Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/QOg2ZdhMD1vKq4-QzbF77g-idt0.roa
File:                     QOg2ZdhMD1vKq4-QzbF77g-idt0.roa (raw, json)
Hash identifier:          mt8U1G6pjWk6NudykS0RMWQ/5DEoYn7xntWq1VRVoOs=
Subject key identifier:   40:E8:36:65:D8:4C:0F:5B:CA:AB:8F:90:CD:B1:7B:EE:0F:A2:76:DD
Certificate issuer:       /CN=d73e83146a43869f657451e76d0a305f15a7aee9
Certificate serial:       018CC725F418401D7D0F15BAD1D43DCD27DA
Authority key identifier: D7:3E:83:14:6A:43:86:9F:65:74:51:E7:6D:0A:30:5F:15:A7:AE:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1z6DFGpDhp9ldFHnbQowXxWnruk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/QOg2ZdhMD1vKq4-QzbF77g-idt0.roa
Signing time:             Mon 01 Jan 2024 22:30:02 +0000
ROA not before:           Mon 01 Jan 2024 22:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24634
IP address blocks:        80.77.176.0/20 maxlen: 24
                          185.125.152.0/22 maxlen: 24
                          2a06:b880::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/1z6DFGpDhp9ldFHnbQowXxWnruk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/1z6DFGpDhp9ldFHnbQowXxWnruk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1z6DFGpDhp9ldFHnbQowXxWnruk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:f4:18:40:1d:7d:0f:15:ba:d1:d4:3d:cd:27:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d73e83146a43869f657451e76d0a305f15a7aee9
        Validity
            Not Before: Jan  1 22:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40e83665d84c0f5bcaab8f90cdb17bee0fa276dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a3:20:86:62:e8:93:c3:05:b0:88:33:7d:ce:
                    87:ae:76:58:82:9a:8e:c7:ad:7c:66:3d:f7:02:a6:
                    35:c2:18:86:92:b1:d7:c5:69:e2:ca:58:97:68:da:
                    94:53:37:f8:da:96:c1:d7:50:d5:f3:b5:76:e9:3d:
                    93:f6:ff:e8:4c:d5:9d:d4:cd:64:cf:66:dd:02:4a:
                    1f:4b:db:2b:03:15:19:b2:c2:38:41:13:63:e2:a8:
                    7d:78:e4:e7:17:9c:3d:09:16:f3:b3:9c:54:1b:50:
                    10:d2:e5:65:45:c3:a4:25:1e:4d:fc:49:78:cb:16:
                    55:ac:9f:8d:bd:94:1b:d6:da:10:64:fb:31:8b:05:
                    26:c4:c0:9c:3b:09:e2:2b:b9:21:97:b7:32:32:36:
                    d3:a3:c8:c1:2f:a3:e5:5d:1e:fa:2a:86:81:68:d2:
                    8b:90:53:65:c1:ad:98:f8:c8:3e:f5:c2:7d:8c:57:
                    8d:89:e8:46:45:9c:5a:12:23:c3:7f:e7:11:f5:9e:
                    97:68:22:d0:b8:85:01:11:96:b6:98:9f:40:e4:6f:
                    5f:13:b6:72:bd:6d:b3:dc:7f:1f:22:88:38:1b:db:
                    eb:1e:6e:02:7b:a7:b4:f7:ad:cf:0b:b3:04:a7:d3:
                    08:fd:e7:c9:fa:04:e1:8c:48:24:d7:6e:d7:a7:1e:
                    68:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E8:36:65:D8:4C:0F:5B:CA:AB:8F:90:CD:B1:7B:EE:0F:A2:76:DD
            X509v3 Authority Key Identifier:
