Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/qdpQ_Jcdd5TjenLXN4-i9PcvUPs.roa
File:                     qdpQ_Jcdd5TjenLXN4-i9PcvUPs.roa (raw, json)
Hash identifier:          5rmWq0OsM1S9+8lUx+cl4waU8/ve8YiX9w1RK65wp+s=
Subject key identifier:   A9:DA:50:FC:97:1D:77:94:E3:7A:72:D7:37:8F:A2:F4:F7:2F:50:FB
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       019014D53107182A7C4590579CAAA31D64E2
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/qdpQ_Jcdd5TjenLXN4-i9PcvUPs.roa
Signing time:             Fri 14 Jun 2024 03:40:34 +0000
ROA not before:           Fri 14 Jun 2024 03:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203230
IP address blocks:        89.42.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:14:d5:31:07:18:2a:7c:45:90:57:9c:aa:a3:1d:64:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jun 14 03:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9da50fc971d7794e37a72d7378fa2f4f72f50fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9c:83:7e:be:de:fa:1d:e7:23:49:c6:f2:29:
                    e5:b0:44:7a:f4:03:9b:79:03:4d:a1:5d:49:08:e0:
                    a5:ce:96:82:4b:be:7c:98:ba:63:07:82:51:a2:ea:
                    0b:b8:63:12:a1:6b:11:aa:34:e2:ca:0f:f6:67:29:
                    e1:a4:22:2d:e7:d1:90:e7:9e:5f:94:f9:de:d0:40:
                    00:21:99:b4:ec:95:f5:57:78:14:26:0b:e6:15:bf:
                    a0:94:93:4a:50:a4:42:f2:35:1c:c3:35:d5:02:86:
                    aa:d9:e4:79:c6:29:57:e9:60:52:68:df:c6:47:c4:
                    5a:bd:e3:d3:e3:64:5b:dd:de:61:99:45:8d:16:7d:
                    f3:48:b0:68:f2:04:b6:38:32:da:1b:24:ab:5d:20:
                    92:bd:8d:4d:44:b3:eb:fc:6d:12:64:76:d5:d9:7a:
                    75:62:95:01:6a:b6:78:e0:43:28:ad:7e:24:53:73:
                    01:be:be:07:d3:b0:f2:90:91:32:18:36:36:48:5a:
                    89:e4:76:cf:f4:6c:74:6a:b2:91:b9:a4:e6:77:fe:
                    ad:2c:25:02:24:3c:78:0a:a0:b6:f8:2f:28:ab:e1:
                    21:b5:98:e2:70:7e:1f:92:f3:32:ec:f3:8d:ac:8d:
                    70:f3:f0:98:e8:93:c3:ec:82:43:f3:1f:1e:c7:db:
                    1b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DA:50:FC:97:1D:77:94:E3:7A:72:D7:37:8F:A2:F4:F7:2F:50:FB
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/qdpQ_Jcdd5TjenLXN4-i9PcvUPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:98:ec:b8:6e:01:84:44:b4:2e:9f:b6:6e:23:33:e2:39:2a:
         f1:c3:7e:b0:72:d0:fe:98:36:71:4b:e2:81:ef:29:68:be:f2:
         a2:40:0c:d2:eb:af:35:e1:9d:f2:e5:2b:44:d7:05:0c:57:f0:
         88:03:9d:3c:49:94:ee:cd:32:09:dc:7a:93:aa:e9:9d:e4:ab:
         77:db:a3:99:79:ea:34:af:12:99:c3:ab:15:b7:7c:b3:bc:76:
         3a:8f:be:6e:27:c3:42:77:7c:70:78:34:33:dc:51:c7:3f:35:
         14:20:ca:2b:60:0d:cb:f8:75:5e:c6:98:36:2f:75:a6:6b:cd:
         56:a9:b1:d7:4b:2d:5e:97:01:e4:f4:0a:e1:51:ae:0b:ce:cd:
         2e:95:ed:a7:dc:d0:c3:ae:6a:35:3b:22:de:69:81:0f:e2:9a:
         1b:c0:7f:11:57:90:f0:18:17:f8:41:32:cc:b8:1b:a7:cd:8a:
         c2:b1:ad:cd:f4:7f:cf:e4:d3:45:a1:55:9d:63:bb:8a:49:65:
         0d:a2:60:be:45:04:da:11:30:a4:d4:43:cd:69:85:79:b1:2d:
         f6:87:69:ac:2e:c7:d2:95:7a:e9:7b:84:c3:5c:69:0c:25:d8:
         b2:a3:74:f7:71:e1:8b:43:6c:66:25:c8:84:79:8a:03:64:94:
         98:55:8d:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAU1TEHGCp8RZBXnKqjHWTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjQwNjE0MDM0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWRhNTBmYzk3MWQ3Nzk0ZTM3YTcyZDczNzhmYTJmNGY3MmY1MGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspyDfr7e+h3nI0nG8inlsER69AOb
eQNNoV1JCOClzpaCS758mLpjB4JRouoLuGMSoWsRqjTiyg/2ZynhpCIt59GQ555f
lPne0EAAIZm07JX1V3gUJgvmFb+glJNKUKRC8jUcwzXVAoaq2eR5xilX6WBSaN/G
R8RavePT42Rb3d5hmUWNFn3zSLBo8gS2ODLaGySrXSCSvY1NRLPr/G0SZHbV2Xp1
YpUBarZ44EMorX4kU3MBvr4H07DykJEyGDY2SFqJ5HbP9Gx0arKRuaTmd/6tLCUC
JDx4CqC2+C8oq+EhtZjicH4fkvMy7PONrI1w8/CY6JPD7IJD8x8ex9sbHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnaUPyXHXeU43py1zePovT3L1D7MB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvcWRwUV9KY2RkNVRqZW5MWE40LWk5UGN2VVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBSmOy4bgGERLQun7ZuIzPiOSrxw36wctD+mDZxS+KB
7ylovvKiQAzS66814Z3y5StE1wUMV/CIA508SZTuzTIJ3HqTqumd5Kt326OZeeo0
rxKZw6sVt3yzvHY6j75uJ8NCd3xweDQz3FHHPzUUIMorYA3L+HVexpg2L3Wma81W
qbHXSy1elwHk9ArhUa4Lzs0ule2n3NDDrmo1OyLeaYEP4pobwH8RV5DwGBf4QTLM
uBunzYrCsa3N9H/P5NNFoVWdY7uKSWUNomC+RQTaETCk1EPNaYV5sS32h2msLsfS
lXrpe4TDXGkMJdiyo3T3ceGLQ2xmJciEeYoDZJSYVY1B
-----END CERTIFICATE-----