WiJUwpFc7q2xs3/T5kXbgyJcy6JXcNMReqBZupEO3WTkGLpfF4
1FLT4JM+ITTUHLJ3hEQQaicv0KStRPplTHW0YiUJ5AnSAHvZWoJ3n/bk53z/Zfzm
yNLwOXi+Tm/n5613LdsfwRDgP1UXy70JWJfByW4t4c6h
-----END CERTIFICATE-----