Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/dqCQ3nr3wzW2sfGa8eEVsmrUGrg.roa
File:                     dqCQ3nr3wzW2sfGa8eEVsmrUGrg.roa (raw, json)
Hash identifier:          uOdsXraVSV+JNTlfJixbZ1UVoeel1p29hUDYnSj9vGQ=
Subject key identifier:   76:A0:90:DE:7A:F7:C3:35:B6:B1:F1:9A:F1:E1:15:B2:6A:D4:1A:B8
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018E749BB49AE517BC6A2463C1C59078025C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/dqCQ3nr3wzW2sfGa8eEVsmrUGrg.roa
Signing time:             Mon 25 Mar 2024 07:55:45 +0000
ROA not before:           Mon 25 Mar 2024 07:55:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215340
IP address blocks:        109.236.49.0/24 maxlen: 24
                          109.236.50.0/24 maxlen: 24
                          185.86.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 17:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:9b:b4:9a:e5:17:bc:6a:24:63:c1:c5:90:78:02:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Mar 25 07:55:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76a090de7af7c335b6b1f19af1e115b26ad41ab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:99:46:25:ba:49:7a:b6:ff:c0:48:39:89:94:
                    60:53:b1:7f:83:f5:6d:f9:5e:f9:69:53:b2:6f:05:
                    de:42:b5:5d:d0:c3:30:63:75:51:c7:8a:b0:14:b8:
                    8d:78:9a:8d:05:2a:69:cc:c6:de:98:df:7d:51:6a:
                    ba:92:51:6e:cf:52:4f:e2:3c:47:f9:c1:f7:cb:ed:
                    35:0d:c5:5d:6a:1d:a4:e2:54:94:61:47:7c:3a:cb:
                    46:1b:7e:0b:09:c7:71:47:8a:16:96:4c:df:33:66:
                    43:6a:21:1d:00:21:c1:9d:09:cc:d7:ce:3a:55:09:
                    7f:b9:a4:13:6a:0e:ab:85:c8:25:16:ad:86:c2:76:
                    1c:fb:e0:98:41:3a:03:1a:04:6b:09:3c:d1:b5:57:
                    82:68:32:fa:c0:78:e4:34:75:f1:74:0e:d1:5d:05:
                    d6:02:84:84:8b:34:23:ea:61:d2:9c:45:66:7e:98:
                    df:fe:c5:57:a9:0a:1c:ef:d1:ea:26:2c:65:59:e9:
                    5d:a1:18:9f:c0:32:2a:6e:4f:67:58:03:78:ea:ff:
                    b3:b9:a4:70:b8:ab:c9:e7:bb:1a:4d:e4:14:4c:46:
                    c9:81:65:98:8c:d1:66:25:e9:b5:9d:ea:0b:a9:7a:
                    3d:60:48:18:3c:ea:09:f6:dc:95:74:af:a0:9d:ef:
                    89:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A0:90:DE:7A:F7:C3:35:B6:B1:F1:9A:F1:E1:15:B2:6A:D4:1A:B8
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/dqCQ3nr3wzW2sfGa8eEVsmrUGrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.49.0-109.236.50.255
                  185.86.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:0d:6d:56:a3:c0:44:83:8a:15:4d:20:f8:bb:c1:ca:42:2a:
         ab:07:b2:fe:ae:d6:df:6d:70:e7:33:cf:b7:c5:21:44:37:50:
         f2:53:1e:1d:5d:f8:36:04:fd:8f:52:8d:8e:00:1f:02:24:b6:
         7c:d5:86:e6:a3:2d:59:63:07:f5:5a:a1:7a:df:1c:ac:34:86:
         eb:3a:4b:b6:66:82:32:72:1f:f4:24:c0:0c:59:14:ba:05:2c:
         ca:62:ef:b2:60:6e:c4:3f:ef:c3:e6:e4:90:fc:c5:2b:3a:31:
         e7:d5:7c:23:ef:13:ef:5b:64:c9:e7:17:fd:f3:3f:a1:75:ba:
         cc:50:2b:75:af:70:d1:56:f7:51:7d:f1:cd:2c:58:cd:f0:35:
         17:6f:52:6b:b5:7b:fd:a1:af:9e:ef:13:7e:d8:3f:f3:60:f5:
         39:b4:2e:91:fd:23:9b:18:1e:04:f0:5e:30:80:73:a3:9a:4b:
         cb:32:e7:ed:7f:78:93:63:2f:37:79:5f:25:d9:e9:fe:df:b1:
         01:e7:cc:79:51:ff:45:b5:0d:df:96:43:c9:cc:c8:d3:8e:f4:
         9e:e7:02:be:31:ef:d8:33:cb:4d:c7:3f:f0:f0:2a:7d:3c:8c:
         32:26:16:8a:b4:1a:4a:6d:0b:87:5b:65:d9:47:01:35:07:6c:
         e4:63:d6:e9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY50m7Sa5Re8aiRjwcWQeAJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMzI1MDc1NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmEwOTBkZTdhZjdjMzM1YjZiMWYxOWFmMWUxMTViMjZhZDQxYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZlGJbpJerb/wEg5iZRgU7F/g/Vt
+V75aVOybwXeQrVd0MMwY3VRx4qwFLiNeJqNBSppzMbemN99UWq6klFuz1JP4jxH
+cH3y+01DcVdah2k4lSUYUd8OstGG34LCcdxR4oWlkzfM2ZDaiEdACHBnQnM1846
VQl/uaQTag6rhcglFq2GwnYc++CYQToDGgRrCTzRtVeCaDL6wHjkNHXxdA7RXQXW
AoSEizQj6mHSnEVmfpjf/sVXqQoc79HqJixlWeldoRifwDIqbk9nWAN46v+zuaRw
uKvJ57saTeQUTEbJgWWYjNFmJem1neoLqXo9YEgYPOoJ9tyVdK+gne+JiwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHagkN5698M1trHxmvHhFbJq1Bq4MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZHFDUTNucjN3elcyc2ZHYThlRVZzbXJVR3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABt7DED
BABt7DIDBAC5VgYwDQYJKoZIhvcNAQELBQADggEBAJUNbVajwESDihVNIPi7wcpC
KqsHsv6u1t9tcOczz7fFIUQ3UPJTHh1d+DYE/Y9SjY4AHwIktnzVhuajLVljB/Va
oXrfHKw0hus6S7ZmgjJyH/QkwAxZFLoFLMpi77JgbsQ/78Pm5JD8xSs6MefVfCPv
E+9bZMnnF/3zP6F1usxQK3WvcNFW91F98c0sWM3wNRdvUmu1e/2hr57vE37YP/Ng
9Tm0LpH9I5sYHgTwXjCAc6OaS8sy5+1/eJNjLzd5XyXZ6f7fsQHnzHlR/0W1Dd+W
Q8nMyNOO9J7nAr4x79gzy03HP/DwKn08jDImFoq0GkptC4dbZdlHATUHbORj1uk=
-----END CERTIFICATE-----