Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Q-CNL9lapU99vKmao3iUZCkuEtU.roa
File:                     Q-CNL9lapU99vKmao3iUZCkuEtU.roa (raw, json)
Hash identifier:          DwlnB/j3gAUwpJJYq9BOtLy8tog1tmNWxyQ9zcBdCvU=
Subject key identifier:   43:E0:8D:2F:D9:5A:A5:4F:7D:BC:A9:9A:A3:78:94:64:29:2E:12:D5
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC4F595DC2F58967E5A1BE45AA9E02
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Q-CNL9lapU99vKmao3iUZCkuEtU.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201204
IP address blocks:        194.85.102.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4f:59:5d:c2:f5:89:67:e5:a1:be:45:aa:9e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e08d2fd95aa54f7dbca99aa3789464292e12d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9b:f3:ab:a5:51:d3:61:bc:c0:e2:3d:a2:91:
                    38:6c:83:e6:a6:1a:e9:47:b6:7b:7b:16:3b:67:12:
                    27:07:a7:05:b3:f0:5a:6f:92:96:00:ec:b3:e3:d3:
                    ff:7c:3d:4b:5a:47:a5:ab:d5:05:6c:c1:d7:74:02:
                    a3:4c:32:d3:8c:c4:cc:e4:3b:26:ba:23:35:a3:ba:
                    0e:fb:4b:0d:bc:7b:38:f2:a7:80:05:b7:cd:72:25:
                    6d:75:b7:81:09:7a:bc:65:e8:68:19:67:91:de:09:
                    ea:51:c8:d7:a8:56:dc:20:3a:78:08:2a:f8:dc:6c:
                    fa:47:f5:e2:a3:38:7c:c8:95:82:61:20:53:52:8a:
                    9f:48:41:2c:3d:b8:8f:0f:20:5e:ab:c2:8e:49:7c:
                    ad:b9:a0:d4:9c:2e:71:5d:cc:cb:3a:69:67:4e:bc:
                    23:c6:c7:5d:6c:c6:7a:49:9e:b7:2d:7c:25:7d:9e:
                    e2:65:0d:cb:5f:40:b8:f1:91:26:5b:85:1d:ed:66:
                    25:11:3b:b8:fa:9d:36:03:65:75:39:91:41:01:e6:
                    e9:78:25:b4:88:b6:11:b3:7e:c6:a1:e7:d1:59:77:
                    fa:92:7c:a8:e0:2a:4a:6b:e0:5f:a1:59:7a:ab:35:
                    36:ae:55:67:d7:44:4f:15:bc:2e:70:50:b5:1d:a2:
                    39:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E0:8D:2F:D9:5A:A5:4F:7D:BC:A9:9A:A3:78:94:64:29:2E:12:D5
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Q-CNL9lapU99vKmao3iUZCkuEtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b1:82:c8:dd:5f:0e:66:a8:dd:66:49:85:16:66:d6:24:2d:
         98:41:e9:b6:6a:6e:2d:8c:db:90:36:56:6e:79:f8:9e:12:7e:
         87:e0:2c:19:18:2e:12:53:6b:89:ba:ae:f2:e4:60:c2:b9:bd:
         5f:d6:cc:ae:d9:0c:93:ca:02:24:f6:1e:3b:e1:f7:be:26:72:
         be:ce:63:c5:74:fd:da:9a:dc:2f:88:a8:4a:88:64:d6:92:61:
         f9:90:95:66:4c:d9:63:50:ca:90:03:44:fd:83:10:df:7b:4d:
         c5:16:a9:6a:53:93:47:92:8e:8e:77:bc:31:62:9d:9c:ff:b9:
         6f:e6:8d:2b:1b:d2:8c:d6:dc:0f:28:6c:a0:ea:a6:9b:f0:13:
         5e:91:99:8f:15:b3:f3:e1:12:ca:1c:ed:82:21:a3:8c:89:87:
         10:0c:ff:26:20:10:ee:33:37:4a:26:dd:2d:4e:b1:39:77:ef:
         86:a0:57:89:27:9b:eb:29:ce:3b:c3:23:ed:10:f6:9c:55:e3:
         c6:ba:66:e3:c6:c0:1d:08:31:aa:bb:84:63:45:c3:1a:1e:6d:
         e5:b4:36:99:54:1d:1f:83:63:25:ef:14:fe:d7:90:9c:dd:14:
         36:ca:38:c2:37:ec:63:19:79:d0:28:b4:62:89:60:45:62:24:
         5a:5e:03:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3E9ZXcL1iWflob5Fqp4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2UwOGQyZmQ5NWFhNTRmN2RiY2E5OWFhMzc4OTQ2NDI5MmUxMmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5vzq6VR02G8wOI9opE4bIPmphrp
R7Z7exY7ZxInB6cFs/Bab5KWAOyz49P/fD1LWkelq9UFbMHXdAKjTDLTjMTM5Dsm
uiM1o7oO+0sNvHs48qeABbfNciVtdbeBCXq8ZehoGWeR3gnqUcjXqFbcIDp4CCr4
3Gz6R/Xiozh8yJWCYSBTUoqfSEEsPbiPDyBeq8KOSXytuaDUnC5xXczLOmlnTrwj
xsddbMZ6SZ63LXwlfZ7iZQ3LX0C48ZEmW4Ud7WYlETu4+p02A2V1OZFBAebpeCW0
iLYRs37GoefRWXf6knyo4CpKa+BfoVl6qzU2rlVn10RPFbwucFC1HaI5jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPgjS/ZWqVPfbypmqN4lGQpLhLVMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvUS1DTkw5bGFwVTk5dkttYW8zaVVaQ2t1RXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlVmMA0G
CSqGSIb3DQEBCwUAA4IBAQAisYLI3V8OZqjdZkmFFmbWJC2YQem2am4tjNuQNlZu
efieEn6H4CwZGC4SU2uJuq7y5GDCub1f1syu2QyTygIk9h474fe+JnK+zmPFdP3a
mtwviKhKiGTWkmH5kJVmTNljUMqQA0T9gxDfe03FFqlqU5NHko6Od7wxYp2c/7lv
5o0rG9KM1twPKGyg6qab8BNekZmPFbPz4RLKHO2CIaOMiYcQDP8mIBDuMzdKJt0t
TrE5d++GoFeJJ5vrKc47wyPtEPacVePGumbjxsAdCDGqu4RjRcMaHm3ltDaZVB0f
g2Ml7xT+15Cc3RQ2yjjCN+xjGXnQKLRiiWBFYiRaXgPt
-----END CERTIFICATE-----