Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/QnSnP31xxCVLIU5U3eaDKIY7iUw.roa
File:                     QnSnP31xxCVLIU5U3eaDKIY7iUw.roa (raw, json)
Hash identifier:          itDad9GORNG1fe0ti2Ca/S8hEroJ3mPD4rpqgvFf0pA=
Subject key identifier:   42:74:A7:3F:7D:71:C4:25:4B:21:4E:54:DD:E6:83:28:86:3B:89:4C
Certificate issuer:       /CN=8f0a2bb8813b74d78283b1728fdb9bbc5d57845d
Certificate serial:       018FC02C09439B86A4D86989225C56EC55AA
Authority key identifier: 8F:0A:2B:B8:81:3B:74:D7:82:83:B1:72:8F:DB:9B:BC:5D:57:84:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jworuIE7dNeCg7Fyj9ubvF1XhF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/QnSnP31xxCVLIU5U3eaDKIY7iUw.roa
Signing time:             Tue 28 May 2024 17:07:42 +0000
ROA not before:           Tue 28 May 2024 17:07:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57724
IP address blocks:        176.57.64.0/23 maxlen: 23
                          176.57.67.0/24 maxlen: 24
                          185.215.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/jworuIE7dNeCg7Fyj9ubvF1XhF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/jworuIE7dNeCg7Fyj9ubvF1XhF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jworuIE7dNeCg7Fyj9ubvF1XhF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c0:2c:09:43:9b:86:a4:d8:69:89:22:5c:56:ec:55:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0a2bb8813b74d78283b1728fdb9bbc5d57845d
        Validity
            Not Before: May 28 17:07:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4274a73f7d71c4254b214e54dde68328863b894c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:81:68:20:8a:95:6c:8b:7b:e0:5b:ac:72:11:
                    91:3c:35:d0:8e:c0:5a:1c:97:62:1a:73:1b:ff:10:
                    c8:24:5c:f1:ff:7d:28:9c:ce:0f:6a:fe:85:20:2d:
                    78:8b:5f:11:82:fd:3c:99:a1:aa:17:3d:77:ff:9f:
                    11:4f:e9:2c:4c:8a:6d:ba:80:6e:f2:10:e1:1c:a9:
                    f4:a8:43:ae:b7:73:e8:2f:c9:89:b4:06:f4:07:fa:
                    5b:d9:e5:8e:17:24:d7:66:c1:0a:00:ac:dc:98:50:
                    9e:fe:64:f0:39:63:3a:6e:a3:40:6b:bf:88:d0:a3:
                    73:e1:ef:33:ab:a4:1e:c8:f8:45:6d:48:9a:8b:dc:
                    83:7a:ab:89:1b:26:e4:c9:05:74:25:28:e3:58:c0:
                    e4:1a:ed:6c:6e:13:3a:3e:0c:60:19:ee:6b:fd:63:
                    a1:83:b9:b9:e1:56:60:da:a0:b8:fe:e8:97:ce:99:
                    13:2b:16:fc:b1:55:ad:c3:a0:97:f8:e2:f2:b9:0c:
                    a5:46:b3:cd:5d:43:63:84:1b:2e:5d:f4:40:eb:d4:
                    e6:1f:26:c0:4a:60:2e:f6:2f:c6:07:bc:81:44:ef:
                    eb:5c:7d:0e:13:8a:96:ec:ca:97:59:36:aa:c1:3e:
                    9f:88:d8:33:4b:00:07:3b:3d:b2:27:6a:10:51:ad:
                    ac:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:74:A7:3F:7D:71:C4:25:4B:21:4E:54:DD:E6:83:28:86:3B:89:4C
            X509v3 Authority Key Identifier:
