Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/QHV-BQCV67uI4mLS4iDsPfhgnwo.roa
File:                     QHV-BQCV67uI4mLS4iDsPfhgnwo.roa (raw, json)
Hash identifier:          sg1DOINP0ZWoMNuOiMiRi766LkSf9v2kNLiShNlAdXs=
Subject key identifier:   40:75:7E:05:00:95:EB:BB:88:E2:62:D2:E2:20:EC:3D:F8:60:9F:0A
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       01901538FCF141663F0C3ACBA0D2F49C4FB6
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/QHV-BQCV67uI4mLS4iDsPfhgnwo.roa
Signing time:             Fri 14 Jun 2024 05:29:34 +0000
ROA not before:           Fri 14 Jun 2024 05:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214789
IP address blocks:        91.147.110.0/24 maxlen: 24
                          194.164.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:38:fc:f1:41:66:3f:0c:3a:cb:a0:d2:f4:9c:4f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Jun 14 05:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40757e050095ebbb88e262d2e220ec3df8609f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7b:89:65:43:2f:e6:5d:ff:be:7c:4a:39:fd:
                    8b:04:cf:18:43:b3:4d:42:cc:89:2d:27:05:25:cb:
                    80:9c:a0:fd:64:5d:04:42:bb:b2:79:e9:f1:65:53:
                    97:4e:cc:11:e1:5d:35:ff:89:3f:24:da:26:63:40:
                    00:31:50:cb:df:05:b6:73:59:53:73:36:f0:3b:4d:
                    aa:60:08:7f:04:51:4c:66:e1:57:43:ed:8b:4c:16:
                    1d:bc:0f:c5:02:8a:1b:ab:10:66:d1:88:ed:7f:4a:
                    f6:4a:e7:72:6c:4c:de:3c:76:b4:05:07:32:35:88:
                    6c:50:eb:fd:92:60:22:49:d0:dd:ed:8a:51:5b:8c:
                    81:20:5b:16:e3:bf:00:bb:b0:7b:d0:1e:1a:75:0e:
                    fc:b5:19:d6:e1:fb:f5:e1:90:b4:1d:cb:36:c6:d5:
                    f1:37:2c:e1:3a:8f:41:23:74:0f:ea:ac:7d:6f:d4:
                    ca:fc:e3:31:71:11:3f:43:e5:1c:90:c2:3a:91:07:
                    ed:1b:40:1f:e5:a3:bb:ae:21:f0:10:27:69:ae:b9:
                    90:1a:06:0f:15:07:c4:c7:8c:34:63:b0:01:bc:5f:
                    2c:91:c2:61:fb:99:03:c9:22:8f:46:8b:6c:92:df:
                    47:09:7c:0f:ab:5d:ed:bf:6b:da:7f:0f:59:9e:8c:
                    ea:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:75:7E:05:00:95:EB:BB:88:E2:62:D2:E2:20:EC:3D:F8:60:9F:0A
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/QHV-BQCV67uI4mLS4iDsPfhgnwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.110.0/24
                  194.164.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:7b:bd:a1:de:6c:b2:18:cb:66:c9:f8:ac:3d:50:dc:50:97:
         5d:0f:10:44:cb:b6:60:34:fa:44:92:6a:12:8b:7b:ae:33:7f:
         bf:7f:83:62:d3:2f:a6:6d:e9:16:b6:d3:fc:c3:c0:92:9a:d9:
         ef:47:61:a0:64:5b:ce:5b:1f:a3:a6:88:15:3d:95:d1:fa:2a:
         a4:a9:42:4a:75:5c:d5:06:75:35:c6:b9:e9:37:5b:0b:46:99:
         1a:34:06:3a:50:5d:4e:36:c4:75:6a:b0:d2:be:2d:72:22:d8:
         06:6e:89:23:25:1f:71:33:f4:27:29:a6:8e:42:de:ed:72:41:
         95:55:13:3a:8e:9e:c3:6c:88:29:4a:fc:5e:7c:f0:e6:0b:ff:
         3a:45:09:6c:1c:05:76:79:ee:56:d3:a5:7a:59:09:c0:8f:67:
         40:fb:e6:fa:9c:ff:f5:cb:9e:62:37:e2:61:31:5e:1f:1d:3a:
         f2:36:a1:5c:c8:ce:7f:d1:1d:ea:2c:5f:25:43:df:08:44:24:
         b0:9e:9e:94:2c:ed:67:5e:df:da:63:86:f1:40:5c:d2:58:5c:
         b5:d6:f1:22:d3:6c:e7:d4:f2:f3:d8:82:30:dd:cc:a5:32:4e:
         28:a7:33:13:19:28:94:74:bd:a7:12:9e:0a:00:1f:43:7f:52:
         0d:3b:f7:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAVOPzxQWY/DDrLoNL0nE+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjQwNjE0MDUyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDc1N2UwNTAwOTVlYmJiODhlMjYyZDJlMjIwZWMzZGY4NjA5ZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHuJZUMv5l3/vnxKOf2LBM8YQ7NN
QsyJLScFJcuAnKD9ZF0EQruyeenxZVOXTswR4V01/4k/JNomY0AAMVDL3wW2c1lT
czbwO02qYAh/BFFMZuFXQ+2LTBYdvA/FAoobqxBm0Yjtf0r2SudybEzePHa0BQcy
NYhsUOv9kmAiSdDd7YpRW4yBIFsW478Au7B70B4adQ78tRnW4fv14ZC0Hcs2xtXx
NyzhOo9BI3QP6qx9b9TK/OMxcRE/Q+UckMI6kQftG0Af5aO7riHwECdprrmQGgYP
FQfEx4w0Y7ABvF8skcJh+5kDySKPRotskt9HCXwPq13tv2vafw9ZnozqrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEB1fgUAleu7iOJi0uIg7D34YJ8KMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvUUhWLUJRQ1Y2N3VJNG1MUzRpRHNQZmhnbndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5NuAwQA
wqRzMA0GCSqGSIb3DQEBCwUAA4IBAQBIe72h3myyGMtmyfisPVDcUJddDxBEy7Zg
NPpEkmoSi3uuM3+/f4Ni0y+mbekWttP8w8CSmtnvR2GgZFvOWx+jpogVPZXR+iqk
qUJKdVzVBnU1xrnpN1sLRpkaNAY6UF1ONsR1arDSvi1yItgGbokjJR9xM/QnKaaO
Qt7tckGVVRM6jp7DbIgpSvxefPDmC/86RQlsHAV2ee5W06V6WQnAj2dA++b6nP/1
y55iN+JhMV4fHTryNqFcyM5/0R3qLF8lQ98IRCSwnp6ULO1nXt/aY4bxQFzSWFy1
1vEi02zn1PLz2IIw3cylMk4opzMTGSiUdL2nEp4KAB9Df1INO/cE
-----END CERTIFICATE-----