Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/DqQLTGlYPqP4PbcWT9xn9ttyRhQ.roa
File:                     DqQLTGlYPqP4PbcWT9xn9ttyRhQ.roa (raw, json)
Hash identifier:          62EApHSCW/VajssDqzexu4Amaw2ffAl20HJf9/ETHkQ=
Subject key identifier:   0E:A4:0B:4C:69:58:3E:A3:F8:3D:B7:16:4F:DC:67:F6:DB:72:46:14
Certificate issuer:       /CN=a45ded68e2260321bca39e8465b49c25d58a56e6
Certificate serial:       018CC3B735240622AD051EA33B54501FD041
Authority key identifier: A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/DqQLTGlYPqP4PbcWT9xn9ttyRhQ.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206216
IP address blocks:        185.128.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:35:24:06:22:ad:05:1e:a3:3b:54:50:1f:d0:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a45ded68e2260321bca39e8465b49c25d58a56e6
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ea40b4c69583ea3f83db7164fdc67f6db724614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:03:4c:ea:96:b4:18:de:47:17:7b:10:e5:01:
                    52:63:98:8c:7d:ce:58:0b:36:66:0d:63:f7:33:95:
                    b9:9d:10:bd:24:a1:b4:d0:95:fd:e4:66:23:1b:40:
                    42:19:6e:b8:50:29:0f:0a:f8:45:14:de:b2:e3:d3:
                    5d:e8:75:77:af:22:4a:81:08:8b:a4:11:17:59:1d:
                    f7:1b:47:bc:e9:dd:e3:c6:d8:8c:c8:df:4a:4a:5c:
                    c4:b7:12:b0:10:ee:d8:7d:fc:1c:3f:32:d7:ba:47:
                    b4:47:52:a1:4c:8d:b3:f6:35:ca:9f:6d:bd:40:92:
                    92:8a:33:9a:95:1f:29:66:c4:5b:4f:77:96:c1:8a:
                    f4:90:0a:80:b1:dd:82:f6:c8:e8:5d:cd:4f:86:2b:
                    cf:9a:36:b4:b4:ed:fd:86:75:c8:91:64:c1:2c:0c:
                    a6:32:14:d5:c7:30:75:c2:99:e2:9c:de:a3:3d:b3:
                    ce:6a:22:d5:e2:9b:b3:2d:78:06:10:0d:9b:41:c0:
                    b1:81:d2:50:7b:f0:f4:41:03:28:6a:da:c9:c2:78:
                    fa:b4:ae:e4:ad:26:b9:9d:f4:23:3b:be:fb:7a:96:
                    c4:0a:7c:15:96:bc:b8:12:6f:0c:39:6c:ac:bf:68:
                    82:22:18:72:ae:35:db:f7:4c:65:24:77:ef:d0:c6:
                    1f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A4:0B:4C:69:58:3E:A3:F8:3D:B7:16:4F:DC:67:F6:DB:72:46:14
            X509v3 Authority Key Identifier:
                keyid:A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/DqQLTGlYPqP4PbcWT9xn9ttyRhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:5f:69:d5:0d:bd:b3:39:db:5b:84:df:ac:e7:4f:07:3e:55:
         1b:a0:70:55:97:ae:d5:6c:d1:f0:e1:79:ff:c2:e3:83:22:88:
         e9:57:d9:de:7f:89:42:f8:ae:b0:7e:2d:67:7e:2f:fe:ee:5b:
         5e:1e:67:4a:b8:2f:1d:13:0a:5d:ec:8c:8b:e7:dc:39:bd:b2:
         41:39:14:83:49:b2:b6:3b:03:3f:c4:ae:7e:dc:8f:02:e4:44:
         3f:3f:05:ec:40:b5:94:ec:9d:43:7a:4a:d5:93:ab:11:7e:53:
         7e:ca:e1:4a:78:c2:22:8e:04:ce:fe:19:a4:a5:e8:9b:8c:e5:
         67:ef:95:94:97:f0:f5:f4:e3:5e:ec:36:ce:35:c8:41:c4:c3:
         d3:4b:e5:7e:fe:c6:11:5f:e0:56:ff:6a:38:13:05:15:7d:4c:
         05:9d:74:ae:21:b8:e3:2b:1a:a2:c8:29:e9:70:7e:44:48:d6:
         66:63:11:44:c4:6e:77:3f:f2:4a:ce:1a:67:30:4e:30:60:2f:
         ab:54:7d:24:97:be:a9:f0:9d:21:0c:22:19:07:cf:f7:c8:9d:
         97:5d:f8:91:8d:14:c1:5f:e4:69:59:23:52:9b:61:6e:46:53:
         e5:a8:dc:c7:8b:c3:7d:d9:c5:d7:8f:61:39:fd:28:50:90:cd:
         54:10:65:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzUkBiKtBR6jO1RQH9BBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NWRlZDY4ZTIyNjAzMjFiY2EzOWU4NDY1YjQ5YzI1ZDU4
YTU2ZTYwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWE0MGI0YzY5NTgzZWEzZjgzZGI3MTY0ZmRjNjdmNmRiNzI0NjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQNM6pa0GN5HF3sQ5QFSY5iMfc5Y
CzZmDWP3M5W5nRC9JKG00JX95GYjG0BCGW64UCkPCvhFFN6y49Nd6HV3ryJKgQiL
pBEXWR33G0e86d3jxtiMyN9KSlzEtxKwEO7YffwcPzLXuke0R1KhTI2z9jXKn229
QJKSijOalR8pZsRbT3eWwYr0kAqAsd2C9sjoXc1PhivPmja0tO39hnXIkWTBLAym
MhTVxzB1wpninN6jPbPOaiLV4puzLXgGEA2bQcCxgdJQe/D0QQMoatrJwnj6tK7k
rSa5nfQjO777epbECnwVlry4Em8MOWysv2iCIhhyrjXb90xlJHfv0MYfcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6kC0xpWD6j+D23Fk/cZ/bbckYUMB8GA1UdIwQY
MBaAFKRd7WjiJgMhvKOehGW0nCXVilbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTct
NTQ4NTNjNDc2NjFmLzEvRHFRTFRHbFlQcVA0UGJjV1Q5eG45dHR5UmhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTctNTQ4NTNjNDc2NjFm
LzEvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDjMA0G
CSqGSIb3DQEBCwUAA4IBAQBPX2nVDb2zOdtbhN+s508HPlUboHBVl67VbNHw4Xn/
wuODIojpV9nef4lC+K6wfi1nfi/+7lteHmdKuC8dEwpd7IyL59w5vbJBORSDSbK2
OwM/xK5+3I8C5EQ/PwXsQLWU7J1DekrVk6sRflN+yuFKeMIijgTO/hmkpeibjOVn
75WUl/D19ONe7DbONchBxMPTS+V+/sYRX+BW/2o4EwUVfUwFnXSuIbjjKxqiyCnp
cH5ESNZmYxFExG53P/JKzhpnME4wYC+rVH0kl76p8J0hDCIZB8/3yJ2XXfiRjRTB
X+RpWSNSm2FuRlPlqNzHi8N92cXXj2E5/ShQkM1UEGUh
-----END CERTIFICATE-----