                keyid:8F:0A:2B:B8:81:3B:74:D7:82:83:B1:72:8F:DB:9B:BC:5D:57:84:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jworuIE7dNeCg7Fyj9ubvF1XhF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/QnSnP31xxCVLIU5U3eaDKIY7iUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/jworuIE7dNeCg7Fyj9ubvF1XhF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.64.0/23
                  176.57.67.0/24
                  185.215.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f2:ba:01:07:b6:c9:c9:6e:ef:4e:6b:83:d6:1c:c8:f4:96:
         69:76:ef:61:49:d2:63:70:82:84:a5:45:f3:57:23:5c:00:61:
         8a:55:88:1b:2f:42:84:d8:e3:8a:aa:bf:b1:08:93:53:41:6d:
         ab:aa:7e:f8:84:e0:12:ea:ef:65:50:4a:27:61:89:96:c3:3f:
         dd:94:cc:e2:62:f8:e9:de:8a:66:73:19:45:98:d9:28:98:c3:
         13:4f:31:69:ec:6b:f3:9a:a3:a3:fe:f9:7d:88:39:01:82:e1:
         8e:37:15:75:87:dc:76:a5:2b:b8:b3:df:03:12:c3:d1:00:af:
         da:bb:6c:48:52:f4:48:f5:db:c5:a0:ec:61:f2:10:d4:01:7d:
         27:a7:a0:94:08:ad:6d:07:f4:f1:5c:c0:54:21:1d:81:b9:69:
         47:1c:ed:15:46:92:a2:35:11:99:ea:64:70:1e:79:8a:08:68:
         22:f4:1d:80:c3:a5:28:a0:0c:38:12:d1:f2:9c:d6:7a:cd:f3:
         f7:9b:e2:e3:fa:15:54:1d:7a:9f:71:41:f0:d0:af:d0:7b:5e:
         c6:ca:9f:82:36:d8:dd:3d:10:ca:33:2e:46:5d:28:62:36:51:
         14:05:bd:10:3a:18:3d:24:95:bc:37:19:9b:1b:a1:a3:19:8e:
         9b:c1:f7:47
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/ALAlDm4ak2GmJIlxW7FWqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMGEyYmI4ODEzYjc0ZDc4MjgzYjE3MjhmZGI5YmJjNWQ1
Nzg0NWQwHhcNMjQwNTI4MTcwNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjc0YTczZjdkNzFjNDI1NGIyMTRlNTRkZGU2ODMyODg2M2I4OTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4FoIIqVbIt74FuschGRPDXQjsBa
HJdiGnMb/xDIJFzx/30onM4Pav6FIC14i18Rgv08maGqFz13/58RT+ksTIptuoBu
8hDhHKn0qEOut3PoL8mJtAb0B/pb2eWOFyTXZsEKAKzcmFCe/mTwOWM6bqNAa7+I
0KNz4e8zq6QeyPhFbUiai9yDequJGybkyQV0JSjjWMDkGu1sbhM6PgxgGe5r/WOh
g7m54VZg2qC4/uiXzpkTKxb8sVWtw6CX+OLyuQylRrPNXUNjhBsuXfRA69TmHybA
SmAu9i/GB7yBRO/rXH0OE4qW7MqXWTaqwT6fiNgzSwAHOz2yJ2oQUa2sKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEJ0pz99ccQlSyFOVN3mgyiGO4lMMB8GA1UdIwQY
MBaAFI8KK7iBO3TXgoOxco/bm7xdV4RdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandvcnVJRTdkTmVDZzdGeWo5dWJ2RjFYaEYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83NDIzNDAtOGNmOC00NDYwLTg1Y2Mt
YWEyYjNiZWEwOGJmLzEvUW5TblAzMXh4Q1ZMSVU1VTNlYURLSVk3aVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83NDIzNDAtOGNmOC00NDYwLTg1Y2MtYWEyYjNiZWEwOGJm
LzEvandvcnVJRTdkTmVDZzdGeWo5dWJ2RjFYaEYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBsDlAAwQA
sDlDAwQAudcEMA0GCSqGSIb3DQEBCwUAA4IBAQBV8roBB7bJyW7vTmuD1hzI9JZp
du9hSdJjcIKEpUXzVyNcAGGKVYgbL0KE2OOKqr+xCJNTQW2rqn74hOAS6u9lUEon
YYmWwz/dlMziYvjp3opmcxlFmNkomMMTTzFp7GvzmqOj/vl9iDkBguGONxV1h9x2
pSu4s98DEsPRAK/au2xIUvRI9dvFoOxh8hDUAX0np6CUCK1tB/TxXMBUIR2BuWlH
HO0VRpKiNRGZ6mRwHnmKCGgi9B2Aw6UooAw4EtHynNZ6zfP3m+Lj+hVUHXqfcUHw
0K/Qe17Gyp+CNtjdPRDKMy5GXShiNlEUBb0QOhg9JJW8NxmbG6GjGY6bwfdH
-----END CERTIFICATE-----