Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/wqE_qsGs5euOyhiNJXiWCOcbHkA.roa
File:                     wqE_qsGs5euOyhiNJXiWCOcbHkA.roa (raw, json)
Hash identifier:          GBUNoO8FaTB+lUnjTqxDQ1DWXSigFrKazEFoRfpeIiM=
Subject key identifier:   C2:A1:3F:AA:C1:AC:E5:EB:8E:CA:18:8D:25:78:96:08:E7:1B:1E:40
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC27B82678764DAC6076D940114CD0
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/wqE_qsGs5euOyhiNJXiWCOcbHkA.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49681
IP address blocks:        185.117.80.0/24 maxlen: 24
                          2a05:5e40:f00f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:27:b8:26:78:76:4d:ac:60:76:d9:40:11:4c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2a13faac1ace5eb8eca188d25789608e71b1e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:da:a5:8e:92:9d:3b:77:23:0a:5e:6b:fd:c6:
                    47:83:20:a9:bb:a9:26:d9:d4:bd:09:1d:c4:04:2b:
                    bb:da:c9:c5:f5:65:68:71:58:62:e3:54:76:b1:72:
                    cc:60:83:ee:ce:02:1f:01:98:f5:dc:fb:31:a4:44:
                    e9:7d:f4:47:f7:00:29:98:c2:8a:19:99:a1:6c:56:
                    e6:9c:89:94:3a:79:9c:2f:e3:24:c5:fd:74:ff:5e:
                    38:93:77:40:1e:d6:f4:f8:87:f6:f8:e8:e7:06:38:
                    50:07:3f:39:c1:fc:13:90:ea:5b:57:40:c9:92:bf:
                    c2:ea:db:ad:40:91:94:70:66:f1:8c:a2:45:c0:2f:
                    3a:07:6c:e5:ce:3b:56:e2:5d:4d:cb:6f:e3:4f:e8:
                    34:a0:3c:27:29:81:1d:41:e0:64:de:70:bf:29:8c:
                    92:64:6e:6a:5e:bd:c9:ab:d8:5f:38:7a:58:37:97:
                    b1:95:60:6a:2d:78:f9:95:7b:76:28:cf:76:94:cb:
                    9f:da:93:d8:d6:8c:ea:20:69:03:f8:1c:31:95:b2:
                    91:33:42:c7:44:fa:08:00:3a:5e:5d:b2:a6:da:f2:
                    14:46:63:23:5d:cc:37:98:9e:1b:ee:f9:db:b0:48:
                    c0:16:c5:91:25:e0:66:25:4f:89:79:d5:65:76:ce:
                    1b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A1:3F:AA:C1:AC:E5:EB:8E:CA:18:8D:25:78:96:08:E7:1B:1E:40
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/wqE_qsGs5euOyhiNJXiWCOcbHkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.80.0/24
                IPv6:
                  2a05:5e40:f00f::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:fe:4a:97:b0:c9:e5:49:b1:19:1b:89:fa:10:96:4c:cd:dc:
         66:30:75:24:88:8a:f1:26:2b:39:9a:da:79:30:4f:a0:12:9f:
         ed:ce:03:12:09:90:db:a6:a0:2c:4b:ca:9a:5f:de:9c:09:7c:
         27:bb:45:40:61:3d:d5:a8:5c:1b:9d:f3:0a:6d:dc:06:50:cc:
         1a:80:f7:b8:79:5d:52:b1:76:33:96:33:d0:d0:85:87:61:95:
         89:a1:9b:e4:d2:17:32:8f:ed:9b:af:76:ca:11:29:ae:41:f0:
         cb:ca:fd:59:b2:6a:69:14:09:6f:6d:40:3c:2b:ca:23:8a:45:
         71:3b:90:c3:e8:1c:cf:b5:f4:58:31:5e:b9:76:4e:e9:f4:f8:
         5c:5b:a6:24:36:61:68:f0:aa:db:1f:30:47:04:3c:b4:a6:b5:
         0d:db:2c:3b:46:d9:0c:e6:09:71:20:b7:1c:3b:f6:b0:98:a1:
         27:a6:47:8a:1f:e0:13:cd:5c:7d:4e:87:97:a7:a7:9f:7e:87:
         d0:92:48:22:e6:84:f1:eb:4e:ac:a5:54:d3:bb:6a:25:fd:a4:
         81:ba:a8:88:0e:c7:43:3f:08:09:4a:98:7a:ad:91:ca:45:58:
         b0:ea:51:5a:44:62:2c:5e:64:1a:cf:da:f1:16:50:95:b6:65:
         67:dd:5c:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvCe4Jnh2TaxgdtlAEUzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmExM2ZhYWMxYWNlNWViOGVjYTE4OGQyNTc4OTYwOGU3MWIxZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdqljpKdO3cjCl5r/cZHgyCpu6km
2dS9CR3EBCu72snF9WVocVhi41R2sXLMYIPuzgIfAZj13PsxpETpffRH9wApmMKK
GZmhbFbmnImUOnmcL+Mkxf10/144k3dAHtb0+If2+OjnBjhQBz85wfwTkOpbV0DJ
kr/C6tutQJGUcGbxjKJFwC86B2zlzjtW4l1Ny2/jT+g0oDwnKYEdQeBk3nC/KYyS
ZG5qXr3Jq9hfOHpYN5exlWBqLXj5lXt2KM92lMuf2pPY1ozqIGkD+BwxlbKRM0LH
RPoIADpeXbKm2vIURmMjXcw3mJ4b7vnbsEjAFsWRJeBmJU+JedVlds4bfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMKhP6rBrOXrjsoYjSV4lgjnGx5AMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvd3FFX3FzR3M1ZXVPeWhpTkpYaVdDT2NiSGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXVQMA8E
AgACMAkDBwAqBV5A8A8wDQYJKoZIhvcNAQELBQADggEBAJj+SpewyeVJsRkbifoQ
lkzN3GYwdSSIivEmKzma2nkwT6ASn+3OAxIJkNumoCxLyppf3pwJfCe7RUBhPdWo
XBud8wpt3AZQzBqA97h5XVKxdjOWM9DQhYdhlYmhm+TSFzKP7ZuvdsoRKa5B8MvK
/VmyamkUCW9tQDwryiOKRXE7kMPoHM+19FgxXrl2Tun0+FxbpiQ2YWjwqtsfMEcE
PLSmtQ3bLDtG2QzmCXEgtxw79rCYoSemR4of4BPNXH1Oh5enp59+h9CSSCLmhPHr
TqylVNO7aiX9pIG6qIgOx0M/CAlKmHqtkcpFWLDqUVpEYixeZBrP2vEWUJW2ZWfd
XDw=
-----END CERTIFICATE-----