Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QenKphUkRF4Ey7_BW3t8gxuu60s.roa
File:                     QenKphUkRF4Ey7_BW3t8gxuu60s.roa (raw, json)
Hash identifier:          Z56obRNb2iSJwXwG3cwbSS1cb+ie40xoCT+OfSJownc=
Subject key identifier:   41:E9:CA:A6:15:24:44:5E:04:CB:BF:C1:5B:7B:7C:83:1B:AE:EB:4B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80280B10099B613263C67F8604A55B6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QenKphUkRF4Ey7_BW3t8gxuu60s.roa
Signing time:             Tue 02 Jan 2024 02:30:56 +0000
ROA not before:           Tue 02 Jan 2024 02:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60318
IP address blocks:        45.90.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:80:b1:00:99:b6:13:26:3c:67:f8:60:4a:55:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41e9caa61524445e04cbbfc15b7b7c831baeeb4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a3:48:69:a6:8d:a7:52:49:70:ca:e6:a5:37:
                    19:df:66:ed:27:12:ba:76:db:37:59:2c:bc:80:f2:
                    55:84:e1:77:cd:f4:20:95:0d:d0:f6:aa:55:8f:c0:
                    f7:8d:c5:c4:50:89:f6:32:a2:c6:21:34:21:bc:90:
                    5e:81:55:b8:0c:b0:66:60:48:3d:ab:e5:cd:2f:3f:
                    97:7d:a0:24:2b:1b:38:87:64:a1:e2:7a:22:07:69:
                    b6:04:80:1b:52:18:4f:81:bb:76:b2:48:d8:e4:ca:
                    2a:1a:0f:46:89:2c:07:77:02:af:e5:ad:96:6b:31:
                    ad:f8:49:c9:7a:b3:f9:89:23:9d:97:ca:20:b0:c2:
                    c0:bb:35:d3:aa:47:95:e5:9a:42:29:cf:51:12:c7:
                    72:59:d7:d2:d6:0a:73:c8:80:01:f3:77:6c:69:d2:
                    9d:f7:61:a7:cb:95:b1:f0:bd:76:27:aa:83:12:0a:
                    6e:23:b8:12:2a:1a:aa:b9:9c:a0:0f:d3:37:ee:11:
                    1d:3b:0e:a0:d2:f5:d2:cc:34:d7:59:6a:2b:d3:ba:
                    c0:70:20:70:8f:cc:0f:3a:e5:99:9f:5e:e2:ad:4a:
                    0c:a4:23:3e:1b:57:4a:89:58:09:29:3e:c3:af:0d:
                    f4:fb:2d:67:92:a9:b9:a6:b6:54:ad:85:86:65:fe:
                    f7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E9:CA:A6:15:24:44:5E:04:CB:BF:C1:5B:7B:7C:83:1B:AE:EB:4B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QenKphUkRF4Ey7_BW3t8gxuu60s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:69:fe:b5:7d:9d:67:36:82:22:81:e1:6c:93:c8:c2:d5:c4:
         3a:b1:04:1f:94:58:b8:d6:87:83:8e:b8:da:29:d3:4a:13:9a:
         e0:c2:47:09:5f:05:c8:a7:31:f7:f0:ff:e4:eb:9f:40:90:05:
         2b:0e:6a:ca:76:1f:89:02:e2:4b:4f:64:2a:fc:52:16:8d:01:
         23:0f:6d:b8:cc:08:15:86:70:b0:3f:ff:05:ab:dd:32:5f:6f:
         a7:7a:7e:c9:19:08:ee:5f:72:24:bb:23:0f:2f:0b:ff:37:93:
         0b:5c:59:bc:72:37:57:36:71:2f:a1:60:dd:ed:a3:d6:15:a5:
         d9:16:59:04:6c:aa:65:c3:e2:28:df:c3:dc:36:4c:a8:b3:9e:
         27:d5:d3:d8:71:7c:62:bb:3e:25:22:c7:c2:02:cf:86:d2:f5:
         2a:0b:2b:d7:9c:85:95:87:52:e6:ba:f9:0e:f8:d1:99:72:da:
         14:f5:f5:2f:ae:0d:ab:9e:b7:96:2a:98:d1:a0:0e:45:a1:33:
         bd:44:ad:09:44:7c:8f:07:be:2d:d2:fa:19:8a:6e:3a:4b:03:
         b8:7b:8b:42:94:9b:1e:f8:09:95:b2:90:bd:e1:41:23:96:c8:
         f9:67:c2:f3:1d:5e:71:a9:54:d0:18:83:65:95:ce:a0:7e:bd:
         b6:00:0b:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoCxAJm2EyY8Z/hgSlW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU5Y2FhNjE1MjQ0NDVlMDRjYmJmYzE1YjdiN2M4MzFiYWVlYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16NIaaaNp1JJcMrmpTcZ32btJxK6
dts3WSy8gPJVhOF3zfQglQ3Q9qpVj8D3jcXEUIn2MqLGITQhvJBegVW4DLBmYEg9
q+XNLz+XfaAkKxs4h2Sh4noiB2m2BIAbUhhPgbt2skjY5MoqGg9GiSwHdwKv5a2W
azGt+EnJerP5iSOdl8ogsMLAuzXTqkeV5ZpCKc9REsdyWdfS1gpzyIAB83dsadKd
92Gny5Wx8L12J6qDEgpuI7gSKhqquZygD9M37hEdOw6g0vXSzDTXWWor07rAcCBw
j8wPOuWZn17irUoMpCM+G1dKiVgJKT7Drw30+y1nkqm5prZUrYWGZf73eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHpyqYVJEReBMu/wVt7fIMbrutLMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUWVuS3BoVWtSRjRFeTdfQlczdDhneHV1NjBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVoRMA0G
CSqGSIb3DQEBCwUAA4IBAQC7af61fZ1nNoIigeFsk8jC1cQ6sQQflFi41oeDjrja
KdNKE5rgwkcJXwXIpzH38P/k659AkAUrDmrKdh+JAuJLT2Qq/FIWjQEjD224zAgV
hnCwP/8Fq90yX2+nen7JGQjuX3IkuyMPLwv/N5MLXFm8cjdXNnEvoWDd7aPWFaXZ
FlkEbKplw+Io38PcNkyos54n1dPYcXxiuz4lIsfCAs+G0vUqCyvXnIWVh1LmuvkO
+NGZctoU9fUvrg2rnreWKpjRoA5FoTO9RK0JRHyPB74t0voZim46SwO4e4tClJse
+AmVspC94UEjlsj5Z8LzHV5xqVTQGINllc6gfr22AAu3
-----END CERTIFICATE-----