Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/q6kxO42ExJ0IzvOxgrxIsTGpL-Q.roa
File:                     q6kxO42ExJ0IzvOxgrxIsTGpL-Q.roa (raw, json)
Hash identifier:          2w9fl5EKk4/u338NwE/K0EgNck2b3n4vTQhDFkiqcdE=
Subject key identifier:   AB:A9:31:3B:8D:84:C4:9D:08:CE:F3:B1:82:BC:48:B1:31:A9:2F:E4
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0192F09CCF49056BE6CFF657FD2F829781EE
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/q6kxO42ExJ0IzvOxgrxIsTGpL-Q.roa
Signing time:             Sun 03 Nov 2024 06:01:01 +0000
ROA not before:           Sun 03 Nov 2024 06:01:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        45.248.53.0/24 maxlen: 24
                          192.145.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f0:9c:cf:49:05:6b:e6:cf:f6:57:fd:2f:82:97:81:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Nov  3 06:01:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aba9313b8d84c49d08cef3b182bc48b131a92fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:72:44:98:60:a6:db:67:7b:0c:ea:e8:ff:ed:
                    0c:1a:61:5a:0e:84:29:c2:19:78:80:96:1b:06:a8:
                    ff:fd:06:49:23:83:91:d2:d3:57:08:83:b5:9a:c6:
                    3f:90:2a:2f:b1:72:42:e8:52:1c:84:a1:62:b8:80:
                    45:0d:71:cd:8f:27:95:0a:d0:82:8d:33:58:cd:ae:
                    5a:90:5b:6d:4e:67:74:93:7d:96:9b:f7:08:57:02:
                    ae:f7:39:7a:42:2d:86:48:dd:fb:86:ae:92:51:9f:
                    ff:ba:31:38:cb:6a:b0:27:e0:06:f7:62:71:79:fa:
                    e4:44:d8:5a:21:1f:e4:0c:5f:c2:81:af:28:85:31:
                    4b:b9:c7:c8:9a:bf:cd:ce:37:41:50:0e:07:4a:18:
                    4c:b3:89:53:7c:94:a1:96:91:92:33:a9:59:b7:c9:
                    f2:58:89:e6:fe:29:2c:de:82:b5:1b:a6:aa:2b:e3:
                    03:55:60:23:93:27:3f:38:38:75:48:ca:4f:b5:45:
                    c6:b8:78:33:be:0d:65:8f:94:d5:2f:e0:ab:90:11:
                    68:a9:d9:0f:af:10:4c:9f:86:c9:94:00:09:2e:53:
                    01:15:ef:f3:a5:4b:51:83:8a:65:4b:8c:b4:ac:70:
                    47:f4:96:46:49:6d:92:ea:85:fb:28:b2:cd:f0:42:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A9:31:3B:8D:84:C4:9D:08:CE:F3:B1:82:BC:48:B1:31:A9:2F:E4
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/q6kxO42ExJ0IzvOxgrxIsTGpL-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.248.53.0/24
                  192.145.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:1c:4c:1e:24:e8:63:8c:f5:c3:de:d2:d0:d5:3d:e8:6d:4b:
         56:31:ff:1e:a5:22:2e:bd:a2:db:12:2d:52:c9:29:86:88:99:
         e5:35:89:3b:90:d4:ff:64:8f:8c:9b:df:da:c6:9f:3f:5d:26:
         14:20:f7:0c:2b:d3:46:13:b3:88:92:92:5a:99:de:5b:07:4b:
         1f:d2:60:87:35:42:81:8f:ba:78:6d:1c:a2:5f:a3:f9:98:a2:
         55:b6:45:94:9a:d7:0e:2b:fa:ab:12:05:a2:a8:a5:1d:19:7b:
         28:e8:7f:b9:c1:88:2e:9b:1f:57:c2:9f:e2:4c:97:88:ca:68:
         8a:92:c6:d3:6d:3a:ec:13:d1:fe:52:19:34:42:b5:93:de:33:
         c7:0b:d2:f2:f3:37:32:20:c9:05:4b:3d:46:79:91:f5:84:0a:
         d5:6e:bd:35:65:62:0a:9e:ad:69:e0:8b:42:cc:c0:86:d2:48:
         81:cc:5b:02:d2:ed:51:cd:21:2d:69:65:fa:04:5d:7e:1e:51:
         1b:dd:7e:a7:b6:df:4f:c1:b8:29:79:aa:1a:7f:26:fa:0e:0f:
         d6:93:d0:75:bc:b1:02:85:90:b2:c0:c8:a0:00:7b:68:e9:9e:
         da:e4:54:9b:e4:7e:e4:8d:60:4a:48:73:c0:4a:41:50:de:23:
         c2:89:da:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLwnM9JBWvmz/ZX/S+Cl4HuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQxMTAzMDYwMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE5MzEzYjhkODRjNDlkMDhjZWYzYjE4MmJjNDhiMTMxYTkyZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3JEmGCm22d7DOro/+0MGmFaDoQp
whl4gJYbBqj//QZJI4OR0tNXCIO1msY/kCovsXJC6FIchKFiuIBFDXHNjyeVCtCC
jTNYza5akFttTmd0k32Wm/cIVwKu9zl6Qi2GSN37hq6SUZ//ujE4y2qwJ+AG92Jx
efrkRNhaIR/kDF/Cga8ohTFLucfImr/NzjdBUA4HShhMs4lTfJShlpGSM6lZt8ny
WInm/iks3oK1G6aqK+MDVWAjkyc/ODh1SMpPtUXGuHgzvg1lj5TVL+CrkBFoqdkP
rxBMn4bJlAAJLlMBFe/zpUtRg4plS4y0rHBH9JZGSW2S6oX7KLLN8EJjxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKupMTuNhMSdCM7zsYK8SLExqS/kMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvcTZreE80MkV4SjBJenZPeGdyeElzVEdwTC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALfg1AwQA
wJFFMA0GCSqGSIb3DQEBCwUAA4IBAQA+HEweJOhjjPXD3tLQ1T3obUtWMf8epSIu
vaLbEi1SySmGiJnlNYk7kNT/ZI+Mm9/axp8/XSYUIPcMK9NGE7OIkpJamd5bB0sf
0mCHNUKBj7p4bRyiX6P5mKJVtkWUmtcOK/qrEgWiqKUdGXso6H+5wYgumx9Xwp/i
TJeIymiKksbTbTrsE9H+Uhk0QrWT3jPHC9Ly8zcyIMkFSz1GeZH1hArVbr01ZWIK
nq1p4ItCzMCG0kiBzFsC0u1RzSEtaWX6BF1+HlEb3X6ntt9Pwbgpeaoafyb6Dg/W
k9B1vLEChZCywMigAHto6Z7a5FSb5H7kjWBKSHPASkFQ3iPCidoU
-----END CERTIFICATE-----