                keyid:D7:3E:83:14:6A:43:86:9F:65:74:51:E7:6D:0A:30:5F:15:A7:AE:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1z6DFGpDhp9ldFHnbQowXxWnruk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/QOg2ZdhMD1vKq4-QzbF77g-idt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/1z6DFGpDhp9ldFHnbQowXxWnruk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.176.0/20
                  185.125.152.0/22
                IPv6:
                  2a06:b880::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:a3:41:98:7f:34:74:43:69:46:26:8b:63:8a:bc:3e:8a:5b:
         bf:32:80:57:ad:9d:fd:80:e7:35:96:27:0a:1d:dd:c5:5a:45:
         b3:75:cf:0d:07:68:c9:b2:14:02:37:09:2c:96:f0:cb:f8:b7:
         f0:f4:f2:19:9c:5a:0f:f9:f6:9e:e6:5a:bf:c8:1d:fc:52:f4:
         23:b7:78:c3:2f:89:0c:3c:3b:90:a0:4e:bb:2c:ab:26:b2:87:
         bf:06:b0:10:1d:eb:62:f8:8c:f1:32:7f:6a:81:0f:63:76:7e:
         ba:ce:69:40:a9:20:81:b5:35:dc:28:62:de:38:1e:f1:e5:91:
         03:4c:79:a4:3b:25:f4:dd:51:8f:7c:ea:02:38:80:05:c9:af:
         1e:9f:66:9a:47:fc:63:88:54:d2:16:8c:6b:92:23:06:48:a7:
         d7:d3:e1:23:db:93:fe:d8:a0:3d:94:13:d9:d2:62:ed:00:df:
         a7:af:94:09:76:7d:85:ce:a9:28:a4:bb:ce:d3:0f:5f:33:18:
         85:98:be:35:f4:2e:2d:ab:7c:ef:85:a6:3d:be:4f:64:3f:48:
         40:fa:bd:4b:44:b1:11:94:5f:a5:0b:08:24:59:0f:35:5d:2e:
         63:64:3a:7c:ac:b9:85:39:29:0a:8b:3a:12:9c:dd:e1:dd:86:
         43:e4:ae:d9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJfQYQB19DxW60dQ9zSfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3M2U4MzE0NmE0Mzg2OWY2NTc0NTFlNzZkMGEzMDVmMTVh
N2FlZTkwHhcNMjQwMTAxMjIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGU4MzY2NWQ4NGMwZjViY2FhYjhmOTBjZGIxN2JlZTBmYTI3NmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqMghmLok8MFsIgzfc6HrnZYgpqO
x618Zj33AqY1whiGkrHXxWniyliXaNqUUzf42pbB11DV87V26T2T9v/oTNWd1M1k
z2bdAkofS9srAxUZssI4QRNj4qh9eOTnF5w9CRbzs5xUG1AQ0uVlRcOkJR5N/El4
yxZVrJ+NvZQb1toQZPsxiwUmxMCcOwniK7khl7cyMjbTo8jBL6PlXR76KoaBaNKL
kFNlwa2Y+Mg+9cJ9jFeNiehGRZxaEiPDf+cR9Z6XaCLQuIUBEZa2mJ9A5G9fE7Zy
vW2z3H8fIog4G9vrHm4Ce6e0963PC7MEp9MI/efJ+gThjEgk127Xpx5obwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEDoNmXYTA9byquPkM2xe+4PonbdMB8GA1UdIwQY
MBaAFNc+gxRqQ4afZXRR520KMF8Vp67pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXo2REZHcERocDlsZEZIbmJRb3dYeFducnVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8wZjY0NzAtZTdmNC00MTUxLThhZDkt
ZDNiMjdhMDIyNWIwLzEvUU9nMlpkaE1EMXZLcTQtUXpiRjc3Zy1pZHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8wZjY0NzAtZTdmNC00MTUxLThhZDktZDNiMjdhMDIyNWIw
LzEvMXo2REZHcERocDlsZEZIbmJRb3dYeFducnVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUE2wAwQC
uX2YMA0EAgACMAcDBQMqBriAMA0GCSqGSIb3DQEBCwUAA4IBAQAUo0GYfzR0Q2lG
Jotjirw+ilu/MoBXrZ39gOc1licKHd3FWkWzdc8NB2jJshQCNwkslvDL+Lfw9PIZ
nFoP+fae5lq/yB38UvQjt3jDL4kMPDuQoE67LKsmsoe/BrAQHeti+IzxMn9qgQ9j
dn66zmlAqSCBtTXcKGLeOB7x5ZEDTHmkOyX03VGPfOoCOIAFya8en2aaR/xjiFTS
FoxrkiMGSKfX0+Ej25P+2KA9lBPZ0mLtAN+nr5QJdn2FzqkopLvO0w9fMxiFmL41
9C4tq3zvhaY9vk9kP0hA+r1LRLERlF+lCwgkWQ81XS5jZDp8rLmFOSkKizoSnN3h
3YZD5K7Z
-----END CERTIFICATE-----