Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/CNQ7J_7eQ6WqKjHwVByDEUKMEdE.roa
File:                     CNQ7J_7eQ6WqKjHwVByDEUKMEdE.roa (raw, json)
Hash identifier:          7ZJYJGzRzYLwh55cV86UisCNJA8yrTChIckTvvDQa6Q=
Subject key identifier:   08:D4:3B:27:FE:DE:43:A5:AA:2A:31:F0:54:1C:83:11:42:8C:11:D1
Certificate issuer:       /CN=74309aa0148cc90fced9943eb1a81946e9adae5e
Certificate serial:       018CC56DE105C21B206FA6387E6F58C9979D
Authority key identifier: 74:30:9A:A0:14:8C:C9:0F:CE:D9:94:3E:B1:A8:19:46:E9:AD:AE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/CNQ7J_7eQ6WqKjHwVByDEUKMEdE.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34636
IP address blocks:        185.238.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e1:05:c2:1b:20:6f:a6:38:7e:6f:58:c9:97:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74309aa0148cc90fced9943eb1a81946e9adae5e
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08d43b27fede43a5aa2a31f0541c8311428c11d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:60:d1:19:8a:22:b9:46:a1:f0:19:a2:34:9d:
                    71:70:45:bf:49:95:32:98:55:31:64:36:1d:c6:e3:
                    75:5f:dd:40:16:a7:cb:e7:d1:61:2f:45:ea:c7:ed:
                    95:2b:9d:f1:81:0b:16:2e:83:df:17:1a:ab:24:35:
                    96:19:d3:68:47:9c:8d:58:56:cf:ad:39:04:4b:a1:
                    60:87:a1:99:68:2f:ec:63:cc:f8:3f:a2:f4:3c:59:
                    5c:36:ff:d8:46:c2:ae:9b:98:b0:eb:11:cd:ae:9e:
                    53:7e:c3:4d:46:e6:06:d5:c7:42:11:c3:f3:c0:3b:
                    09:d7:25:28:00:09:71:69:a8:be:88:df:8c:73:23:
                    2a:84:97:5a:2a:0a:b7:92:b0:c5:2c:44:4c:86:d9:
                    59:e8:0d:e1:54:2d:51:a9:9e:bd:d1:a9:1c:c7:0e:
                    f1:46:9a:09:b5:f5:4c:be:2c:79:5d:9a:ce:80:01:
                    50:51:4c:ed:0f:2a:49:dc:0b:d7:4c:f6:65:14:99:
                    4d:7f:4f:60:57:5b:c7:c4:9a:5f:f3:f7:fb:2b:16:
                    13:07:09:25:5c:64:99:cb:3f:fe:11:d6:7a:48:4c:
                    16:88:f6:8f:eb:fb:71:56:49:ea:bc:a9:17:91:4b:
                    bb:2c:2e:7f:bb:e5:28:d4:76:1f:f1:9e:11:91:6e:
                    e7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D4:3B:27:FE:DE:43:A5:AA:2A:31:F0:54:1C:83:11:42:8C:11:D1
            X509v3 Authority Key Identifier:
                keyid:74:30:9A:A0:14:8C:C9:0F:CE:D9:94:3E:B1:A8:19:46:E9:AD:AE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/CNQ7J_7eQ6WqKjHwVByDEUKMEdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:99:27:43:77:78:c5:80:07:49:a5:d0:85:e3:fa:77:76:95:
         1b:e4:92:5b:38:5c:38:3c:71:6e:99:2d:f6:88:c8:c9:f1:24:
         0b:99:d0:9a:8f:5a:e4:40:f0:95:12:7c:1f:ce:70:4c:f3:9b:
         1c:50:0b:a2:bc:23:cc:f8:53:a9:62:b3:c8:14:89:2b:e9:bb:
         5a:63:e1:7f:80:6b:63:e0:29:fe:b9:66:29:6e:85:c6:22:dd:
         c2:75:f1:2b:10:2f:b9:2c:55:91:d4:6a:e7:dd:a5:81:cc:69:
         1b:3e:37:3d:f8:34:21:d8:60:c4:cb:59:67:34:e6:02:7c:4c:
         f3:d5:91:5c:88:6e:9b:79:41:5f:e0:d6:d1:b2:3b:e9:83:20:
         ae:88:fa:98:76:46:59:17:65:ee:2d:01:84:1d:4d:32:c7:57:
         ef:b1:a2:ab:d8:c4:ae:c1:e3:0a:35:fd:47:03:fa:f0:ed:86:
         f2:a5:df:04:a3:d7:3a:fb:99:ad:f2:14:e4:28:73:97:a5:7f:
         34:de:c2:f2:22:4d:09:79:2f:db:cc:1d:c8:ee:03:6d:fc:de:
         78:37:11:32:07:31:e2:19:27:a3:03:ee:1e:a3:15:5e:3c:bd:
         3e:ee:f2:a9:19:d7:16:d4:51:b1:e5:49:9c:a1:c6:0a:0a:1e:
         a9:ba:40:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeEFwhsgb6Y4fm9YyZedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MzA5YWEwMTQ4Y2M5MGZjZWQ5OTQzZWIxYTgxOTQ2ZTlh
ZGFlNWUwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ0M2IyN2ZlZGU0M2E1YWEyYTMxZjA1NDFjODMxMTQyOGMxMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGDRGYoiuUah8BmiNJ1xcEW/SZUy
mFUxZDYdxuN1X91AFqfL59FhL0Xqx+2VK53xgQsWLoPfFxqrJDWWGdNoR5yNWFbP
rTkES6Fgh6GZaC/sY8z4P6L0PFlcNv/YRsKum5iw6xHNrp5TfsNNRuYG1cdCEcPz
wDsJ1yUoAAlxaai+iN+McyMqhJdaKgq3krDFLERMhtlZ6A3hVC1RqZ690akcxw7x
RpoJtfVMvix5XZrOgAFQUUztDypJ3AvXTPZlFJlNf09gV1vHxJpf8/f7KxYTBwkl
XGSZyz/+EdZ6SEwWiPaP6/txVknqvKkXkUu7LC5/u+Uo1HYf8Z4RkW7nQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjUOyf+3kOlqiox8FQcgxFCjBHRMB8GA1UdIwQY
MBaAFHQwmqAUjMkPztmUPrGoGUbpra5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZERDYW9CU015UV9PMlpRLXNhZ1pSdW10cmw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lZGFmNjktYmM1ZC00OTRlLTlkODct
N2M3NDBlZjhhYTk1LzEvQ05RN0pfN2VRNldxS2pId1ZCeURFVUtNRWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lZGFmNjktYmM1ZC00OTRlLTlkODctN2M3NDBlZjhhYTk1
LzEvZERDYW9CU015UV9PMlpRLXNhZ1pSdW10cmw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6MMA0G
CSqGSIb3DQEBCwUAA4IBAQClmSdDd3jFgAdJpdCF4/p3dpUb5JJbOFw4PHFumS32
iMjJ8SQLmdCaj1rkQPCVEnwfznBM85scUAuivCPM+FOpYrPIFIkr6btaY+F/gGtj
4Cn+uWYpboXGIt3CdfErEC+5LFWR1Grn3aWBzGkbPjc9+DQh2GDEy1lnNOYCfEzz
1ZFciG6beUFf4NbRsjvpgyCuiPqYdkZZF2XuLQGEHU0yx1fvsaKr2MSuweMKNf1H
A/rw7Ybypd8Eo9c6+5mt8hTkKHOXpX803sLyIk0JeS/bzB3I7gNt/N54NxEyBzHi
GSejA+4eoxVePL0+7vKpGdcW1FGx5UmcocYKCh6pukBM
-----END CERTIFICATE-----