Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/QjRVhp40XKZmYoMAr4vbmcN-LaY.roa
File:                     QjRVhp40XKZmYoMAr4vbmcN-LaY.roa (raw, json)
Hash identifier:          drC1TH0bD4tmum1TOllEzHQy9gz0gsm5207YB4ZmHdo=
Subject key identifier:   42:34:55:86:9E:34:5C:A6:66:62:83:00:AF:8B:DB:99:C3:7E:2D:A6
Certificate issuer:       /CN=8bce4281a994d52166ef3ff17728bae218855fc4
Certificate serial:       018CC26D80BAA64C143210AE8F588AEEDF34
Authority key identifier: 8B:CE:42:81:A9:94:D5:21:66:EF:3F:F1:77:28:BA:E2:18:85:5F:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i85CgamU1SFm7z_xdyi64hiFX8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/QjRVhp40XKZmYoMAr4vbmcN-LaY.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        193.8.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/i85CgamU1SFm7z_xdyi64hiFX8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/i85CgamU1SFm7z_xdyi64hiFX8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i85CgamU1SFm7z_xdyi64hiFX8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:80:ba:a6:4c:14:32:10:ae:8f:58:8a:ee:df:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bce4281a994d52166ef3ff17728bae218855fc4
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=423455869e345ca666628300af8bdb99c37e2da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:17:f1:4f:eb:df:f9:81:0e:0e:34:08:08:1f:
                    20:4e:5f:69:5e:83:9a:05:c7:c4:9c:b9:f6:b0:32:
                    95:8f:3d:11:31:27:74:cb:57:dd:53:4c:1a:92:6a:
                    09:d4:a0:e5:46:44:23:5a:f7:87:79:ff:e0:03:c9:
                    83:b4:cc:ea:ba:0e:27:c6:f6:93:2a:2e:40:46:14:
                    b3:fb:bf:fd:fc:63:65:5c:bd:e1:ec:91:d4:ff:63:
                    b9:4e:14:c4:e3:26:46:92:d6:60:fd:40:9f:af:b5:
                    c6:a3:1b:71:ed:e1:39:fd:b7:f8:06:d3:d1:66:d4:
                    9d:f5:1b:f4:f8:5c:f7:55:d0:3f:e4:12:f2:c6:e6:
                    56:dc:5a:e6:59:66:fa:ae:fd:2e:b2:d3:29:f8:3e:
                    a4:37:38:3c:2b:72:a6:d8:0f:1e:85:0f:ae:40:40:
                    10:04:73:34:6e:f8:a2:16:7f:52:c3:2a:f3:a8:b4:
                    55:c6:54:87:aa:ac:f7:96:ed:21:f3:49:de:13:cf:
                    af:3a:a5:15:ed:36:93:fd:7a:e4:b5:fd:4b:23:01:
                    d6:ea:d6:2c:10:b5:ee:e4:d8:db:17:69:de:21:1c:
                    c5:9e:02:62:12:21:99:d2:98:1e:ab:88:53:92:7d:
                    12:71:c7:77:b3:4c:c9:32:69:e2:d2:82:b2:96:a4:
                    2d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:34:55:86:9E:34:5C:A6:66:62:83:00:AF:8B:DB:99:C3:7E:2D:A6
            X509v3 Authority Key Identifier:
