Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/qe7lrCsm-aCPjRzjZZvceOA5oys.roa
File:                     qe7lrCsm-aCPjRzjZZvceOA5oys.roa (raw, json)
Hash identifier:          RrfzJOzmtYK+m79b1dLLacbaLWk/HpMczsWznSVNa8w=
Subject key identifier:   A9:EE:E5:AC:2B:26:F9:A0:8F:8D:1C:E3:65:9B:DC:78:E0:39:A3:2B
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018CC80134693C8968EE6C0568807692DD11
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/qe7lrCsm-aCPjRzjZZvceOA5oys.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        45.139.56.0/22 maxlen: 24
                          45.139.64.0/22 maxlen: 24
                          45.139.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:69:3c:89:68:ee:6c:05:68:80:76:92:dd:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9eee5ac2b26f9a08f8d1ce3659bdc78e039a32b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:35:93:e1:57:f0:c3:e7:58:06:df:cf:43:b4:
                    67:a5:a1:36:98:b0:1e:19:41:ed:38:e8:a5:9f:74:
                    a4:46:ad:c5:a2:3b:3a:4b:c6:b0:e7:9d:00:af:08:
                    a5:fb:09:9c:3c:2d:7a:2b:97:59:5f:bb:36:46:d3:
                    64:f0:29:e0:0a:02:6c:bf:88:c4:4e:22:5e:f5:53:
                    0d:23:d8:2e:7c:e6:87:12:f6:fe:02:96:e6:e7:58:
                    8c:6a:2a:ee:31:a6:58:86:36:d6:75:19:cc:6f:32:
                    eb:25:49:51:3b:05:f6:fd:75:1b:64:f2:8a:36:8f:
                    90:e1:12:c6:e2:f6:cb:8b:04:cd:85:65:c5:b1:65:
                    bc:9d:2c:38:08:f7:42:53:63:87:20:42:61:2d:48:
                    95:80:c6:ca:d9:ef:10:31:bb:3b:98:c8:21:59:0d:
                    95:d6:16:61:a0:37:ef:ba:f6:3e:e6:1d:26:49:a5:
                    b8:aa:bc:63:d2:b8:ad:20:6f:a7:1a:5d:8a:26:8e:
                    fe:47:68:1b:fd:f3:df:80:37:6f:d3:34:72:7b:18:
                    08:6e:1c:81:7a:b5:3c:08:a0:4a:3e:b0:c0:73:83:
                    79:b6:7e:8b:98:2e:69:d3:d0:bc:75:da:d5:83:3a:
                    79:92:5e:9c:20:3c:29:a7:98:5b:b7:89:ba:53:49:
                    0b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:EE:E5:AC:2B:26:F9:A0:8F:8D:1C:E3:65:9B:DC:78:E0:39:A3:2B
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/qe7lrCsm-aCPjRzjZZvceOA5oys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.36.0/22
                  45.139.56.0/22
                  45.139.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:8c:10:84:54:d6:df:5c:4e:04:22:54:38:99:71:22:17:c3:
         86:95:14:6f:5b:6f:7b:46:e5:27:6a:89:6d:12:b0:e7:29:95:
         9f:1c:35:58:f9:8e:b9:ed:44:14:d1:32:22:3e:0b:b3:39:67:
         0b:e9:e3:5f:c4:2e:2c:3b:5a:35:f6:3d:29:39:46:4a:27:33:
         ba:7b:e0:0c:2f:63:7c:51:ef:35:e3:07:3f:cf:f8:90:d2:63:
         1f:ed:3d:c0:44:49:35:50:c6:39:03:0b:99:43:a4:62:cc:61:
         84:0c:90:81:1a:25:21:80:48:cd:8d:f0:1f:09:a9:3e:eb:2b:
         fb:63:77:16:68:94:07:01:a4:04:64:b5:bf:8a:54:ff:9c:cf:
         a0:ae:6a:ec:1e:5c:2d:8e:d5:78:17:9d:4f:0c:c9:4b:a4:e8:
         8d:d9:6b:48:a9:cd:d9:bd:69:11:ea:28:6c:b6:81:36:11:87:
         32:8c:8f:53:d6:c7:77:80:70:57:70:b3:c7:eb:30:ba:84:80:
         b5:83:63:b7:55:fc:34:69:da:02:65:42:19:31:55:26:0e:7c:
         51:62:64:58:76:4e:39:20:44:60:a7:9b:fd:51:95:a3:65:14:
         aa:21:88:1b:39:37:cb:2b:1d:bc:ce:e2:1a:fa:74:4c:9c:c9:
         3d:23:c7:d9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIATRpPIlo7mwFaIB2kt0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWVlZTVhYzJiMjZmOWEwOGY4ZDFjZTM2NTliZGM3OGUwMzlhMzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDWT4Vfww+dYBt/PQ7RnpaE2mLAe
GUHtOOiln3SkRq3Fojs6S8aw550Arwil+wmcPC16K5dZX7s2RtNk8CngCgJsv4jE
TiJe9VMNI9gufOaHEvb+Apbm51iMairuMaZYhjbWdRnMbzLrJUlROwX2/XUbZPKK
No+Q4RLG4vbLiwTNhWXFsWW8nSw4CPdCU2OHIEJhLUiVgMbK2e8QMbs7mMghWQ2V
1hZhoDfvuvY+5h0mSaW4qrxj0ritIG+nGl2KJo7+R2gb/fPfgDdv0zRyexgIbhyB
erU8CKBKPrDAc4N5tn6LmC5p09C8ddrVgzp5kl6cIDwpp5hbt4m6U0kL9QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKnu5awrJvmgj40c42Wb3HjgOaMrMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvcWU3bHJDc20tYUNQalJ6alpadmNlT0E1b3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYskAwQC
LYs4AwQCLYtAMA0GCSqGSIb3DQEBCwUAA4IBAQCqjBCEVNbfXE4EIlQ4mXEiF8OG
lRRvW297RuUnaoltErDnKZWfHDVY+Y657UQU0TIiPguzOWcL6eNfxC4sO1o19j0p
OUZKJzO6e+AML2N8Ue814wc/z/iQ0mMf7T3AREk1UMY5AwuZQ6RizGGEDJCBGiUh
gEjNjfAfCak+6yv7Y3cWaJQHAaQEZLW/ilT/nM+grmrsHlwtjtV4F51PDMlLpOiN
2WtIqc3ZvWkR6ihstoE2EYcyjI9T1sd3gHBXcLPH6zC6hIC1g2O3Vfw0adoCZUIZ
MVUmDnxRYmRYdk45IERgp5v9UZWjZRSqIYgbOTfLKx28zuIa+nRMnMk9I8fZ
-----END CERTIFICATE-----