Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/QuviUgFlhVbcWVICKhuLqKq-rWI.roa
File:                     QuviUgFlhVbcWVICKhuLqKq-rWI.roa (raw, json)
Hash identifier:          FbZ2QwCkD4WYOcxZlHm5833NSoEUK/n32JEJ3i2VyXE=
Subject key identifier:   42:EB:E2:52:01:65:85:56:DC:59:52:02:2A:1B:8B:A8:AA:BE:AD:62
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC998AE676C8A12839C18EFE5B2451
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/QuviUgFlhVbcWVICKhuLqKq-rWI.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        5.10.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:99:8a:e6:76:c8:a1:28:39:c1:8e:fe:5b:24:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42ebe25201658556dc5952022a1b8ba8aabead62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:da:19:a2:86:18:69:0e:f2:8a:75:0e:7e:4c:
                    03:d1:9f:2a:c2:e4:95:59:b7:fe:ea:80:ed:4b:c1:
                    85:46:81:3c:c0:c8:9c:1c:04:4d:ed:60:85:b0:32:
                    17:cb:92:8a:48:f0:51:3d:7c:b0:47:d8:ee:97:d6:
                    3e:51:74:6c:78:8f:43:a0:ca:6d:26:1c:78:7b:86:
                    a1:6a:0e:84:47:67:46:2e:9e:a2:20:8a:68:e3:2f:
                    18:32:4c:77:47:da:7c:c4:ba:3b:18:8e:94:81:b6:
                    00:e9:17:96:32:93:ba:4b:42:9f:cf:82:f4:45:fe:
                    13:ef:7c:96:2e:fd:55:c2:6a:bb:26:1f:19:f8:9b:
                    cf:73:5b:ba:fb:5d:79:ce:df:39:66:1f:d7:06:a6:
                    26:b2:1a:5d:79:5e:4b:5a:67:8b:1c:ff:87:32:61:
                    da:7a:f9:a6:f7:93:88:aa:bb:db:9d:c4:f5:4e:44:
                    c5:de:5d:e2:dc:ce:19:0e:a3:57:4a:3f:08:eb:15:
                    8e:6d:2e:8d:33:ed:b0:a1:03:71:1d:b0:25:b8:40:
                    21:2a:f6:4f:2f:38:7e:fa:9f:6e:27:56:41:dc:24:
                    37:13:60:20:da:6a:ad:fb:a0:dc:06:c6:7a:b3:82:
                    71:ee:85:66:56:c9:57:7e:7b:fc:a1:1c:48:5c:7b:
                    e2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:EB:E2:52:01:65:85:56:DC:59:52:02:2A:1B:8B:A8:AA:BE:AD:62
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/QuviUgFlhVbcWVICKhuLqKq-rWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:e4:ae:ec:4b:34:12:05:c3:f7:be:8f:5f:b9:89:ad:1c:66:
         f8:ad:5a:44:d7:3d:97:2b:64:2b:74:9d:d9:bf:b0:61:49:cd:
         d1:2e:01:ab:9f:19:05:81:4f:85:5a:0e:ce:52:3d:9f:7f:6b:
         f3:99:4e:ad:e2:cc:ae:07:eb:23:84:d4:95:a0:33:61:44:1e:
         19:86:5c:a1:55:6a:dd:be:95:6a:be:c3:4d:b5:2f:ec:5e:49:
         3c:8d:ae:88:47:57:bf:42:ee:64:6f:aa:43:ca:4e:1d:2b:11:
         02:7d:b6:3c:50:3c:4d:8a:b6:87:a5:35:df:f4:8d:39:f2:1d:
         34:81:11:04:13:b6:67:78:72:83:73:db:da:14:c3:fb:bf:b0:
         a0:93:de:e8:f9:e7:d5:ce:44:28:25:d4:d8:cb:ba:97:a5:e1:
         07:d8:b3:77:d8:d3:ed:49:9a:59:94:15:13:bd:39:29:42:e0:
         a2:db:9c:90:13:ea:33:98:93:7c:18:2a:56:fa:76:a3:e0:4a:
         59:c5:1e:6f:56:a8:cc:2f:f9:55:b5:9f:96:e9:7b:cd:52:da:
         f4:53:b8:93:78:76:b3:84:3f:36:14:de:99:f2:79:27:fd:20:
         64:1a:e9:fb:b6:01:cf:93:35:00:ac:98:42:56:e6:8e:1c:9f:
         9b:b8:48:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JmK5nbIoSg5wY7+WyRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmViZTI1MjAxNjU4NTU2ZGM1OTUyMDIyYTFiOGJhOGFhYmVhZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNoZooYYaQ7yinUOfkwD0Z8qwuSV
Wbf+6oDtS8GFRoE8wMicHARN7WCFsDIXy5KKSPBRPXywR9jul9Y+UXRseI9DoMpt
Jhx4e4ahag6ER2dGLp6iIIpo4y8YMkx3R9p8xLo7GI6UgbYA6ReWMpO6S0Kfz4L0
Rf4T73yWLv1Vwmq7Jh8Z+JvPc1u6+115zt85Zh/XBqYmshpdeV5LWmeLHP+HMmHa
evmm95OIqrvbncT1TkTF3l3i3M4ZDqNXSj8I6xWObS6NM+2woQNxHbAluEAhKvZP
Lzh++p9uJ1ZB3CQ3E2Ag2mqt+6DcBsZ6s4Jx7oVmVslXfnv8oRxIXHviiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELr4lIBZYVW3FlSAiobi6iqvq1iMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvUXV2aVVnRmxoVmJjV1ZJQ0todUxxS3EtcldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQr7MA0G
CSqGSIb3DQEBCwUAA4IBAQDL5K7sSzQSBcP3vo9fuYmtHGb4rVpE1z2XK2QrdJ3Z
v7BhSc3RLgGrnxkFgU+FWg7OUj2ff2vzmU6t4syuB+sjhNSVoDNhRB4ZhlyhVWrd
vpVqvsNNtS/sXkk8ja6IR1e/Qu5kb6pDyk4dKxECfbY8UDxNiraHpTXf9I058h00
gREEE7ZneHKDc9vaFMP7v7Cgk97o+efVzkQoJdTYy7qXpeEH2LN32NPtSZpZlBUT
vTkpQuCi25yQE+ozmJN8GCpW+naj4EpZxR5vVqjML/lVtZ+W6XvNUtr0U7iTeHaz
hD82FN6Z8nkn/SBkGun7tgHPkzUArJhCVuaOHJ+buEhF
-----END CERTIFICATE-----