Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3b27b0-a1a7-4bf5-8cdd-595bfa1e1a9b/1/QaVIorKxIMotcqEgIVMT9hU9fAo.roa
File:                     QaVIorKxIMotcqEgIVMT9hU9fAo.roa (raw, json)
Hash identifier:          /HR4sSSZ5dYrzu7iAM6z42W6ddZfNsGocrJZQLyJOKY=
Subject key identifier:   41:A5:48:A2:B2:B1:20:CA:2D:72:A1:20:21:53:13:F6:15:3D:7C:0A
Certificate issuer:       /CN=f90e719baa4c8310483679fb6a3cb4ce9ac00c09
Certificate serial:       018CC80160B1E107B0DFE9BAEEEC8D0B0DF0
Authority key identifier: F9:0E:71:9B:AA:4C:83:10:48:36:79:FB:6A:3C:B4:CE:9A:C0:0C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Q5xm6pMgxBINnn7ajy0zprADAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/3b27b0-a1a7-4bf5-8cdd-595bfa1e1a9b/1/QaVIorKxIMotcqEgIVMT9hU9fAo.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205244
IP address blocks:        185.224.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/3b27b0-a1a7-4bf5-8cdd-595bfa1e1a9b/1/1-Q5xm6pMgxBINnn7ajy0zprADAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/3b27b0-a1a7-4bf5-8cdd-595bfa1e1a9b/1/1-Q5xm6pMgxBINnn7ajy0zprADAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Q5xm6pMgxBINnn7ajy0zprADAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:60:b1:e1:07:b0:df:e9:ba:ee:ec:8d:0b:0d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f90e719baa4c8310483679fb6a3cb4ce9ac00c09
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41a548a2b2b120ca2d72a120215313f6153d7c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:0e:a8:86:51:b5:f3:ea:21:39:d7:59:60:3a:
                    02:8d:e6:96:57:4f:f2:ea:05:51:2c:52:ca:11:e4:
                    bc:1c:b1:3a:3e:6e:45:e8:2c:9b:1c:63:f6:63:10:
                    4a:0f:ba:0b:74:d6:c4:0b:a6:16:d7:e5:0e:2f:b5:
                    20:cb:90:bc:7b:ad:91:40:ec:43:d0:cb:12:70:7a:
                    5a:c0:60:d2:a4:80:12:de:e1:14:cb:5b:c8:df:f6:
                    56:d4:03:2b:e1:da:ad:c7:a4:b2:90:3e:ed:aa:8f:
                    3e:13:cd:f9:a0:d7:3f:b0:63:40:d5:da:7d:9e:11:
                    87:7d:b7:69:f5:65:ed:da:d7:6e:0d:da:b3:3a:ef:
                    ce:91:fd:d5:69:39:49:24:c6:f8:c2:d3:fe:16:a7:
                    1d:e2:b6:6a:bc:5d:83:08:de:5c:28:08:3e:45:96:
                    49:53:8d:b4:40:eb:dc:33:a2:2e:03:8a:d0:3e:42:
                    ff:af:05:24:98:7c:10:66:8d:9a:ce:c9:f7:15:b1:
                    32:14:3f:66:a1:ce:c0:87:97:1f:df:d9:d6:95:03:
                    59:dc:f2:6f:0d:2a:61:a9:90:93:72:92:ff:aa:ee:
                    81:dc:f8:36:75:6c:38:e2:3e:97:24:2c:a6:d8:00:
                    86:94:e6:0e:13:fb:70:9f:2c:55:d1:8e:fb:ba:5e:
                    b1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A5:48:A2:B2:B1:20:CA:2D:72:A1:20:21:53:13:F6:15:3D:7C:0A
            X509v3 Authority Key Identifier:
