Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/qzolONgpdLduC_iwA77zEKUS2JM.roa
File:                     qzolONgpdLduC_iwA77zEKUS2JM.roa (raw, json)
Hash identifier:          D1Dg5EXj9ubiUMBjFgMweNEMaKLNb4xk3iFn1Ubg40Y=
Subject key identifier:   AB:3A:25:38:D8:29:74:B7:6E:0B:F8:B0:03:BE:F3:10:A5:12:D8:93
Certificate issuer:       /CN=096e293ba380dcc75f00106443668f51002555b7
Certificate serial:       018CC94AA726C34D9E15906931D72EFEEA43
Authority key identifier: 09:6E:29:3B:A3:80:DC:C7:5F:00:10:64:43:66:8F:51:00:25:55:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CW4pO6OA3MdfABBkQ2aPUQAlVbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/qzolONgpdLduC_iwA77zEKUS2JM.roa
Signing time:             Tue 02 Jan 2024 08:29:22 +0000
ROA not before:           Tue 02 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        45.157.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/CW4pO6OA3MdfABBkQ2aPUQAlVbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/CW4pO6OA3MdfABBkQ2aPUQAlVbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CW4pO6OA3MdfABBkQ2aPUQAlVbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:a7:26:c3:4d:9e:15:90:69:31:d7:2e:fe:ea:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=096e293ba380dcc75f00106443668f51002555b7
        Validity
            Not Before: Jan  2 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab3a2538d82974b76e0bf8b003bef310a512d893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:80:c9:24:ff:66:8c:e0:f4:dd:34:5b:da:0a:
                    b4:f3:bb:a2:c3:cd:51:88:be:04:0c:d0:92:3d:bd:
                    02:ee:31:85:8d:3c:a8:88:a1:4b:b7:7d:20:a7:ea:
                    9b:3c:04:60:df:44:29:25:a9:24:57:a5:46:f6:43:
                    a0:b3:a8:1f:ea:30:09:af:62:b6:77:d9:1d:2c:66:
                    2c:90:b9:8c:7c:c8:84:cd:74:a5:2f:a0:20:79:f7:
                    9c:28:4c:d1:10:33:4a:fc:e8:33:dc:69:e1:2a:b2:
                    d3:37:d4:22:87:7b:1d:6d:43:8f:c3:f8:88:2e:76:
                    dc:2d:21:83:8c:42:21:72:d3:16:2a:91:76:23:66:
                    5e:7d:9d:90:23:77:ff:4b:ef:b0:60:08:67:25:b0:
                    d6:66:22:ce:71:1d:c7:8b:6d:ba:d2:99:26:e8:67:
                    00:49:a0:9f:84:07:40:16:46:6e:c1:55:a9:33:ed:
                    b5:9b:45:cd:45:4a:39:7a:ce:5e:48:c1:ce:4f:d3:
                    9b:9e:ca:2c:9a:8b:05:92:50:a3:1c:12:9a:1d:5a:
                    5e:f4:79:0e:56:4a:ec:9c:c7:a0:65:72:0c:b3:31:
                    e8:42:d9:8e:0e:ec:a7:03:59:43:18:5d:e6:3c:66:
                    16:cb:b7:d8:79:a2:e9:77:ea:f6:c7:e5:da:04:7e:
                    b5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:3A:25:38:D8:29:74:B7:6E:0B:F8:B0:03:BE:F3:10:A5:12:D8:93
            X509v3 Authority Key Identifier:
                keyid:09:6E:29:3B:A3:80:DC:C7:5F:00:10:64:43:66:8F:51:00:25:55:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CW4pO6OA3MdfABBkQ2aPUQAlVbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/qzolONgpdLduC_iwA77zEKUS2JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/CW4pO6OA3MdfABBkQ2aPUQAlVbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:9f:a7:71:d6:c4:e5:71:12:50:8c:ed:8d:5b:93:e7:c7:00:
         51:59:2d:7f:3b:87:77:2e:bc:9b:a2:f6:f0:cb:e6:d2:ed:1b:
         b2:c4:5e:8b:c2:98:aa:f9:9d:27:08:29:ef:01:c1:57:e3:25:
         c4:87:21:d1:33:56:0a:b6:74:b2:fb:39:0e:a5:5c:c4:c6:bf:
         50:70:09:15:e0:bb:a9:d0:a6:7d:db:cd:71:e3:01:73:0f:fe:
         72:63:9c:4f:cd:2a:3b:94:c3:08:59:fa:8e:87:90:09:57:91:
         33:b2:64:46:49:5c:b4:e9:45:87:02:80:e6:5b:f4:0e:51:9d:
         4c:b7:a3:35:ba:d3:56:9d:2d:8f:98:a2:cf:cc:71:d5:1f:45:
         a4:18:a9:8e:01:9a:81:9c:14:05:9b:70:7b:77:86:82:ba:4c:
         56:d1:eb:33:32:f2:e4:da:d5:a2:f3:d2:28:a1:90:75:ab:4a:
         60:89:67:dc:68:f5:e6:b8:a1:06:c7:a6:8b:7c:d5:51:c2:75:
         c9:eb:dc:a3:be:92:82:e3:97:94:b2:c4:74:86:f6:ec:72:fa:
         2a:c8:b7:38:74:3e:0e:aa:6c:6d:c3:59:eb:c3:94:4e:23:f2:
         6a:47:58:aa:27:b8:9c:e1:3c:85:a5:ed:a9:9b:bb:90:54:db:
         c1:50:07:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSqcmw02eFZBpMdcu/upDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NmUyOTNiYTM4MGRjYzc1ZjAwMTA2NDQzNjY4ZjUxMDAy
NTU1YjcwHhcNMjQwMTAyMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjNhMjUzOGQ4Mjk3NGI3NmUwYmY4YjAwM2JlZjMxMGE1MTJkODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYDJJP9mjOD03TRb2gq087uiw81R
iL4EDNCSPb0C7jGFjTyoiKFLt30gp+qbPARg30QpJakkV6VG9kOgs6gf6jAJr2K2
d9kdLGYskLmMfMiEzXSlL6AgefecKEzREDNK/Ogz3GnhKrLTN9Qih3sdbUOPw/iI
LnbcLSGDjEIhctMWKpF2I2ZefZ2QI3f/S++wYAhnJbDWZiLOcR3Hi2260pkm6GcA
SaCfhAdAFkZuwVWpM+21m0XNRUo5es5eSMHOT9ObnsosmosFklCjHBKaHVpe9HkO
VkrsnMegZXIMszHoQtmODuynA1lDGF3mPGYWy7fYeaLpd+r2x+XaBH61uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKs6JTjYKXS3bgv4sAO+8xClEtiTMB8GA1UdIwQY
MBaAFAluKTujgNzHXwAQZENmj1EAJVW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1c0cE82T0EzTWRmQUJCa1EyYVBVUUFsVmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iZGFlYjctNTJkNS00OWZmLTlhNGIt
ZGYwNWQ0ODlkYTE3LzEvcXpvbE9OZ3BkTGR1Q19pd0E3N3pFS1VTMkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iZGFlYjctNTJkNS00OWZmLTlhNGItZGYwNWQ0ODlkYTE3
LzEvQ1c0cE82T0EzTWRmQUJCa1EyYVBVUUFsVmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0HMA0G
CSqGSIb3DQEBCwUAA4IBAQApn6dx1sTlcRJQjO2NW5PnxwBRWS1/O4d3Lrybovbw
y+bS7RuyxF6Lwpiq+Z0nCCnvAcFX4yXEhyHRM1YKtnSy+zkOpVzExr9QcAkV4Lup
0KZ9281x4wFzD/5yY5xPzSo7lMMIWfqOh5AJV5EzsmRGSVy06UWHAoDmW/QOUZ1M
t6M1utNWnS2PmKLPzHHVH0WkGKmOAZqBnBQFm3B7d4aCukxW0eszMvLk2tWi89Io
oZB1q0pgiWfcaPXmuKEGx6aLfNVRwnXJ69yjvpKC45eUssR0hvbscvoqyLc4dD4O
qmxtw1nrw5ROI/JqR1iqJ7ic4TyFpe2pm7uQVNvBUAcQ
-----END CERTIFICATE-----