Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/SQF74brd4RlEW5N4RLotAi31pZA.roa
File:                     SQF74brd4RlEW5N4RLotAi31pZA.roa (raw, json)
Hash identifier:          dq47ykCwx9y4LqaHBUfiOG4m5mLQa+vsdch09ejdmws=
Subject key identifier:   49:01:7B:E1:BA:DD:E1:19:44:5B:93:78:44:BA:2D:02:2D:F5:A5:90
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795421F9438AF4313BB575D5A49E8D5
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/SQF74brd4RlEW5N4RLotAi31pZA.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12442
IP address blocks:        85.204.233.0/24 maxlen: 24
                          188.240.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:42:1f:94:38:af:43:13:bb:57:5d:5a:49:e8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49017be1badde119445b937844ba2d022df5a590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4a:17:e6:fe:33:cb:81:56:e4:4f:88:1e:0d:
                    6b:60:95:d5:09:d0:08:0f:fb:3a:29:85:52:d1:c7:
                    f3:62:57:78:59:3f:e3:0f:a4:44:91:03:45:81:73:
                    c9:de:25:54:53:b4:51:a5:1f:c6:0f:aa:52:20:4d:
                    66:2b:d2:c7:48:22:59:1e:70:d5:fa:1b:2d:ab:90:
                    80:97:d4:3a:66:62:26:da:4c:09:bc:98:54:92:2f:
                    d4:ba:d2:7f:23:b9:b2:9b:83:ec:67:ae:b6:87:37:
                    86:8e:a5:95:ea:f6:fd:4e:cb:8c:38:00:36:64:d2:
                    89:e2:b8:d4:2c:35:89:6e:93:1b:1e:89:73:5a:d5:
                    17:00:cc:76:50:2d:35:16:75:8c:06:87:43:14:49:
                    8e:36:96:19:44:74:1c:69:6e:af:90:92:c0:b7:46:
                    ed:59:90:d0:01:71:42:a8:71:51:67:64:94:27:48:
                    f5:da:18:7d:76:68:74:8e:79:c8:38:e0:a7:f4:50:
                    13:09:1f:b9:f1:68:dc:2b:31:19:41:36:7f:e0:1b:
                    66:87:87:be:37:0d:6d:8b:76:19:39:75:ae:d5:ce:
                    1c:e8:20:01:fa:9e:d6:76:b9:72:cb:62:a1:43:b8:
                    8e:9b:af:41:ef:08:ea:41:63:18:c9:aa:d3:d8:50:
                    70:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:01:7B:E1:BA:DD:E1:19:44:5B:93:78:44:BA:2D:02:2D:F5:A5:90
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/SQF74brd4RlEW5N4RLotAi31pZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.233.0/24
                  188.240.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         f0:ee:48:f5:21:91:58:06:94:c8:72:62:0e:e6:3a:69:f1:53:
         61:9d:fe:95:57:3e:c5:48:35:04:2e:8a:07:7a:08:d1:12:3e:
         bc:8e:4f:17:57:35:a3:eb:f2:77:6a:51:3d:87:52:60:d2:20:
         32:c4:ff:f0:9a:11:90:9e:de:a9:76:7b:33:e2:fe:06:d4:81:
         f0:28:bc:77:fc:25:48:89:5c:2d:3e:da:6f:b5:1c:3e:ce:d8:
         7b:de:5f:2f:72:fc:5c:57:29:ae:42:99:4e:94:94:ee:dd:28:
         27:1f:ef:91:16:54:5f:39:34:e5:23:89:ab:1a:98:6d:a3:22:
         08:1b:dc:c5:28:36:13:62:93:03:d7:c9:b3:58:f2:0d:fe:f5:
         c9:dd:8a:b5:cf:6d:cc:32:b0:3f:62:39:ad:bd:89:dd:da:fe:
         d7:0f:8c:20:99:dc:dc:dd:3c:18:bd:8d:a0:35:81:e2:99:6e:
         aa:5a:22:a4:b4:ec:01:7b:a2:83:6a:f6:2b:f8:6f:ab:b4:43:
         a4:bd:24:c7:24:ec:f2:46:ce:37:49:1d:4e:2b:a0:10:c5:db:
         08:ed:e9:0b:29:b6:c6:3c:61:83:b2:34:f6:52:3d:0c:53:35:
         d3:ec:83:1a:a5:aa:b2:b3:fe:08:b0:ac:15:25:c5:4d:8b:ab:
         14:20:e1:89
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlUIflDivQxO7V11aSejVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTAxN2JlMWJhZGRlMTE5NDQ1YjkzNzg0NGJhMmQwMjJkZjVhNTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0koX5v4zy4FW5E+IHg1rYJXVCdAI
D/s6KYVS0cfzYld4WT/jD6REkQNFgXPJ3iVUU7RRpR/GD6pSIE1mK9LHSCJZHnDV
+hstq5CAl9Q6ZmIm2kwJvJhUki/UutJ/I7mym4PsZ662hzeGjqWV6vb9TsuMOAA2
ZNKJ4rjULDWJbpMbHolzWtUXAMx2UC01FnWMBodDFEmONpYZRHQcaW6vkJLAt0bt
WZDQAXFCqHFRZ2SUJ0j12hh9dmh0jnnIOOCn9FATCR+58WjcKzEZQTZ/4Btmh4e+
Nw1ti3YZOXWu1c4c6CAB+p7Wdrlyy2KhQ7iOm69B7wjqQWMYyarT2FBwhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEkBe+G63eEZRFuTeES6LQIt9aWQMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1NRRjc0YnJkNFJsRVc1TjRSTG90QWkzMXBaQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABVzOkD
BAO88PAwDQYJKoZIhvcNAQELBQADggEBAPDuSPUhkVgGlMhyYg7mOmnxU2Gd/pVX
PsVINQQuigd6CNESPryOTxdXNaPr8ndqUT2HUmDSIDLE//CaEZCe3ql2ezPi/gbU
gfAovHf8JUiJXC0+2m+1HD7O2HveXy9y/FxXKa5CmU6UlO7dKCcf75EWVF85NOUj
iasamG2jIggb3MUoNhNikwPXybNY8g3+9cndirXPbcwysD9iOa29id3a/tcPjCCZ
3NzdPBi9jaA1geKZbqpaIqS07AF7ooNq9iv4b6u0Q6S9JMck7PJGzjdJHU4roBDF
2wjt6QsptsY8YYOyNPZSPQxTNdPsgxqlqrKz/giwrBUlxU2LqxQg4Yk=
-----END CERTIFICATE-----