                keyid:8B:CE:42:81:A9:94:D5:21:66:EF:3F:F1:77:28:BA:E2:18:85:5F:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i85CgamU1SFm7z_xdyi64hiFX8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/QjRVhp40XKZmYoMAr4vbmcN-LaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/i85CgamU1SFm7z_xdyi64hiFX8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d7:94:b3:25:19:5b:7b:19:b0:d7:3c:03:5c:84:e3:87:2d:
         be:3e:cf:b5:78:c2:8d:89:3a:7d:18:51:85:94:e8:76:8a:a0:
         4b:9f:c6:84:5b:7e:bd:f0:a8:e0:75:d1:f4:18:6c:6c:97:67:
         eb:8a:06:57:cd:4b:57:74:26:73:81:86:2a:08:f6:2a:0d:e3:
         53:fe:ea:c5:a2:0b:8c:ab:bd:2c:41:c1:c5:fb:c3:3a:c3:88:
         fa:ad:81:e4:c3:9f:cc:fb:8b:8e:24:bf:f1:c7:cc:3f:d9:22:
         cf:cc:ce:63:1a:09:72:cc:7d:2e:46:9e:0a:c5:23:64:91:4c:
         d5:0e:9a:f1:41:77:f8:72:5b:4e:89:c9:19:8c:fb:c3:35:c7:
         f9:a4:d7:aa:70:a9:f6:6e:85:4d:6c:b8:35:83:6c:05:54:d3:
         6e:75:c4:fa:5d:4b:d4:22:b7:3d:b5:72:3a:97:1f:3d:91:28:
         6e:33:86:12:7e:94:bb:c0:9d:ec:c1:64:86:78:07:b3:50:e1:
         37:69:4d:3c:d6:5f:b8:a6:76:fe:04:68:8a:ba:64:c6:96:fd:
         67:f6:ca:07:da:95:71:70:73:9f:94:2c:40:b1:ca:4d:a6:7e:
         ae:9f:a6:f8:30:f2:d4:7f:d0:0c:02:02:5c:3c:ed:4d:e5:85:
         c4:75:41:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYC6pkwUMhCuj1iK7t80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiY2U0MjgxYTk5NGQ1MjE2NmVmM2ZmMTc3MjhiYWUyMTg4
NTVmYzQwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM0NTU4NjllMzQ1Y2E2NjY2MjgzMDBhZjhiZGI5OWMzN2UyZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRfxT+vf+YEODjQICB8gTl9pXoOa
BcfEnLn2sDKVjz0RMSd0y1fdU0wakmoJ1KDlRkQjWveHef/gA8mDtMzqug4nxvaT
Ki5ARhSz+7/9/GNlXL3h7JHU/2O5ThTE4yZGktZg/UCfr7XGoxtx7eE5/bf4BtPR
ZtSd9Rv0+Fz3VdA/5BLyxuZW3FrmWWb6rv0ustMp+D6kNzg8K3Km2A8ehQ+uQEAQ
BHM0bviiFn9SwyrzqLRVxlSHqqz3lu0h80neE8+vOqUV7TaT/Xrktf1LIwHW6tYs
ELXu5NjbF2neIRzFngJiEiGZ0pgeq4hTkn0Sccd3s0zJMmni0oKylqQtmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI0VYaeNFymZmKDAK+L25nDfi2mMB8GA1UdIwQY
MBaAFIvOQoGplNUhZu8/8XcouuIYhV/EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTg1Q2dhbVUxU0ZtN3pfeGR5aTY0aGlGWDhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mZmM0NDgtOGUxOS00N2FhLTk2NjUt
YTFlMDFjNjMzNDNhLzEvUWpSVmhwNDBYS1ptWW9NQXI0dmJtY04tTGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mZmM0NDgtOGUxOS00N2FhLTk2NjUtYTFlMDFjNjMzNDNh
LzEvaTg1Q2dhbVUxU0ZtN3pfeGR5aTY0aGlGWDhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQilMA0G
CSqGSIb3DQEBCwUAA4IBAQAe15SzJRlbexmw1zwDXITjhy2+Ps+1eMKNiTp9GFGF
lOh2iqBLn8aEW3698KjgddH0GGxsl2frigZXzUtXdCZzgYYqCPYqDeNT/urFoguM
q70sQcHF+8M6w4j6rYHkw5/M+4uOJL/xx8w/2SLPzM5jGglyzH0uRp4KxSNkkUzV
DprxQXf4cltOickZjPvDNcf5pNeqcKn2boVNbLg1g2wFVNNudcT6XUvUIrc9tXI6
lx89kShuM4YSfpS7wJ3swWSGeAezUOE3aU081l+4pnb+BGiKumTGlv1n9soH2pVx
cHOflCxAscpNpn6un6b4MPLUf9AMAgJcPO1N5YXEdUHX
-----END CERTIFICATE-----