                keyid:F9:0E:71:9B:AA:4C:83:10:48:36:79:FB:6A:3C:B4:CE:9A:C0:0C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Q5xm6pMgxBINnn7ajy0zprADAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3b27b0-a1a7-4bf5-8cdd-595bfa1e1a9b/1/QaVIorKxIMotcqEgIVMT9hU9fAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3b27b0-a1a7-4bf5-8cdd-595bfa1e1a9b/1/1-Q5xm6pMgxBINnn7ajy0zprADAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:70:45:fd:82:82:26:fb:0b:4a:c8:df:3a:76:76:ae:33:ec:
         e1:ee:71:f1:54:f2:f1:f8:0e:d2:75:d5:73:bb:ea:7a:6f:51:
         47:05:e3:69:b7:be:e6:fe:b3:85:8d:82:6e:2d:92:6d:c0:58:
         0b:f5:5e:47:29:6d:03:f9:ff:53:2c:ca:43:7c:7f:b5:79:2a:
         a9:cb:52:32:08:85:6f:38:ba:b1:33:96:e4:11:5a:48:0c:b4:
         ed:00:af:8d:7c:19:c0:94:ac:01:6c:03:56:d9:83:e2:99:b8:
         d6:7e:b2:8b:d2:b9:a0:99:77:5d:f7:77:e7:87:83:28:a2:14:
         80:f7:6b:c1:3c:b4:ea:1f:57:a8:b8:ad:ba:58:7b:67:22:4c:
         43:24:53:b8:90:d7:54:c8:ee:5f:c3:59:0a:18:78:a6:ec:76:
         7a:16:81:c0:15:98:bb:01:0b:f0:d5:b5:f1:36:fa:1f:d9:33:
         4e:7f:ce:6f:97:8a:28:bb:63:ce:47:b7:31:e3:aa:75:d1:ad:
         80:0d:9f:7b:df:77:08:77:78:92:3f:e3:16:13:7e:11:0f:97:
         58:c9:94:a8:12:cd:ac:4e:85:3b:bb:3c:5c:35:c7:2c:4d:77:
         ed:9c:4b:5e:61:2c:fe:57:15:df:f4:43:5c:a2:0d:7c:e9:cc:
         ea:42:0b:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWCx4Qew3+m67uyNCw3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MGU3MTliYWE0YzgzMTA0ODM2NzlmYjZhM2NiNGNlOWFj
MDBjMDkwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWE1NDhhMmIyYjEyMGNhMmQ3MmExMjAyMTUzMTNmNjE1M2Q3YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1w6ohlG18+ohOddZYDoCjeaWV0/y
6gVRLFLKEeS8HLE6Pm5F6CybHGP2YxBKD7oLdNbEC6YW1+UOL7Ugy5C8e62RQOxD
0MsScHpawGDSpIAS3uEUy1vI3/ZW1AMr4dqtx6SykD7tqo8+E835oNc/sGNA1dp9
nhGHfbdp9WXt2tduDdqzOu/Okf3VaTlJJMb4wtP+Fqcd4rZqvF2DCN5cKAg+RZZJ
U420QOvcM6IuA4rQPkL/rwUkmHwQZo2azsn3FbEyFD9moc7Ah5cf39nWlQNZ3PJv
DSphqZCTcpL/qu6B3Pg2dWw44j6XJCym2ACGlOYOE/twnyxV0Y77ul6x7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEGlSKKysSDKLXKhICFTE/YVPXwKMB8GA1UdIwQY
MBaAFPkOcZuqTIMQSDZ5+2o8tM6awAwJMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1RNXhtNnBNZ3hCSU5ubjdhankwenByQURBay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvM2IyN2IwLWExYTctNGJmNS04Y2Rk
LTU5NWJmYTFlMWE5Yi8xL1FhVklvckt4SU1vdGNxRWdJVk1UOWhVOWZBby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvM2IyN2IwLWExYTctNGJmNS04Y2RkLTU5NWJmYTFlMWE5
Yi8xLzEtUTV4bTZwTWd4QklObm43YWp5MHpwckFEQWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK54GQw
DQYJKoZIhvcNAQELBQADggEBAI5wRf2Cgib7C0rI3zp2dq4z7OHucfFU8vH4DtJ1
1XO76npvUUcF42m3vub+s4WNgm4tkm3AWAv1XkcpbQP5/1MsykN8f7V5KqnLUjII
hW84urEzluQRWkgMtO0Ar418GcCUrAFsA1bZg+KZuNZ+sovSuaCZd133d+eHgyii
FID3a8E8tOofV6i4rbpYe2ciTEMkU7iQ11TI7l/DWQoYeKbsdnoWgcAVmLsBC/DV
tfE2+h/ZM05/zm+Xiii7Y85HtzHjqnXRrYANn3vfdwh3eJI/4xYTfhEPl1jJlKgS
zaxOhTu7PFw1xyxNd+2cS15hLP5XFd/0Q1yiDXzpzOpCC4Q=
-----END CERTIFICATE-----