Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/PQzEoD_1nDN1dE9xwJweJWTYh_A.roa
File:                     PQzEoD_1nDN1dE9xwJweJWTYh_A.roa (raw, json)
Hash identifier:          1yqPBZACOsNCnBhurjpAeD5RMCC9YhmiF7oFMPqf42Q=
Subject key identifier:   3D:0C:C4:A0:3F:F5:9C:33:75:74:4F:71:C0:9C:1E:25:64:D8:87:F0
Certificate issuer:       /CN=787e31ce5d501d1a94afdabbd4e024cc2a788ef5
Certificate serial:       018CC86EF1ACD6D77F46D3192C1ADDB9CAA6
Authority key identifier: 78:7E:31:CE:5D:50:1D:1A:94:AF:DA:BB:D4:E0:24:CC:2A:78:8E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eH4xzl1QHRqUr9q71OAkzCp4jvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/PQzEoD_1nDN1dE9xwJweJWTYh_A.roa
Signing time:             Tue 02 Jan 2024 04:29:23 +0000
ROA not before:           Tue 02 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61072
IP address blocks:        45.154.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/eH4xzl1QHRqUr9q71OAkzCp4jvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/eH4xzl1QHRqUr9q71OAkzCp4jvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eH4xzl1QHRqUr9q71OAkzCp4jvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f1:ac:d6:d7:7f:46:d3:19:2c:1a:dd:b9:ca:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=787e31ce5d501d1a94afdabbd4e024cc2a788ef5
        Validity
            Not Before: Jan  2 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d0cc4a03ff59c3375744f71c09c1e2564d887f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a6:e1:0d:38:00:ae:b8:0a:12:dd:f9:b0:2d:
                    14:c4:2f:64:35:d1:8a:66:84:87:fe:20:22:ae:7c:
                    ea:80:73:7e:ed:a3:0b:cd:d8:4e:7c:92:d2:51:d0:
                    0d:1b:44:09:34:10:2e:96:71:26:05:60:c2:3a:73:
                    fd:e9:59:b5:97:b8:2a:b9:c6:c8:f9:e9:b0:63:37:
                    5e:87:8d:44:1f:b8:64:9a:c2:4c:7b:31:e1:a6:5f:
                    b7:36:6c:7c:70:08:db:b5:2e:cc:b0:05:9d:b7:ec:
                    09:c7:1c:e2:38:be:ab:d8:df:53:9c:dc:52:48:9b:
                    08:03:40:45:21:91:e2:64:f8:d3:a7:33:bc:1d:ae:
                    1c:eb:a5:ba:0f:a2:59:43:4b:a7:2a:b9:3c:0d:e1:
                    f1:ad:f6:f2:8d:45:86:9b:a9:6c:2c:f4:c0:d6:e0:
                    29:ce:2c:d5:8a:4d:7d:cf:a8:69:af:b6:8f:69:e2:
                    db:a9:b2:26:57:c9:c0:e9:e1:e8:44:54:eb:6f:09:
                    8f:a6:2f:c5:10:e5:ca:d1:c9:2f:39:10:93:6c:2a:
                    98:88:b4:51:93:04:71:48:77:c2:98:20:6a:d7:65:
                    49:71:ba:24:83:68:14:bc:4f:01:4f:ef:ed:0b:b6:
                    7f:9b:da:df:1a:7c:b8:25:12:0f:65:bf:40:f7:5a:
                    0f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0C:C4:A0:3F:F5:9C:33:75:74:4F:71:C0:9C:1E:25:64:D8:87:F0
            X509v3 Authority Key Identifier:
                keyid:78:7E:31:CE:5D:50:1D:1A:94:AF:DA:BB:D4:E0:24:CC:2A:78:8E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eH4xzl1QHRqUr9q71OAkzCp4jvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/PQzEoD_1nDN1dE9xwJweJWTYh_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7c55d2-381c-4e87-8ca5-2307bb59225f/1/eH4xzl1QHRqUr9q71OAkzCp4jvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b2:6e:ee:e5:00:ea:7b:e2:ea:bd:d1:36:aa:e3:19:2c:7c:
         42:27:cf:c7:83:75:7c:c9:f0:66:b4:1c:cf:2c:05:fe:02:2b:
         c8:08:2d:dc:86:62:c1:2a:4d:77:28:77:16:fc:5b:62:8f:77:
         95:ee:b8:3c:79:65:c6:a3:43:5e:63:0e:15:61:1b:84:6b:9d:
         13:e8:9e:05:ec:36:7c:1c:8d:a0:10:09:69:87:54:65:21:c2:
         18:ae:a3:01:9c:c1:11:2e:35:2c:4e:6b:f2:62:e8:7f:fe:af:
         08:4e:ff:40:43:68:57:a2:71:2b:4e:ae:f2:26:8f:77:5a:25:
         04:0e:9a:8a:68:71:04:70:f4:e2:3c:60:48:2c:c3:d3:75:30:
         0c:2d:f7:0b:35:ba:04:5a:af:5f:03:a1:15:a4:94:08:b3:c4:
         cc:bc:24:2a:3d:f7:60:49:25:3d:93:21:4f:ff:d0:cc:b9:ce:
         f4:0f:a5:89:96:77:6c:fa:2e:57:31:88:06:2f:b0:4c:ca:b2:
         9f:28:10:f4:cb:f1:ad:d7:b0:18:3b:85:2b:9d:6d:93:11:44:
         fc:df:f5:f4:a3:79:96:ee:00:6a:c7:0e:2d:ac:be:fb:02:d4:
         a1:50:f0:c5:95:9e:02:a3:1a:2a:82:76:ec:cd:01:14:7a:b8:
         75:ff:69:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvGs1td/RtMZLBrducqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4N2UzMWNlNWQ1MDFkMWE5NGFmZGFiYmQ0ZTAyNGNjMmE3
ODhlZjUwHhcNMjQwMTAyMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBjYzRhMDNmZjU5YzMzNzU3NDRmNzFjMDljMWUyNTY0ZDg4N2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKbhDTgArrgKEt35sC0UxC9kNdGK
ZoSH/iAirnzqgHN+7aMLzdhOfJLSUdANG0QJNBAulnEmBWDCOnP96Vm1l7gqucbI
+emwYzdeh41EH7hkmsJMezHhpl+3Nmx8cAjbtS7MsAWdt+wJxxziOL6r2N9TnNxS
SJsIA0BFIZHiZPjTpzO8Ha4c66W6D6JZQ0unKrk8DeHxrfbyjUWGm6lsLPTA1uAp
zizVik19z6hpr7aPaeLbqbImV8nA6eHoRFTrbwmPpi/FEOXK0ckvORCTbCqYiLRR
kwRxSHfCmCBq12VJcbokg2gUvE8BT+/tC7Z/m9rfGny4JRIPZb9A91oPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0MxKA/9ZwzdXRPccCcHiVk2IfwMB8GA1UdIwQY
MBaAFHh+Mc5dUB0alK/au9TgJMwqeI71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUg0eHpsMVFIUnFVcjlxNzFPQWt6Q3A0anZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83YzU1ZDItMzgxYy00ZTg3LThjYTUt
MjMwN2JiNTkyMjVmLzEvUFF6RW9EXzFuRE4xZEU5eHdKd2VKV1RZaF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83YzU1ZDItMzgxYy00ZTg3LThjYTUtMjMwN2JiNTkyMjVm
LzEvZUg0eHpsMVFIUnFVcjlxNzFPQWt6Q3A0anZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZr8MA0G
CSqGSIb3DQEBCwUAA4IBAQB+sm7u5QDqe+LqvdE2quMZLHxCJ8/Hg3V8yfBmtBzP
LAX+AivICC3chmLBKk13KHcW/Ftij3eV7rg8eWXGo0NeYw4VYRuEa50T6J4F7DZ8
HI2gEAlph1RlIcIYrqMBnMERLjUsTmvyYuh//q8ITv9AQ2hXonErTq7yJo93WiUE
DpqKaHEEcPTiPGBILMPTdTAMLfcLNboEWq9fA6EVpJQIs8TMvCQqPfdgSSU9kyFP
/9DMuc70D6WJlnds+i5XMYgGL7BMyrKfKBD0y/Gt17AYO4UrnW2TEUT83/X0o3mW
7gBqxw4trL77AtShUPDFlZ4CoxoqgnbszQEUerh1/2mg
-----END CERTIFICATE-----