Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b3f912-36d1-4366-ac3c-6660238b03ce/1/DrQ5GC-ImZiQFtgjdrt9OxFP7yU.roa
File:                     DrQ5GC-ImZiQFtgjdrt9OxFP7yU.roa (raw, json)
Hash identifier:          AMlOfLIQauhyf1FlxSp9UWQYrmS9WPjvUq/Fri2X9lI=
Subject key identifier:   0E:B4:39:18:2F:88:99:98:90:16:D8:23:76:BB:7D:3B:11:4F:EF:25
Certificate issuer:       /CN=a5f6a71a180dcf8b230c414f09f7b71baea9781c
Certificate serial:       01933F040B7AE95230B2AFD109AE114091B7
Authority key identifier: A5:F6:A7:1A:18:0D:CF:8B:23:0C:41:4F:09:F7:B7:1B:AE:A9:78:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pfanGhgNz4sjDEFPCfe3G66peBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b3f912-36d1-4366-ac3c-6660238b03ce/1/DrQ5GC-ImZiQFtgjdrt9OxFP7yU.roa
Signing time:             Mon 18 Nov 2024 11:24:09 +0000
ROA not before:           Mon 18 Nov 2024 11:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16097
IP address blocks:        45.157.224.0/24 maxlen: 24
                          2a0f:6cc6::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b3f912-36d1-4366-ac3c-6660238b03ce/1/pfanGhgNz4sjDEFPCfe3G66peBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b3f912-36d1-4366-ac3c-6660238b03ce/1/pfanGhgNz4sjDEFPCfe3G66peBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pfanGhgNz4sjDEFPCfe3G66peBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3f:04:0b:7a:e9:52:30:b2:af:d1:09:ae:11:40:91:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5f6a71a180dcf8b230c414f09f7b71baea9781c
        Validity
            Not Before: Nov 18 11:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eb439182f8899989016d82376bb7d3b114fef25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:08:25:ed:b4:ff:55:f0:bb:4d:b3:2d:29:b8:
                    a7:6f:a8:bf:1a:ca:0b:48:b5:ec:5d:61:1d:f1:2a:
                    72:17:fc:15:6b:6c:dc:34:7e:33:62:c7:68:19:9d:
                    78:ea:aa:a9:96:72:22:8f:54:b3:94:77:bb:23:43:
                    81:75:55:2d:3d:bd:b7:83:d7:72:eb:9e:6f:31:8d:
                    23:07:03:64:5a:33:f8:e1:52:bb:55:be:8a:f7:ae:
                    7a:94:28:9c:05:cf:ba:90:75:4a:37:b1:2c:0f:1c:
                    ee:d6:69:7c:78:bb:35:e3:75:5f:aa:04:b6:c2:db:
                    23:c0:6e:9c:b2:cc:09:be:00:5d:99:61:f0:b2:c5:
                    f5:ab:0c:5f:f5:2d:b9:30:b6:4a:73:64:95:db:8f:
                    0a:3e:c2:bc:03:8a:f2:f5:6d:d4:cd:aa:55:f6:e7:
                    df:86:c5:2f:4d:ed:82:a4:f4:ea:da:4f:c6:34:66:
                    63:14:1b:05:73:61:28:7b:b0:b7:93:bb:90:59:26:
                    a0:96:65:c6:1f:7c:dd:eb:23:9b:fb:7c:2a:f6:30:
                    e6:f9:f4:a7:dc:78:d7:db:47:1c:e3:cc:fe:07:37:
                    e7:99:e9:c6:cd:a8:e2:0a:38:fd:94:fc:c7:82:0a:
                    d3:f4:31:d7:8c:5e:cc:9f:27:f9:15:91:99:da:94:
                    53:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B4:39:18:2F:88:99:98:90:16:D8:23:76:BB:7D:3B:11:4F:EF:25
            X509v3 Authority Key Identifier:
                keyid:A5:F6:A7:1A:18:0D:CF:8B:23:0C:41:4F:09:F7:B7:1B:AE:A9:78:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pfanGhgNz4sjDEFPCfe3G66peBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b3f912-36d1-4366-ac3c-6660238b03ce/1/DrQ5GC-ImZiQFtgjdrt9OxFP7yU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b3f912-36d1-4366-ac3c-6660238b03ce/1/pfanGhgNz4sjDEFPCfe3G66peBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.224.0/24
                IPv6:
                  2a0f:6cc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:3f:42:a0:77:ec:d8:6f:4b:a7:c9:ce:26:a2:74:69:d2:92:
         79:e9:4c:e4:4c:b3:f4:e0:c5:96:f2:8e:6b:f0:04:9e:d1:ca:
         84:13:49:b7:31:81:34:8f:b7:c9:83:87:c8:f9:82:13:ba:0d:
         df:3f:86:f1:a9:f1:c6:90:59:98:39:54:1b:49:86:86:94:eb:
         c9:a1:62:4a:c3:75:e7:fc:46:ef:42:a5:5b:8c:cc:12:40:0c:
         69:39:b6:d2:99:62:b6:a4:82:bf:d4:36:78:f9:03:cd:71:cd:
         2e:3d:9f:a1:f8:e5:7f:d2:c0:88:da:b2:e0:08:f7:ad:38:2c:
         20:b8:51:a4:22:64:45:3b:6c:39:3b:c3:96:27:95:8e:42:da:
         47:b9:4c:ab:2a:80:d4:3d:2b:59:e6:dd:eb:08:ff:5f:51:86:
         42:0c:76:83:02:0d:00:1b:f9:35:43:46:a3:ea:f1:57:fa:c8:
         59:3d:6f:b4:5e:9e:a7:80:73:12:15:4c:76:45:5d:07:e4:cc:
         6d:55:2e:6d:ce:42:5e:8c:e1:8a:06:f4:42:dc:a3:de:b3:97:
         2f:d2:62:2c:6e:43:a4:3f:33:f7:86:8e:00:56:bb:44:fc:06:
         2d:de:c0:b9:af:d0:1b:9d:b0:7e:f9:1e:53:5f:9a:b3:b0:cd:
         4a:ba:ed:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZM/BAt66VIwsq/RCa4RQJG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ZjZhNzFhMTgwZGNmOGIyMzBjNDE0ZjA5ZjdiNzFiYWVh
OTc4MWMwHhcNMjQxMTE4MTEyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWI0MzkxODJmODg5OTk4OTAxNmQ4MjM3NmJiN2QzYjExNGZlZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwgl7bT/VfC7TbMtKbinb6i/GsoL
SLXsXWEd8SpyF/wVa2zcNH4zYsdoGZ146qqplnIij1SzlHe7I0OBdVUtPb23g9dy
655vMY0jBwNkWjP44VK7Vb6K9656lCicBc+6kHVKN7EsDxzu1ml8eLs143VfqgS2
wtsjwG6csswJvgBdmWHwssX1qwxf9S25MLZKc2SV248KPsK8A4ry9W3UzapV9uff
hsUvTe2CpPTq2k/GNGZjFBsFc2Eoe7C3k7uQWSaglmXGH3zd6yOb+3wq9jDm+fSn
3HjX20cc48z+BzfnmenGzajiCjj9lPzHggrT9DHXjF7Mnyf5FZGZ2pRTAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA60ORgviJmYkBbYI3a7fTsRT+8lMB8GA1UdIwQY
MBaAFKX2pxoYDc+LIwxBTwn3txuuqXgcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGZhbkdoZ056NHNqREVGUENmZTNHNjZwZUJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iM2Y5MTItMzZkMS00MzY2LWFjM2Mt
NjY2MDIzOGIwM2NlLzEvRHJRNUdDLUltWmlRRnRnamRydDlPeEZQN3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iM2Y5MTItMzZkMS00MzY2LWFjM2MtNjY2MDIzOGIwM2Nl
LzEvcGZhbkdoZ056NHNqREVGUENmZTNHNjZwZUJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZ3gMA0E
AgACMAcDBQAqD2zGMA0GCSqGSIb3DQEBCwUAA4IBAQBHP0Kgd+zYb0unyc4monRp
0pJ56UzkTLP04MWW8o5r8ASe0cqEE0m3MYE0j7fJg4fI+YITug3fP4bxqfHGkFmY
OVQbSYaGlOvJoWJKw3Xn/EbvQqVbjMwSQAxpObbSmWK2pIK/1DZ4+QPNcc0uPZ+h
+OV/0sCI2rLgCPetOCwguFGkImRFO2w5O8OWJ5WOQtpHuUyrKoDUPStZ5t3rCP9f
UYZCDHaDAg0AG/k1Q0aj6vFX+shZPW+0Xp6ngHMSFUx2RV0H5MxtVS5tzkJejOGK
BvRC3KPes5cv0mIsbkOkPzP3ho4AVrtE/AYt3sC5r9AbnbB++R5TX5qzsM1Kuu1k
-----END CERTIFICATE-----