Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qnpmuEPN_mXf4AdfslzdP-Y48oI.roa
File:                     qnpmuEPN_mXf4AdfslzdP-Y48oI.roa (raw, json)
Hash identifier:          h/07F5FktDkY29K5u8hr6PMxRfcvmqoroRnBP2XdvYQ=
Subject key identifier:   AA:7A:66:B8:43:CD:FE:65:DF:E0:07:5F:B2:5C:DD:3F:E6:38:F2:82
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9758E1C67ACB9BF761695AC13103
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qnpmuEPN_mXf4AdfslzdP-Y48oI.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43590
IP address blocks:        185.128.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:97:58:e1:c6:7a:cb:9b:f7:61:69:5a:c1:31:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa7a66b843cdfe65dfe0075fb25cdd3fe638f282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d1:73:39:bd:b8:b0:b6:41:64:75:b6:61:95:
                    21:23:8d:62:89:11:f9:3a:ee:08:59:7c:7a:35:17:
                    a7:0b:2b:a2:4d:06:eb:b3:7b:a0:f5:18:34:b4:df:
                    7b:8c:d1:5c:2d:77:35:73:54:b0:cd:1c:57:17:34:
                    21:f5:38:ad:2e:eb:7b:d5:ea:d7:e3:40:b3:a6:18:
                    0d:f0:c6:51:57:11:f0:0f:98:5c:6d:be:28:13:8e:
                    1e:c8:02:4a:28:2d:01:2d:a4:d3:d5:ca:5e:51:94:
                    9b:8b:3f:c5:93:f2:f2:af:02:01:f9:c0:f0:92:0c:
                    7e:6f:2d:33:8a:d3:ef:91:30:03:f7:4d:69:29:93:
                    05:06:4c:87:ec:19:b5:e8:14:63:a4:b1:aa:df:14:
                    01:b8:29:c9:22:25:70:9e:9f:cd:e8:42:57:0c:00:
                    6f:42:89:4a:cb:76:77:9d:8e:0f:9e:35:fa:bf:9a:
                    dd:02:51:01:09:ac:76:f6:6c:d3:56:a1:fb:c8:19:
                    cd:55:33:b4:0f:30:d1:45:4c:28:4d:5c:52:3f:a9:
                    59:fb:f5:61:d4:08:17:65:08:f3:a6:2a:c2:32:4a:
                    fd:38:31:16:a0:ab:3a:57:05:e0:de:2e:29:7b:16:
                    06:0d:a2:4c:60:2a:6e:f8:6d:c3:33:0e:5d:cd:ca:
                    9d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7A:66:B8:43:CD:FE:65:DF:E0:07:5F:B2:5C:DD:3F:E6:38:F2:82
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qnpmuEPN_mXf4AdfslzdP-Y48oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:85:30:ae:41:6b:4c:21:49:25:c6:cf:ef:39:20:02:d2:d4:
         f5:46:4c:c8:0f:36:d8:69:72:6a:f7:0d:45:d7:7c:2c:29:7e:
         d9:51:ee:97:a6:07:5e:56:f7:f1:f3:5a:c5:13:79:b1:4e:a0:
         d9:3b:79:7f:1e:dc:26:86:c4:27:a6:5f:e2:da:88:eb:4e:5e:
         9f:9e:47:54:92:21:0b:3b:c5:57:3a:a5:52:86:b8:8b:c2:41:
         68:4e:76:c4:58:f4:7e:6a:fd:3d:8b:cc:ce:3d:81:18:bf:a6:
         c5:59:74:76:74:d1:0f:c2:70:91:5a:3e:26:f3:ba:c2:88:1f:
         27:3f:f1:16:cd:5f:6d:52:5e:ab:9d:5b:03:a3:11:40:e0:a4:
         da:d0:1f:d1:79:c5:f1:76:6a:11:d6:41:8f:1a:3e:90:97:31:
         ee:b4:7c:a5:bd:fa:bc:bb:74:4c:e2:0c:3f:ce:e5:fd:9e:b7:
         15:22:85:87:3d:b0:73:f8:78:85:a9:5d:20:f4:f2:bb:f6:3b:
         13:ec:28:77:5b:1d:d9:88:7d:43:94:87:79:2f:94:ee:13:7c:
         9d:62:c2:59:2e:b9:4b:ca:cf:8e:d7:2d:fe:6c:25:14:65:67:
         31:55:61:10:13:1e:2c:1f:ce:87:0e:21:6d:52:a7:72:5e:2d:
         2f:b8:48:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35dY4cZ6y5v3YWlawTEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdhNjZiODQzY2RmZTY1ZGZlMDA3NWZiMjVjZGQzZmU2MzhmMjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdFzOb24sLZBZHW2YZUhI41iiRH5
Ou4IWXx6NRenCyuiTQbrs3ug9Rg0tN97jNFcLXc1c1SwzRxXFzQh9TitLut71erX
40CzphgN8MZRVxHwD5hcbb4oE44eyAJKKC0BLaTT1cpeUZSbiz/Fk/LyrwIB+cDw
kgx+by0zitPvkTAD901pKZMFBkyH7Bm16BRjpLGq3xQBuCnJIiVwnp/N6EJXDABv
QolKy3Z3nY4PnjX6v5rdAlEBCax29mzTVqH7yBnNVTO0DzDRRUwoTVxSP6lZ+/Vh
1AgXZQjzpirCMkr9ODEWoKs6VwXg3i4pexYGDaJMYCpu+G3DMw5dzcqdwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp6ZrhDzf5l3+AHX7Jc3T/mOPKCMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcW5wbXVFUE5fbVhmNEFkZnNsemRQLVk0OG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYBpMA0G
CSqGSIb3DQEBCwUAA4IBAQAphTCuQWtMIUklxs/vOSAC0tT1RkzIDzbYaXJq9w1F
13wsKX7ZUe6XpgdeVvfx81rFE3mxTqDZO3l/HtwmhsQnpl/i2ojrTl6fnkdUkiEL
O8VXOqVShriLwkFoTnbEWPR+av09i8zOPYEYv6bFWXR2dNEPwnCRWj4m87rCiB8n
P/EWzV9tUl6rnVsDoxFA4KTa0B/RecXxdmoR1kGPGj6QlzHutHylvfq8u3RM4gw/
zuX9nrcVIoWHPbBz+HiFqV0g9PK79jsT7Ch3Wx3ZiH1DlId5L5TuE3ydYsJZLrlL
ys+O1y3+bCUUZWcxVWEQEx4sH86HDiFtUqdyXi0vuEhH
-----END CERTIFICATE-----