Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/QNe9egSAMyT7KBXMjfm5jIuXyxU.roa
File:                     QNe9egSAMyT7KBXMjfm5jIuXyxU.roa (raw, json)
Hash identifier:          HuDnA8fkTU/qprbeM8o1b9f9lfG3zQPgp0wtI3e9ZCA=
Subject key identifier:   40:D7:BD:7A:04:80:33:24:FB:28:15:CC:8D:F9:B9:8C:8B:97:CB:15
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B97A64FC38733270B722B485A4090
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/QNe9egSAMyT7KBXMjfm5jIuXyxU.roa
Signing time:             Mon 01 Jan 2024 18:31:31 +0000
ROA not before:           Mon 01 Jan 2024 18:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207555
IP address blocks:        188.114.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:97:a6:4f:c3:87:33:27:0b:72:2b:48:5a:40:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40d7bd7a04803324fb2815cc8df9b98c8b97cb15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9f:10:07:51:4b:4b:cb:31:5b:58:ab:ed:12:
                    14:5c:c2:e2:d3:20:bd:b5:ca:57:e5:fa:1d:7f:da:
                    67:75:8b:92:20:6a:7d:62:dd:a1:13:47:c6:e7:e2:
                    b8:86:af:b1:15:5f:bd:83:33:cc:30:a3:e9:48:98:
                    de:76:a8:b0:10:6f:c5:5c:d0:fd:17:87:a9:3a:5c:
                    09:d9:17:19:72:82:46:b3:2a:3f:67:8e:5e:32:b4:
                    22:09:ac:b7:82:72:2d:55:81:77:78:37:19:84:e4:
                    7f:01:d0:0b:4f:10:15:99:ed:2b:c6:4b:06:1e:67:
                    29:4e:cd:99:47:2d:09:ee:75:1b:d8:3b:92:6a:2d:
                    26:e6:a3:b6:4a:36:27:01:46:59:d0:4d:a4:49:16:
                    31:81:0d:11:56:75:46:63:60:ee:0c:0e:02:3d:29:
                    39:bf:c3:1e:59:bf:f5:95:a1:fe:07:2b:26:98:86:
                    f1:52:85:88:04:60:4b:1d:25:0b:b7:b9:2f:ca:bd:
                    c1:cc:b1:df:66:a2:66:a4:5e:f6:93:a3:dd:e3:17:
                    77:a7:71:89:1b:46:6d:48:5d:0f:3f:16:bd:a2:9c:
                    40:45:46:8f:59:91:16:7a:6a:0e:c6:2e:2f:dd:48:
                    0f:a6:f6:b4:c4:7b:33:6d:cf:aa:8f:42:e9:3c:23:
                    a6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D7:BD:7A:04:80:33:24:FB:28:15:CC:8D:F9:B9:8C:8B:97:CB:15
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/QNe9egSAMyT7KBXMjfm5jIuXyxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.114.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:40:bf:d0:6f:ad:0c:c2:1f:21:0c:20:f5:9b:bd:65:dc:ed:
         d0:3c:99:dd:b3:d7:68:35:7c:29:de:f5:a3:be:e5:9d:a6:49:
         75:57:8e:a3:6a:76:b4:8e:20:f9:77:2f:5a:bc:93:fe:b3:f4:
         a8:7c:9f:7e:1b:0c:19:56:4d:8f:dd:5e:65:41:11:8c:fe:de:
         46:e2:f6:ca:db:6a:a9:09:15:ad:1c:4d:8e:4f:36:8e:ba:1f:
         b8:e8:b8:f2:cd:a8:f8:4d:8b:cf:a4:a5:43:d0:3f:e6:70:f2:
         57:9e:92:41:8b:ed:78:74:94:02:74:f7:d0:2d:76:bb:31:bc:
         f1:93:c2:b2:8e:d2:51:1a:fd:ff:a5:11:41:7c:ef:23:a7:31:
         88:e1:46:9e:44:fa:d4:9c:0f:35:ad:0b:51:22:ef:cd:df:24:
         e9:71:8f:82:13:08:3a:39:b3:55:d4:ad:a3:32:95:dd:05:df:
         b1:dc:4a:f2:0e:1c:19:e7:88:7d:09:be:a7:ee:82:8a:63:04:
         42:b7:4b:fd:89:02:3e:67:f4:f6:92:72:ce:79:f3:45:45:8a:
         f9:2f:e4:50:c0:3d:ad:f0:2b:f6:b2:f2:ff:dd:fb:11:42:fd:
         f2:7b:e8:3a:02:4c:3f:48:21:f4:d9:34:f3:5e:d5:d0:9d:36:
         2e:d2:53:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5emT8OHMycLcitIWkCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQ3YmQ3YTA0ODAzMzI0ZmIyODE1Y2M4ZGY5Yjk4YzhiOTdjYjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj58QB1FLS8sxW1ir7RIUXMLi0yC9
tcpX5fodf9pndYuSIGp9Yt2hE0fG5+K4hq+xFV+9gzPMMKPpSJjedqiwEG/FXND9
F4epOlwJ2RcZcoJGsyo/Z45eMrQiCay3gnItVYF3eDcZhOR/AdALTxAVme0rxksG
HmcpTs2ZRy0J7nUb2DuSai0m5qO2SjYnAUZZ0E2kSRYxgQ0RVnVGY2DuDA4CPSk5
v8MeWb/1laH+BysmmIbxUoWIBGBLHSULt7kvyr3BzLHfZqJmpF72k6Pd4xd3p3GJ
G0ZtSF0PPxa9opxARUaPWZEWemoOxi4v3UgPpva0xHszbc+qj0LpPCOmVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDXvXoEgDMk+ygVzI35uYyLl8sVMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvUU5lOWVnU0FNeVQ3S0JYTWpmbTVqSXVYeXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHJAMA0G
CSqGSIb3DQEBCwUAA4IBAQB0QL/Qb60Mwh8hDCD1m71l3O3QPJnds9doNXwp3vWj
vuWdpkl1V46jana0jiD5dy9avJP+s/SofJ9+GwwZVk2P3V5lQRGM/t5G4vbK22qp
CRWtHE2OTzaOuh+46Ljyzaj4TYvPpKVD0D/mcPJXnpJBi+14dJQCdPfQLXa7Mbzx
k8KyjtJRGv3/pRFBfO8jpzGI4UaeRPrUnA81rQtRIu/N3yTpcY+CEwg6ObNV1K2j
MpXdBd+x3EryDhwZ54h9Cb6n7oKKYwRCt0v9iQI+Z/T2knLOefNFRYr5L+RQwD2t
8Cv2svL/3fsRQv3ye+g6Akw/SCH02TTzXtXQnTYu0lMP
-----END CERTIFICATE-----